Update of the documentation
This commit is contained in:
parent
225ace30c6
commit
57d19f94a6
35
README
35
README
|
@ -1,12 +1,18 @@
|
||||||
Lasso SPKit PHP v0.1
|
Lasso SPKit PHP v0.3
|
||||||
|
|
||||||
This library contains code to ease the usage of the PHP bindings of the lasso
|
This library contains code to ease the usage of the PHP bindings of the lasso
|
||||||
library inside a service provider, usually an existing web application where
|
library inside a service provider, usually an existing web application where
|
||||||
you wish to handle some of the profile of the Liberty Alliance or SAML 2.0
|
you wish to handle some of the profile of the Liberty Alliance or SAML 2.0
|
||||||
protocols.
|
protocols.
|
||||||
|
|
||||||
The API is procedural, minimal and easy to comprehend. Depending
|
The API is procedural, minimal and easy to understand.
|
||||||
upon the configuration
|
|
||||||
|
Depending upong the configuration there is two functionning mode:
|
||||||
|
- liberty state is reported through the function lassospkit_nameid() and
|
||||||
|
lassospkit_federation(), your application MUST persist them by its own way.
|
||||||
|
- liberty state is stored using one of the automatic storage mode, you just
|
||||||
|
have to associate a user id with the liberty state. After any liberty event
|
||||||
|
you can retrieve this user id.
|
||||||
|
|
||||||
= Description of the API =
|
= Description of the API =
|
||||||
|
|
||||||
|
@ -22,15 +28,16 @@ function lassospkit_nameid()
|
||||||
|
|
||||||
function lassospkit_set_nameid($nameid)
|
function lassospkit_set_nameid($nameid)
|
||||||
* Set the nameid that the next SAML profile should use. Use it before
|
* Set the nameid that the next SAML profile should use. Use it before
|
||||||
presenting link for defederation or single logout. It has no effect if redirecting toward SSO.
|
presenting link for defederation or single logout. It has no effect if
|
||||||
|
redirecting toward SSO.
|
||||||
|
|
||||||
function lassospkit_userid()
|
function lassospkit_userid()
|
||||||
* When automated storage of the federation is activated this parameter will
|
* When automated storage of the federation is activated this parameter will
|
||||||
contain the last userID associated with the current nameID. The association
|
contain the last userID associated with the current nameID. The association
|
||||||
is done by calling setUserID then making a successul SSO request (via a
|
is done by calling setUserID then making a successul SSO request (via a
|
||||||
redirection to lassospki_websso_redirect).
|
redirection to lassospki_websso_redirect). When automated storage is
|
||||||
When automated storage is inactivated, it always returns null and set_userid
|
inactivated, it always returns null and set_userid is ignored by the backend
|
||||||
is ignored by the backend code.
|
code.
|
||||||
|
|
||||||
function lassospkit_error()
|
function lassospkit_error()
|
||||||
* When non-null gives a human readable explaination of the last unsucessful
|
* When non-null gives a human readable explaination of the last unsucessful
|
||||||
|
@ -38,14 +45,16 @@ function lassospkit_error()
|
||||||
federate is identity in the context of an SSO request.
|
federate is identity in the context of an SSO request.
|
||||||
|
|
||||||
function lassospkit_federation()
|
function lassospkit_federation()
|
||||||
* Return an opaque blob containing informations on the federation created with an IdP
|
* Return an opaque blob containing informations on the federation created with
|
||||||
afer a succesful request. If you intend to handle yourself storage of the federation,
|
an IdP afer a succesful request. If you intend to handle yourself storage of
|
||||||
you must save this together with local user account/sessions informations and restores
|
the federation, you must save this together with local user account/sessions
|
||||||
it before any future redirection to a logout/defederation request. If you user automated
|
informations and restores it before any future redirection to a
|
||||||
persistence you can ignore it.
|
logout/defederation request. If you user automated persistence you can ignore
|
||||||
|
it.
|
||||||
|
|
||||||
function lassospkit_set_federation($federation)
|
function lassospkit_set_federation($federation)
|
||||||
* Restore the opaque blob needed to initalize SAML requests. See previous function.
|
* Restore the opaque blob needed to initalize SAML requests. See previous
|
||||||
|
function.
|
||||||
|
|
||||||
function lassospkit_websso_redirect($relay)
|
function lassospkit_websso_redirect($relay)
|
||||||
* URL to the local page intiating SSO exchanges with the IdP. Use the baseUrl
|
* URL to the local page intiating SSO exchanges with the IdP. Use the baseUrl
|
||||||
|
|
|
@ -1,3 +1,9 @@
|
||||||
|
spkitlasso (0.3.1ubuntu1-git-95065af809) jaunty; urgency=low
|
||||||
|
|
||||||
|
* Package from git development trunk.
|
||||||
|
|
||||||
|
-- Benjamin Dauvergne <bdauvergne@entrouvert.com> Tue, 03 Feb 2009 12:56:30 +0100
|
||||||
|
|
||||||
spkitlasso (0.3.1) jaunty; urgency=low
|
spkitlasso (0.3.1) jaunty; urgency=low
|
||||||
|
|
||||||
* Catch errors when building configuration
|
* Catch errors when building configuration
|
||||||
|
|
|
@ -0,0 +1 @@
|
||||||
|
../../endpoints/configure.php
|
|
@ -0,0 +1,62 @@
|
||||||
|
<?php
|
||||||
|
require_once("spkitlasso/lassospkit_helper.inc.php");
|
||||||
|
require_once("spkitlasso/lassospkit_dispatcher.inc.php");
|
||||||
|
require_once("spkitlasso/lassospkit_metadata.inc.php");
|
||||||
|
require_once("spkitlasso/lassospkit_utils.inc.php");
|
||||||
|
|
||||||
|
dispatch(array('/login' => login,
|
||||||
|
'/federate' => federate,
|
||||||
|
'/ssoAssertionConsumer' => ssoAssertionConsumer,
|
||||||
|
'/sloInit' => sloInit,
|
||||||
|
'/sloSoap' => sloSoap,
|
||||||
|
'/sloRedirect' => sloRedirect,
|
||||||
|
'/sloResponse' => sloResponse,
|
||||||
|
'/defederate' => defederate,
|
||||||
|
'/defederateReturn' => defederateReturn,
|
||||||
|
'/defederateNotification' => defederateNotification,
|
||||||
|
'/metadata' => metadata));
|
||||||
|
// TODO fill implementation
|
||||||
|
function login() {
|
||||||
|
$saml2 = new LassoSPKitLiberty(new LassoSPKitDummySession());
|
||||||
|
$params = LassoSPKitUtilsSession::getParams('login');
|
||||||
|
$federate = TRUE;
|
||||||
|
if (isset($params['federate'])) {
|
||||||
|
$federate = $params['federate'];
|
||||||
|
}
|
||||||
|
$saml2->sso(TRUE, $federate);
|
||||||
|
}
|
||||||
|
function federate() {
|
||||||
|
$saml2 = new LassoSPKitLiberty(new LassoSPKitDummySession());
|
||||||
|
$saml2->sso(TRUE, TRUE);
|
||||||
|
}
|
||||||
|
function ssoAssertionConsumer() {
|
||||||
|
}
|
||||||
|
function sloInit() {
|
||||||
|
}
|
||||||
|
function sloSoap() {
|
||||||
|
}
|
||||||
|
function sloRedirect() {
|
||||||
|
}
|
||||||
|
function sloResponse() {
|
||||||
|
}
|
||||||
|
function defederate() {
|
||||||
|
}
|
||||||
|
function defederateReturn() {
|
||||||
|
}
|
||||||
|
function defederateNotification() {
|
||||||
|
}
|
||||||
|
function metadata() {
|
||||||
|
header('Content-type: text/xml');
|
||||||
|
$datadir = LassoSPKitHelper::getMetadataDir(LASSO_PROTOCOL_LIBERTY_1_2);
|
||||||
|
$pkey = $datadir . "/" . PRIVATE_KEY;
|
||||||
|
LassoSPKitUtils::extractPublicKey($pkey, $publickey, $error);
|
||||||
|
try {
|
||||||
|
$content = LassoSPKitMetadataLiberty::generateMetadata(dirname(LassoSPKitUtils::mydir()), LassoSPKitConfig::get('organization'), $publickey);
|
||||||
|
if ($content) {
|
||||||
|
header('Content-type: text/xml');
|
||||||
|
echo $content;
|
||||||
|
}
|
||||||
|
} catch (Exception $e) {
|
||||||
|
throw $e;
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,82 @@
|
||||||
|
<?php
|
||||||
|
require_once('spkitlasso/lassospkit_saml2_endpoint.inc.php');
|
||||||
|
require_once('spkitlasso/lassospkit_public_api.inc.php');
|
||||||
|
|
||||||
|
class EndpointExemple extends LassoSPKitSaml2Endpoint {
|
||||||
|
function dispatchAndExit() {
|
||||||
|
try {
|
||||||
|
parent::dispatchAndExit();
|
||||||
|
} catch (Exception $e) {
|
||||||
|
$exceptionText = $e->__toString();
|
||||||
|
$lines = explode("\n",$exceptionText);
|
||||||
|
foreach ($lines as $line) {
|
||||||
|
error_log($line);
|
||||||
|
}
|
||||||
|
die('There was an error, shoot yourself !');
|
||||||
|
}
|
||||||
|
}
|
||||||
|
function headerHtml($title, $url) {
|
||||||
|
?>
|
||||||
|
<html>
|
||||||
|
<head>
|
||||||
|
<title><?php echo $title ?></title>
|
||||||
|
<meta http-equiv="refresh" content="5; url=<?php echo $url?>" />
|
||||||
|
</head>
|
||||||
|
<body> <?php
|
||||||
|
}
|
||||||
|
function footerHtml() {
|
||||||
|
?>
|
||||||
|
</body>
|
||||||
|
</html>
|
||||||
|
<?php
|
||||||
|
}
|
||||||
|
function handleSso($ret) {
|
||||||
|
$r = $this->relayState;
|
||||||
|
$this->headerHtml("AssertionConsumer endpoint", $r);
|
||||||
|
if ($ret == 0) {
|
||||||
|
echo "Ouais on est loggé, aller <a href='$r'>$r</a>";
|
||||||
|
} else {
|
||||||
|
echo "Une erreur lasso s'est produite de code $ret" . strError($ret);
|
||||||
|
}
|
||||||
|
return $ret;
|
||||||
|
}
|
||||||
|
function handleSlo($ret) {
|
||||||
|
$r = $this->relayState;
|
||||||
|
if ($this->currentHttpMethod == LASSO_HTTP_METHOD_GET &&
|
||||||
|
$this->currentHttpMethod == LASSO_HTTP_METHOD_POST) {
|
||||||
|
$this->headerHtml("SLO endpoint", $r);
|
||||||
|
if ($ret) {
|
||||||
|
echo "Demande de slo échoué: " . strError($ret) . "($ret)";
|
||||||
|
} else {
|
||||||
|
echo "Demande de slo réussie";
|
||||||
|
}
|
||||||
|
echo "Go to <a href='$r'>$r</a>";
|
||||||
|
$this->footerHtml();
|
||||||
|
lassospkit_clean();
|
||||||
|
} else {
|
||||||
|
# Specialized
|
||||||
|
$id = lassospkit_userid();
|
||||||
|
error_log("Trying to destroy session $id");
|
||||||
|
$session = LassoSPKitUtilsSession::getSingleton();
|
||||||
|
$session->id = $id;
|
||||||
|
$session->clean();
|
||||||
|
}
|
||||||
|
if ($ret) {
|
||||||
|
error_log("Demande de slo échoué: $ret");
|
||||||
|
} else {
|
||||||
|
error_log("Demande de slo réussie: $ret");
|
||||||
|
}
|
||||||
|
|
||||||
|
return $ret;
|
||||||
|
}
|
||||||
|
function handleNameIdManagement($ret) {
|
||||||
|
if ($ret) {
|
||||||
|
error_log('Erreur lors du nid: ' . $ret . ': ' . strError($ret));
|
||||||
|
}
|
||||||
|
return $ret;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
$endpoint = new EndpointExemple();
|
||||||
|
$endpoint->dispatchAndExit();
|
|
@ -0,0 +1,2 @@
|
||||||
|
.error { width: auto; color: red; border: 1px solid red; padding: 2px; }
|
||||||
|
pre,.code { background: #BBB; border: 1px solid black; padding: 1ex;white-space: pre; overflow: scroll }
|
|
@ -0,0 +1 @@
|
||||||
|
../include/
|
Reference in New Issue