166 lines
5.7 KiB
PHP
166 lines
5.7 KiB
PHP
<?php
|
|
require_once("../include/lassospkit_helper.inc.php");
|
|
require_once("../include/lassospkit_dispatcher.inc.php");
|
|
require_once("../include/lassospkit_saml2.inc.php");
|
|
require_once("../include/lassospkit_metadata.inc.php");
|
|
require_once("../include/lassospkit_utils.inc.php");
|
|
require_once("../include/lassospkit_utils_session.inc.php");
|
|
require_once("../include/lassospkit_dummysession.inc.php");
|
|
require_once("../include/lassospkit_autopersistentsession.inc.php");
|
|
|
|
session_start();
|
|
|
|
function verifyReferer() {
|
|
if (isset($_SERVER['HTTP_REFERER'])) {
|
|
$host = $_SERVER['HTTP_REFERER'];
|
|
$host = strstr('//', $host);
|
|
$pos = strpos($host, '/');
|
|
if ($pos !== FALSE) {
|
|
$host = substr($host, 0, $pos);
|
|
}
|
|
|
|
if ($host && isset($_SERVER['HTTP_HOST']) && $host != $_SERVER['HTTP_HOST']) {
|
|
echo "Bad referer '$host' != '" . $_SERVER['HTTP_HOST'] . "'";
|
|
exit(1);
|
|
}
|
|
}
|
|
}
|
|
|
|
try {
|
|
dispatch(array('/login' => 'login',
|
|
'/federate' => 'federate',
|
|
'/ssoAssertionConsumer' => 'ssoAssertionConsumer',
|
|
'/slo' => 'slo',
|
|
'/sloSoap' => 'sloSoap',
|
|
'/sloRedirect' => 'sloRedirect',
|
|
'/sloResponse' => 'sloResponse',
|
|
'/defederate' => 'defederate',
|
|
'/nidManagementInit' => 'nidManagementInit',
|
|
'/nidManagementSoap' => 'nidManagementSoap',
|
|
'/nidManagementRedirect' => 'nidManagementRedirect',
|
|
'/nidManagementResponse' => 'nidManagementResponse',
|
|
'/metadata' => 'metadata'));
|
|
} catch (Exception $e) {
|
|
lassospkit_showCode($e);
|
|
lassospkit_showCode(var_export($_SESSION,1));
|
|
}
|
|
// TODO fill implementation
|
|
function finishRequest($method, $profileStr, $session, $ret) {
|
|
if ($method == LASSO_HTTP_METHOD_SOAP) {
|
|
if (! $ret) {
|
|
$session->doRedirect(LassoSPKitUtilsSession::getRelayState($profileStr));
|
|
} else {
|
|
$session->doRedirect(LassoSPKitUtilsSession::getRelayState('error'));
|
|
}
|
|
} else {
|
|
if (! $ret) {
|
|
$session->doRedirect(LassoSPKitUtilsSession::getRelayState('error'));
|
|
}
|
|
}
|
|
}
|
|
function finishResponse($profileSTR, $session, $ret) {
|
|
if (! $ret) {
|
|
$session->doRedirect(LassoSPKitUtilsSession::getRelayState($profileSTR));
|
|
} else {
|
|
$session->doRedirect(LassoSPKitUtilsSession::getRelayState('error'));
|
|
}
|
|
}
|
|
function getSession() {
|
|
$session_class = "LassoSPKit" . LassoSPKitConfig::get('session');
|
|
return new $session_class();
|
|
}
|
|
function detectMethodAssertionConsumer() {
|
|
}
|
|
function login() {
|
|
verifyReferer();
|
|
$saml2 = new LassoSPKitSAML2(new LassoSPKitDummySession());
|
|
$params = LassoSPKitUtilsSession::getParams('login');
|
|
$federate = TRUE;
|
|
if (isset($params['federate'])) {
|
|
$federate = $params['federate'];
|
|
}
|
|
$saml2->sso(FALSE, $federate);
|
|
LassoSPKitUtilsSession::setRelayState('sso',LassoSPKitUtilsSession::getRelayState('login'));
|
|
}
|
|
function federate() {
|
|
verifyReferer();
|
|
$saml2 = new LassoSPKitSAML2(new LassoSPKitDummySession());
|
|
$saml2->sso(TRUE, TRUE);
|
|
LassoSPKitUtilsSession::setRelayState('sso',LassoSPKitUtilsSession::getRelayState('federate'));
|
|
}
|
|
function ssoAssertionConsumer() {
|
|
$session = getSession();
|
|
$saml2 = new LassoSPKitSAML2($session);
|
|
if (isset($_GET)) {
|
|
$ok = $saml2->ssoConsumer(LASSO_HTTP_METHOD_ARTIFACT_GET, $_SERVER['QUERY_STRING']);
|
|
} elseif (isset($_POST)) {
|
|
$ok = $saml2->ssoConsumer(LASSO_HTTP_METHOD_ARTIFACT_POST, $_SERVER['QUERY_STRING']);
|
|
}
|
|
if ($ok) {
|
|
$session->doRedirect(LassoSPKitUtilsSession::getRelayState('sso'));
|
|
} else {
|
|
$session->doRedirect(LassoSPKitUtilsSession::getRelayState('error'));
|
|
}
|
|
}
|
|
function slo() {
|
|
$session = getSession();
|
|
$saml2 = new LassoSPKitSAML2($session);
|
|
$method = LASSO_HTTP_METHOD_REDIRECT;
|
|
$ret = $saml2->initiateSLO($method);
|
|
$headers = headers_list();
|
|
finishRequest($method, 'slo', $session, $ret);
|
|
}
|
|
function sloSoap() {
|
|
$session = getSession();
|
|
$saml2 = new LassoSPKitSAML2($session);
|
|
if ($saml2->processSOAPRequestSLO() == 0) {
|
|
lassospkit_debuglog("SLO SOAP Request handler: fatal error");
|
|
}
|
|
}
|
|
function sloRedirect() {
|
|
}
|
|
function sloResponse() {
|
|
$session = getSession();
|
|
$saml2 = new LassoSPKitSAML2($session);
|
|
$ret = $saml2->processRedirectResponseSLO();
|
|
finishResponse('slo', $session, $ret);
|
|
}
|
|
function defederate() {
|
|
$session = getSession();
|
|
$saml2 = new LassoSPKitSAML2($session);
|
|
$method = LASSO_HTTP_METHOD_REDIRECT;
|
|
$ret = $saml2->initiateFTNotification($method);
|
|
finishRequest($method, 'defederation', $session, $ret);
|
|
LassoSPKitUtilsSession::setRelayState('nidmanagement',LassoSPKitUtilsSession::getRelayState('defederation'));
|
|
|
|
}
|
|
function nidManagementInit() {
|
|
}
|
|
function nidManagementSoap() {
|
|
}
|
|
function nidManagementRedirect() {
|
|
}
|
|
// NidManagement Redirect Response
|
|
function nidManagementResponse() {
|
|
$session = getSession();
|
|
$saml2 = new LassoSPKitSAML2($session);
|
|
$method = LASSO_HTTP_METHOD_REDIRECT;
|
|
$ret = $saml2->processRedirectResponseNameIdManagement();
|
|
finishResponse('defederation', $session, $ret);
|
|
}
|
|
function metadata() {
|
|
$datadir = LassoSPKitHelper::getMetadataDir(LASSO_PROTOCOL_SAML_2_0);
|
|
$pkey = $datadir . "/" . PRIVATE_KEY;
|
|
LassoSPKitUtils::extractPublicKey($pkey, $publickey, $error);
|
|
try {
|
|
$content = LassoSPKitMetadataSAML2::generateMetadata(dirname(LassoSPKitUtils::mydir()), LassoSPKitConfig::get('organization'), $publickey);
|
|
if ($content) {
|
|
header('Content-type: text/xml');
|
|
echo $content;
|
|
}
|
|
} catch (Exception $e) {
|
|
throw $e;
|
|
}
|
|
}
|
|
|