entrouvert
/
spkitlasso
Archived
17
0
Fork 0
Code Issues Pull Requests Releases Activity
This repository has been archived on 2023-02-21. You can view files and clone it, but cannot push or open issues or pull requests.
spkitlasso/endpoints/saml2.php

166 lines
5.7 KiB
PHP
Raw Blame History

<?php
require_once("../include/lassospkit_helper.inc.php");
require_once("../include/lassospkit_dispatcher.inc.php");
require_once("../include/lassospkit_saml2.inc.php");
require_once("../include/lassospkit_metadata.inc.php");
require_once("../include/lassospkit_utils.inc.php");
require_once("../include/lassospkit_utils_session.inc.php");
require_once("../include/lassospkit_dummysession.inc.php");
require_once("../include/lassospkit_autopersistentsession.inc.php");
session_start();
function verifyReferer() {
if (isset($_SERVER['HTTP_REFERER'])) {
$host = $_SERVER['HTTP_REFERER'];
$host = strstr('//', $host);
$pos = strpos($host, '/');
if ($pos !== FALSE) {
$host = substr($host, 0, $pos);
}
if ($host && isset($_SERVER['HTTP_HOST']) && $host != $_SERVER['HTTP_HOST']) {
echo "Bad referer '$host' != '" . $_SERVER['HTTP_HOST'] . "'";
exit(1);
}
}
}
try {
dispatch(array('/login' => 'login',
'/federate' => 'federate',
'/ssoAssertionConsumer' => 'ssoAssertionConsumer',
'/slo' => 'slo',
'/sloSoap' => 'sloSoap',
'/sloRedirect' => 'sloRedirect',
'/sloResponse' => 'sloResponse',
'/defederate' => 'defederate',
'/nidManagementInit' => 'nidManagementInit',
'/nidManagementSoap' => 'nidManagementSoap',
'/nidManagementRedirect' => 'nidManagementRedirect',
'/nidManagementResponse' => 'nidManagementResponse',
'/metadata' => 'metadata'));
} catch (Exception $e) {
lassospkit_showCode($e);
lassospkit_showCode(var_export($_SESSION,1));
}
// TODO fill implementation
function finishRequest($method, $profileStr, $session, $ret) {
if ($method == LASSO_HTTP_METHOD_SOAP) {
if (! $ret) {
$session->doRedirect(LassoSPKitUtilsSession::getRelayState($profileStr));
} else {
$session->doRedirect(LassoSPKitUtilsSession::getRelayState('error'));
}
} else {
if (! $ret) {
$session->doRedirect(LassoSPKitUtilsSession::getRelayState('error'));
}
}
}
function finishResponse($profileSTR, $session, $ret) {
if (! $ret) {
$session->doRedirect(LassoSPKitUtilsSession::getRelayState($profileSTR));
} else {
$session->doRedirect(LassoSPKitUtilsSession::getRelayState('error'));
}
}
function getSession() {
$session_class = "LassoSPKit" . LassoSPKitConfig::get('session');
return new $session_class();
}
function detectMethodAssertionConsumer() {
}
function login() {
verifyReferer();
$saml2 = new LassoSPKitSAML2(new LassoSPKitDummySession());
$params = LassoSPKitUtilsSession::getParams('login');
$federate = TRUE;
if (isset($params['federate'])) {
$federate = $params['federate'];
}
$saml2->sso(FALSE, $federate);
LassoSPKitUtilsSession::setRelayState('sso',LassoSPKitUtilsSession::getRelayState('login'));
}
function federate() {
verifyReferer();
$saml2 = new LassoSPKitSAML2(new LassoSPKitDummySession());
$saml2->sso(TRUE, TRUE);
LassoSPKitUtilsSession::setRelayState('sso',LassoSPKitUtilsSession::getRelayState('federate'));
}
function ssoAssertionConsumer() {
$session = getSession();
$saml2 = new LassoSPKitSAML2($session);
if (isset($_GET)) {
$ok = $saml2->ssoConsumer(LASSO_HTTP_METHOD_ARTIFACT_GET, $_SERVER['QUERY_STRING']);
} elseif (isset($_POST)) {
$ok = $saml2->ssoConsumer(LASSO_HTTP_METHOD_ARTIFACT_POST, $_SERVER['QUERY_STRING']);
}
if ($ok) {
$session->doRedirect(LassoSPKitUtilsSession::getRelayState('sso'));
} else {
$session->doRedirect(LassoSPKitUtilsSession::getRelayState('error'));
}
}
function slo() {
$session = getSession();
$saml2 = new LassoSPKitSAML2($session);
$method = LASSO_HTTP_METHOD_REDIRECT;
$ret = $saml2->initiateSLO($method);
$headers = headers_list();
finishRequest($method, 'slo', $session, $ret);
}
function sloSoap() {
$session = getSession();
$saml2 = new LassoSPKitSAML2($session);
if ($saml2->processSOAPRequestSLO() == 0) {
lassospkit_debuglog("SLO SOAP Request handler: fatal error");
}
}
function sloRedirect() {
}
function sloResponse() {
$session = getSession();
$saml2 = new LassoSPKitSAML2($session);
$ret = $saml2->processRedirectResponseSLO();
finishResponse('slo', $session, $ret);
}
function defederate() {
$session = getSession();
$saml2 = new LassoSPKitSAML2($session);
$method = LASSO_HTTP_METHOD_REDIRECT;
$ret = $saml2->initiateFTNotification($method);
finishRequest($method, 'defederation', $session, $ret);
LassoSPKitUtilsSession::setRelayState('nidmanagement',LassoSPKitUtilsSession::getRelayState('defederation'));
}
function nidManagementInit() {
}
function nidManagementSoap() {
}
function nidManagementRedirect() {
}
// NidManagement Redirect Response
function nidManagementResponse() {
$session = getSession();
$saml2 = new LassoSPKitSAML2($session);
$method = LASSO_HTTP_METHOD_REDIRECT;
$ret = $saml2->processRedirectResponseNameIdManagement();
finishResponse('defederation', $session, $ret);
}
function metadata() {
$datadir = LassoSPKitHelper::getMetadataDir(LASSO_PROTOCOL_SAML_2_0);
$pkey = $datadir . "/" . PRIVATE_KEY;
LassoSPKitUtils::extractPublicKey($pkey, $publickey, $error);
try {
$content = LassoSPKitMetadataSAML2::generateMetadata(dirname(LassoSPKitUtils::mydir()), LassoSPKitConfig::get('organization'), $publickey);
if ($content) {
header('Content-type: text/xml');
echo $content;
}
} catch (Exception $e) {
throw $e;
}
}
View Git Blame Copy Permalink