entrouvert
/
montpellier
Archived
17
0
Fork 0
Code Issues Pull Requests Releases Activity

Initial import : add module mon_agglo_exportjson and simplesamlphp_auth

This commit is contained in:
Jérôme Schneider 2013-03-22 12:18:45 +01:00
commit 94818a30e1
13 changed files with 2685 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
drupal/mon_agglo_exportjson/mon_agglo_exportjson.info Normal file
View File

@ -0,0 +1,6 @@
name = Export data into json
description = Gére l'export des newsletters en json
package = entrouvert
version = 7.x-1.0dev
core = 7.x

13
drupal/mon_agglo_exportjson/mon_agglo_exportjson.install Normal file
View File

@ -0,0 +1,13 @@
<?php
/**
* Implements hook_install().
*/
function mon_agglo_exportjson_install() {
}
/**
* Implements hook_uninstall().
*/
function mon_agglo_exportjson_uninstall() {
}

60
drupal/mon_agglo_exportjson/mon_agglo_exportjson.module Normal file
View File

@ -0,0 +1,60 @@
<?php
/* Implement hook_menu() */
function mon_agglo_exportjson_menu() {
$items['json/newsletters'] = array(
'page callback' => 'newsletter_export_view',
'access callback' => TRUE,
'access arguments' => array('Export json des newsletters'),
);
return $items;
}
function _get_newsletters($user) {
$allowedNewsletters = array("372","373","374","375","376","377");
$hashAlgo = 'sha1';
$hashSalt = 'mykey';
$form = array();
$paramsArray = array(
'action' => 'read',
'email' => $user->mail,
'hash' => hash($hashAlgo, $hashSalt.$user->mail)
);
$results = _mon_agglo_cron_do_post('https://emailingeco.montpellier-agglo.com/ws/index.php', $paramsArray, 'http://preview-preprod.montpellier-agglo.com');
if(strpos($results['header'], 'HTTP/1.1 200 OK') !== FALSE)
{
$content = json_decode($results['content']);
$newsletters = array();
foreach ($content->newsletter as $id => $name) {
if (in_array($id, $allowedNewsletters))
{
if (in_array($id, $content->subscriptions))
$newsletters[$name] = True;
else
$newsletters[$name] = False;
}
}
$content = array('uid' => $user->uid, 'newsletters' => $newsletters);
return $content;
}
}
function newsletter_export_view() {
if (!array_key_exists('nameid', $_GET))
return drupal_json_output(array("error" => "You must set param nameid"));
$nameid = $_GET['nameid'];
$ext_user = user_external_load($nameid);
if (!$ext_user)
return drupal_json_output(array("error" => "$nameid user not found"));
return drupal_json_output(_get_newsletters($ext_user));
}

5
drupal/mon_agglo_exportjson/templates/news_lists.tpl.php Normal file
View File

@ -0,0 +1,5 @@
<div style="margin:20px;">
<?php echo $form; ?>
</div>

339
drupal/simplesamlphp_auth/LICENSE.txt Normal file
View File

@ -0,0 +1,339 @@
GNU GENERAL PUBLIC LICENSE
Version 2, June 1991
Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
Preamble
The licenses for most software are designed to take away your
freedom to share and change it. By contrast, the GNU General Public
License is intended to guarantee your freedom to share and change free
software--to make sure the software is free for all its users. This
General Public License applies to most of the Free Software
Foundation's software and to any other program whose authors commit to
using it. (Some other Free Software Foundation software is covered by
the GNU Lesser General Public License instead.) You can apply it to
your programs, too.
When we speak of free software, we are referring to freedom, not
price. Our General Public Licenses are designed to make sure that you
have the freedom to distribute copies of free software (and charge for
this service if you wish), that you receive source code or can get it
if you want it, that you can change the software or use pieces of it
in new free programs; and that you know you can do these things.
To protect your rights, we need to make restrictions that forbid
anyone to deny you these rights or to ask you to surrender the rights.
These restrictions translate to certain responsibilities for you if you
distribute copies of the software, or if you modify it.
For example, if you distribute copies of such a program, whether
gratis or for a fee, you must give the recipients all the rights that
you have. You must make sure that they, too, receive or can get the
source code. And you must show them these terms so they know their
rights.
We protect your rights with two steps: (1) copyright the software, and
(2) offer you this license which gives you legal permission to copy,
distribute and/or modify the software.
Also, for each author's protection and ours, we want to make certain
that everyone understands that there is no warranty for this free
software. If the software is modified by someone else and passed on, we
want its recipients to know that what they have is not the original, so
that any problems introduced by others will not reflect on the original
authors' reputations.
Finally, any free program is threatened constantly by software
patents. We wish to avoid the danger that redistributors of a free
program will individually obtain patent licenses, in effect making the
program proprietary. To prevent this, we have made it clear that any
patent must be licensed for everyone's free use or not licensed at all.
The precise terms and conditions for copying, distribution and
modification follow.
GNU GENERAL PUBLIC LICENSE
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
0. This License applies to any program or other work which contains
a notice placed by the copyright holder saying it may be distributed
under the terms of this General Public License. The "Program", below,
refers to any such program or work, and a "work based on the Program"
means either the Program or any derivative work under copyright law:
that is to say, a work containing the Program or a portion of it,
either verbatim or with modifications and/or translated into another
language. (Hereinafter, translation is included without limitation in
the term "modification".) Each licensee is addressed as "you".
Activities other than copying, distribution and modification are not
covered by this License; they are outside its scope. The act of
running the Program is not restricted, and the output from the Program
is covered only if its contents constitute a work based on the
Program (independent of having been made by running the Program).
Whether that is true depends on what the Program does.
1. You may copy and distribute verbatim copies of the Program's
source code as you receive it, in any medium, provided that you
conspicuously and appropriately publish on each copy an appropriate
copyright notice and disclaimer of warranty; keep intact all the
notices that refer to this License and to the absence of any warranty;
and give any other recipients of the Program a copy of this License
along with the Program.
You may charge a fee for the physical act of transferring a copy, and
you may at your option offer warranty protection in exchange for a fee.
2. You may modify your copy or copies of the Program or any portion
of it, thus forming a work based on the Program, and copy and
distribute such modifications or work under the terms of Section 1
above, provided that you also meet all of these conditions:
a) You must cause the modified files to carry prominent notices
stating that you changed the files and the date of any change.
b) You must cause any work that you distribute or publish, that in
whole or in part contains or is derived from the Program or any
part thereof, to be licensed as a whole at no charge to all third
parties under the terms of this License.
c) If the modified program normally reads commands interactively
when run, you must cause it, when started running for such
interactive use in the most ordinary way, to print or display an
announcement including an appropriate copyright notice and a
notice that there is no warranty (or else, saying that you provide
a warranty) and that users may redistribute the program under
these conditions, and telling the user how to view a copy of this
License. (Exception: if the Program itself is interactive but
does not normally print such an announcement, your work based on
the Program is not required to print an announcement.)
These requirements apply to the modified work as a whole. If
identifiable sections of that work are not derived from the Program,
and can be reasonably considered independent and separate works in
themselves, then this License, and its terms, do not apply to those
sections when you distribute them as separate works. But when you
distribute the same sections as part of a whole which is a work based
on the Program, the distribution of the whole must be on the terms of
this License, whose permissions for other licensees extend to the
entire whole, and thus to each and every part regardless of who wrote it.
Thus, it is not the intent of this section to claim rights or contest
your rights to work written entirely by you; rather, the intent is to
exercise the right to control the distribution of derivative or
collective works based on the Program.
In addition, mere aggregation of another work not based on the Program
with the Program (or with a work based on the Program) on a volume of
a storage or distribution medium does not bring the other work under
the scope of this License.
3. You may copy and distribute the Program (or a work based on it,
under Section 2) in object code or executable form under the terms of
Sections 1 and 2 above provided that you also do one of the following:
a) Accompany it with the complete corresponding machine-readable
source code, which must be distributed under the terms of Sections
1 and 2 above on a medium customarily used for software interchange; or,
b) Accompany it with a written offer, valid for at least three
years, to give any third party, for a charge no more than your
cost of physically performing source distribution, a complete
machine-readable copy of the corresponding source code, to be
distributed under the terms of Sections 1 and 2 above on a medium
customarily used for software interchange; or,
c) Accompany it with the information you received as to the offer
to distribute corresponding source code. (This alternative is
allowed only for noncommercial distribution and only if you
received the program in object code or executable form with such
an offer, in accord with Subsection b above.)
The source code for a work means the preferred form of the work for
making modifications to it. For an executable work, complete source
code means all the source code for all modules it contains, plus any
associated interface definition files, plus the scripts used to
control compilation and installation of the executable. However, as a
special exception, the source code distributed need not include
anything that is normally distributed (in either source or binary
form) with the major components (compiler, kernel, and so on) of the
operating system on which the executable runs, unless that component
itself accompanies the executable.
If distribution of executable or object code is made by offering
access to copy from a designated place, then offering equivalent
access to copy the source code from the same place counts as
distribution of the source code, even though third parties are not
compelled to copy the source along with the object code.
4. You may not copy, modify, sublicense, or distribute the Program
except as expressly provided under this License. Any attempt
otherwise to copy, modify, sublicense or distribute the Program is
void, and will automatically terminate your rights under this License.
However, parties who have received copies, or rights, from you under
this License will not have their licenses terminated so long as such
parties remain in full compliance.
5. You are not required to accept this License, since you have not
signed it. However, nothing else grants you permission to modify or
distribute the Program or its derivative works. These actions are
prohibited by law if you do not accept this License. Therefore, by
modifying or distributing the Program (or any work based on the
Program), you indicate your acceptance of this License to do so, and
all its terms and conditions for copying, distributing or modifying
the Program or works based on it.
6. Each time you redistribute the Program (or any work based on the
Program), the recipient automatically receives a license from the
original licensor to copy, distribute or modify the Program subject to
these terms and conditions. You may not impose any further
restrictions on the recipients' exercise of the rights granted herein.
You are not responsible for enforcing compliance by third parties to
this License.
7. If, as a consequence of a court judgment or allegation of patent
infringement or for any other reason (not limited to patent issues),
conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not
excuse you from the conditions of this License. If you cannot
distribute so as to satisfy simultaneously your obligations under this
License and any other pertinent obligations, then as a consequence you
may not distribute the Program at all. For example, if a patent
license would not permit royalty-free redistribution of the Program by
all those who receive copies directly or indirectly through you, then
the only way you could satisfy both it and this License would be to
refrain entirely from distribution of the Program.
If any portion of this section is held invalid or unenforceable under
any particular circumstance, the balance of the section is intended to
apply and the section as a whole is intended to apply in other
circumstances.
It is not the purpose of this section to induce you to infringe any
patents or other property right claims or to contest validity of any
such claims; this section has the sole purpose of protecting the
integrity of the free software distribution system, which is
implemented by public license practices. Many people have made
generous contributions to the wide range of software distributed
through that system in reliance on consistent application of that
system; it is up to the author/donor to decide if he or she is willing
to distribute software through any other system and a licensee cannot
impose that choice.
This section is intended to make thoroughly clear what is believed to
be a consequence of the rest of this License.
8. If the distribution and/or use of the Program is restricted in
certain countries either by patents or by copyrighted interfaces, the
original copyright holder who places the Program under this License
may add an explicit geographical distribution limitation excluding
those countries, so that distribution is permitted only in or among
countries not thus excluded. In such case, this License incorporates
the limitation as if written in the body of this License.
9. The Free Software Foundation may publish revised and/or new versions
of the General Public License from time to time. Such new versions will
be similar in spirit to the present version, but may differ in detail to
address new problems or concerns.
Each version is given a distinguishing version number. If the Program
specifies a version number of this License which applies to it and "any
later version", you have the option of following the terms and conditions
either of that version or of any later version published by the Free
Software Foundation. If the Program does not specify a version number of
this License, you may choose any version ever published by the Free Software
Foundation.
10. If you wish to incorporate parts of the Program into other free
programs whose distribution conditions are different, write to the author
to ask for permission. For software which is copyrighted by the Free
Software Foundation, write to the Free Software Foundation; we sometimes
make exceptions for this. Our decision will be guided by the two goals
of preserving the free status of all derivatives of our free software and
of promoting the sharing and reuse of software generally.
NO WARRANTY
11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
REPAIR OR CORRECTION.
12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES.
END OF TERMS AND CONDITIONS
How to Apply These Terms to Your New Programs
If you develop a new program, and you want it to be of the greatest
possible use to the public, the best way to achieve this is to make it
free software which everyone can redistribute and change under these terms.
To do so, attach the following notices to the program. It is safest
to attach them to the start of each source file to most effectively
convey the exclusion of warranty; and each file should have at least
the "copyright" line and a pointer to where the full notice is found.
<one line to give the program's name and a brief idea of what it does.>
Copyright (C) <year> <name of author>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
Also add information on how to contact you by electronic and paper mail.
If the program is interactive, make it output a short notice like this
when it starts in an interactive mode:
Gnomovision version 69, Copyright (C) year name of author
Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
This is free software, and you are welcome to redistribute it
under certain conditions; type `show c' for details.
The hypothetical commands `show w' and `show c' should show the appropriate
parts of the General Public License. Of course, the commands you use may
be called something other than `show w' and `show c'; they could even be
mouse-clicks or menu items--whatever suits your program.
You should also get your employer (if you work as a programmer) or your
school, if any, to sign a "copyright disclaimer" for the program, if
necessary. Here is a sample; alter the names:
Yoyodyne, Inc., hereby disclaims all copyright interest in the program
`Gnomovision' (which makes passes at compilers) written by James Hacker.
<signature of Ty Coon>, 1 April 1989
Ty Coon, President of Vice
This General Public License does not permit incorporating your program into
proprietary programs. If your program is a subroutine library, you may
consider it more useful to permit linking proprietary applications with the
library. If this is what you want to do, use the GNU Lesser General
Public License instead of this License.

56
drupal/simplesamlphp_auth/README.txt Normal file
View File

@ -0,0 +1,56 @@
-- SUMMARY --
The simplesamlphp_auth module makes it possible for Drupal to support SAML for
authentication of users. The module will auto-provision user accounts into
Drupal if you want it to. It can also dynamically assign Drupal roles based on
identity attribute values.
-- PREREQUISITES --
1) You must have SimpleSAMLphp installed and configured as a working service
point (SP) as the module uses your local SimpleSAMLphp SP for the SAML
support. For more information on installing and configuring SimpleSAMLphp as
an SP visit: http://www.simplesamlphp.org.
IMPORTANT: Your SP must be configured to use something other than phpsession
for session storage (in config/config.php set store.type => 'memcache' or 'sql').
To use memcache session handling you must have memcached installed on your
server and PHP must have the memcache extension. For more information on
installing the memcache extension for PHP visit:
http://www.php.net/manual/en/memcache.installation.php
If you are on a shared host or a machine that you cannot install memcache on
then consider using the sql handler (store.type => 'sql').
-- INSTALLATION --
Assuming the prerequisites have been met, installation of this module is just like any other Drupal module.
1) Download the module
2) Uncompress it
3) Move it to the appropriate modules directory (usually, sites/all/modules)
4) Go to the Drupal module administration page for your site
5) Enable the module
6) Configure the module (see below)
-- CONFIGURATION --
The configuration of the module is fairly straight forward. You will need to
know the names of the attributes that your SP will be making available to the
module in order to map them into Drupal.
-- TROUBLESHOOTING --
The most common reason for things not working is the SP session storage type
is still set to phpsession.
-- CONTACT --
Current Maintainers
* Steve Moitozo (geekwisdom) http://drupal.org/user/1662

334
drupal/simplesamlphp_auth/simplesamlphp/config/authsources.php Normal file
View File

@ -0,0 +1,334 @@
<?php
$config = array(
// This is a authentication source which handles admin authentication.
'admin' => array(
// The default is to use core:AdminPassword, but it can be replaced with
// any authentication source.
'core:AdminPassword',
),
// An authentication source which can authenticate against both SAML 2.0
// and Shibboleth 1.3 IdPs.
'default-sp' => array(
'saml:SP',
// The entity ID of this SP.
// Can be NULL/unset, in which case an entity ID is generated based on the metadata URL.
'entityID' => NULL,
// The entity ID of the IdP this should SP should contact.
// Can be NULL/unset, in which case the user will be shown a list of available IdPs.
'idp' => 'http://idp-montpellier.entrouvert.org/idp/saml2/metadata',
// The URL to the discovery service.
// Can be NULL/unset, in which case a builtin discovery service will be used.
'discoURL' => NULL,
'NameIDFormat' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent',
),
/*
'example-sql' => array(
'sqlauth:SQL',
'dsn' => 'pgsql:host=sql.example.org;port=5432;dbname=simplesaml',
'username' => 'simplesaml',
'password' => 'secretpassword',
'query' => 'SELECT "username", "name", "email" FROM "users" WHERE "username" = :username AND "password" = :password',
),
*/
/*
'example-static' => array(
'exampleauth:Static',
'uid' => array('testuser'),
'eduPersonAffiliation' => array('member', 'employee'),
'cn' => array('Test User'),
),
*/
/*
'example-userpass' => array(
'exampleauth:UserPass',
'student:studentpass' => array(
'uid' => array('test'),
'eduPersonAffiliation' => array('member', 'student'),
),
'employee:employeepass' => array(
'uid' => array('employee'),
'eduPersonAffiliation' => array('member', 'employee'),
),
),
*/
/*
'crypto-hash' => array(
'authcrypt:Hash',
// hashed version of 'verysecret', made with bin/pwgen.php
'professor:{SSHA256}P6FDTEEIY2EnER9a6P2GwHhI5JDrwBgjQ913oVQjBngmCtrNBUMowA==' => array(
'uid' => array('prof_a'),
'eduPersonAffiliation' => array('member', 'employee', 'board'),
),
),
*/
/*
'htpasswd' => array(
'authcrypt:Htpasswd',
'htpasswd_file' => '/var/www/foo.edu/legacy_app/.htpasswd',
'static_attributes' => array(
'eduPersonAffiliation' => array('member', 'employee'),
'Organization' => array('University of Foo'),
),
),
*/
/*
// This authentication source serves as an example of integration with an
// external authentication engine. Take a look at the comment in the beginning
// of modules/exampleauth/lib/Auth/Source/External.php for a description of
// how to adjust it to your own site.
'example-external' => array(
'exampleauth:External',
),
*/
/*
'yubikey' => array(
'authYubiKey:YubiKey',
'id' => '000',
// 'key' => '012345678',
),
*/
/*
'openid' => array(
'openid:OpenIDConsumer',
'attributes.required' => array('nickname'),
'attributes.optional' => array('fullname', 'email',),
// 'sreg.validate' => FALSE,
'attributes.ax_required' => array('http://axschema.org/namePerson/friendly'),
'attributes.ax_optional' => array('http://axschema.org/namePerson','http://axschema.org/contact/email'),
// Prefer HTTP redirect over POST
// 'prefer_http_redirect' => FALSE,
),
*/
/*
// Example of an authsource that authenticates against Google.
// See: http://code.google.com/apis/accounts/docs/OpenID.html
'google' => array(
'openid:OpenIDConsumer',
// Googles OpenID endpoint.
'target' => 'https://www.google.com/accounts/o8/id',
// Custom realm
// 'realm' => 'http://*.example.org',
// Attributes that google can supply.
'attributes.ax_required' => array(
//'http://axschema.org/namePerson/first',
//'http://axschema.org/namePerson/last',
//'http://axschema.org/contact/email',
//'http://axschema.org/contact/country/home',
//'http://axschema.org/pref/language',
),
// custom extension arguments
'extension.args' => array(
//'http://specs.openid.net/extensions/ui/1.0' => array(
// 'mode' => 'popup',
// 'icon' => 'true',
//),
),
),
*/
/*
'papi' => array(
'authpapi:PAPI',
),
*/
/*
'facebook' => array(
'authfacebook:Facebook',
// Register your Facebook application on http://www.facebook.com/developers
// App ID or API key (requests with App ID should be faster; https://github.com/facebook/php-sdk/issues/214)
'api_key' => 'xxxxxxxxxxxxxxxx',
// App Secret
'secret' => 'xxxxxxxxxxxxxxxx',
// which additional data permissions to request from user
// see http://developers.facebook.com/docs/authentication/permissions/ for the full list
// 'req_perms' => 'email,user_birthday',
),
*/
/*
// LinkedIn OAuth Authentication API.
// Register your application to get an API key here:
// https://www.linkedin.com/secure/developer
'linkedin' => array(
'authlinkedin:LinkedIn',
'key' => 'xxxxxxxxxxxxxxxx',
'secret' => 'xxxxxxxxxxxxxxxx',
),
*/
/*
// Twitter OAuth Authentication API.
// Register your application to get an API key here:
// http://twitter.com/oauth_clients
'twitter' => array(
'authtwitter:Twitter',
'key' => 'xxxxxxxxxxxxxxxx',
'secret' => 'xxxxxxxxxxxxxxxx',
),
*/
/*
// MySpace OAuth Authentication API.
// Register your application to get an API key here:
// http://developer.myspace.com/
'myspace' => array(
'authmyspace:MySpace',
'key' => 'xxxxxxxxxxxxxxxx',
'secret' => 'xxxxxxxxxxxxxxxx',
),
*/
/*
// Windows Live ID Authentication API.
// Register your application to get an API key here:
// https://manage.dev.live.com
'windowslive' => array(
'authwindowslive:LiveID',
'key' => 'xxxxxxxxxxxxxxxx',
'secret' => 'xxxxxxxxxxxxxxxx',
),
*/
/*
// Example of a LDAP authentication source.
'example-ldap' => array(
'ldap:LDAP',
// The hostname of the LDAP server.
'hostname' => 'ldap.example.org',
// Whether SSL/TLS should be used when contacting the LDAP server.
'enable_tls' => FALSE,
// Whether debug output from the LDAP library should be enabled.
// Default is FALSE.
'debug' => FALSE,
// The timeout for accessing the LDAP server, in seconds.
// The default is 0, which means no timeout.
'timeout' => 0,
// Which attributes should be retrieved from the LDAP server.
// This can be an array of attribute names, or NULL, in which case
// all attributes are fetched.
'attributes' => NULL,
// The pattern which should be used to create the users DN given the username.
// %username% in this pattern will be replaced with the users username.
//
// This option is not used if the search.enable option is set to TRUE.
'dnpattern' => 'uid=%username%,ou=people,dc=example,dc=org',
// As an alternative to specifying a pattern for the users DN, it is possible to
// search for the username in a set of attributes. This is enabled by this option.
'search.enable' => FALSE,
// The DN which will be used as a base for the search.
// This can be a single string, in which case only that DN is searched, or an
// array of strings, in which case they will be searched in the order given.
'search.base' => 'ou=people,dc=example,dc=org',
// The attribute(s) the username should match against.
//
// This is an array with one or more attribute names. Any of the attributes in
// the array may match the value the username.
'search.attributes' => array('uid', 'mail'),
// The username & password the simpleSAMLphp should bind to before searching. If
// this is left as NULL, no bind will be performed before searching.
'search.username' => NULL,
'search.password' => NULL,
// If the directory uses privilege separation,
// the authenticated user may not be able to retrieve
// all required attribures, a privileged entity is required
// to get them. This is enabled with this option.
'priv.read' => FALSE,
// The DN & password the simpleSAMLphp should bind to before
// retrieving attributes. These options are required if
// 'priv.read' is set to TRUE.
'priv.username' => NULL,
'priv.password' => NULL,
),
*/
/*
// Example of an LDAPMulti authentication source.
'example-ldapmulti' => array(
'ldap:LDAPMulti',
// The way the organization as part of the username should be handled.
// Three possible values:
// - 'none': No handling of the organization. Allows '@' to be part
// of the username.
// - 'allow': Will allow users to type 'username@organization'.
// - 'force': Force users to type 'username@organization'. The dropdown
// list will be hidden.
//
// The default is 'none'.
'username_organization_method' => 'none',
// Whether the organization should be included as part of the username
// when authenticating. If this is set to TRUE, the username will be on
// the form <username>@<organization identifier>. If this is FALSE, the
// username will be used as the user enters it.
//
// The default is FALSE.
'include_organization_in_username' => FALSE,
// A list of available LDAP servers.
//
// The index is an identifier for the organization/group. When
// 'username_organization_method' is set to something other than 'none',
// the organization-part of the username is matched against the index.
//
// The value of each element is an array in the same format as an LDAP
// authentication source.
'employees' => array(
// A short name/description for this group. Will be shown in a dropdown list
// when the user logs on.
//
// This option can be a string or an array with language => text mappings.
'description' => 'Employees',
// The rest of the options are the same as those available for
// the LDAP authentication source.
'hostname' => 'ldap.employees.example.org',
'dnpattern' => 'uid=%username%,ou=employees,dc=example,dc=org',
),
'students' => array(
'description' => 'Students',
'hostname' => 'ldap.students.example.org',
'dnpattern' => 'uid=%username%,ou=students,dc=example,dc=org',
),
),
*/
);

650
drupal/simplesamlphp_auth/simplesamlphp/config/config.php Normal file
View File

@ -0,0 +1,650 @@
<?php
/*
* The configuration of simpleSAMLphp
*
* $Id: config.php 3082 2012-05-03 11:53:56Z comel.ah $
*/
$config = array (
/**
* Setup the following parameters to match the directory of your installation.
* See the user manual for more details.
*
* Valid format for baseurlpath is:
* [(http|https)://(hostname|fqdn)[:port]]/[path/to/simplesaml/]
* (note that it must end with a '/')
*
* The full url format is useful if your simpleSAMLphp setup is hosted behind
* a reverse proxy. In that case you can specify the external url here.
*
* Please note that simpleSAMLphp will then redirect all queries to the
* external url, no matter where you come from (direct access or via the
* reverse proxy).
*/
'attributenamemapdir' => 'attributemap/',
'baseurlpath' => 'simplesamlphp/',
'certdir' => 'cert/',
'loggingdir' => 'log/',
'datadir' => 'data/',
/*
* A directory where simpleSAMLphp can save temporary files.
*
* SimpleSAMLphp will attempt to create this directory if it doesn't exist.
*/
'tempdir' => '/tmp/simplesaml',
/*
* If you enable this option, simpleSAMLphp will log all sent and received messages
* to the log file.
*
* This option also enables logging of the messages that are encrypted and decrypted.
*
* Note: The messages are logged with the DEBUG log level, so you also need to set
* the 'logging.level' option to LOG_DEBUG.
*/
'debug' => FALSE,
'showerrors' => TRUE,
/**
* Custom error show function called from SimpleSAML_Error_Error::show.
* See docs/simplesamlphp-errorhandling.txt for function code example.
*
* Example:
* 'errors.show_function' => array('sspmod_example_Error_Show', 'show'),
*/
/**
* This option allows you to enable validation of XML data against its
* schemas. A warning will be written to the log if validation fails.
*/
'debug.validatexml' => FALSE,
/**
* This password must be kept secret, and modified from the default value 123.
* This password will give access to the installation page of simpleSAMLphp with
* metadata listing and diagnostics pages.
* You can also put a hash here; run "bin/pwgen.php" to generate one.
*/
// Debian: this password is in /var/lib/simplesamlphp/secrets.inc.php
//'auth.adminpassword' => '123',
'admin.protectindexpage' => false,
'admin.protectmetadata' => false,
/**
* This is a secret salt used by simpleSAMLphp when it needs to generate a secure hash
* of a value. It must be changed from its default value to a secret value. The value of
* 'secretsalt' can be any valid string of any length.
*
* A possible way to generate a random salt is by running the following command from a unix shell:
* tr -c -d '0123456789abcdefghijklmnopqrstuvwxyz' </dev/urandom | dd bs=32 count=1 2>/dev/null;echo
*/
// Debian: this secret is in /var/lib/simplesamlphp/secrets.inc.php
//'secretsalt' => 'defaultsecretsalt',
/*
* Some information about the technical persons running this installation.
* The email address will be used as the recipient address for error reports, and
* also as the technical contact in generated metadata.
*/
'technicalcontact_name' => 'Administrator',
'technicalcontact_email' => 'na@example.org',
/*
* The timezone of the server. This option should be set to the timezone you want
* simpleSAMLphp to report the time in. The default is to guess the timezone based
* on your system timezone.
*
* See this page for a list of valid timezones: http://php.net/manual/en/timezones.php
*/
'timezone' => NULL,
/*
* Logging.
*
* define the minimum log level to log
* SimpleSAML_Logger::ERR No statistics, only errors
* SimpleSAML_Logger::WARNING No statistics, only warnings/errors
* SimpleSAML_Logger::NOTICE Statistics and errors
* SimpleSAML_Logger::INFO Verbose logs
* SimpleSAML_Logger::DEBUG Full debug logs - not reccomended for production
*
* Choose logging handler.
*
* Options: [syslog,file,errorlog]
*
*/
'logging.level' => SimpleSAML_Logger::NOTICE,
'logging.handler' => 'syslog',
/*
* Choose which facility should be used when logging with syslog.
*
* These can be used for filtering the syslog output from simpleSAMLphp into its
* own file by configuring the syslog daemon.
*
* See the documentation for openlog (http://php.net/manual/en/function.openlog.php) for available
* facilities. Note that only LOG_USER is valid on windows.
*
* The default is to use LOG_LOCAL5 if available, and fall back to LOG_USER if not.
*/
'logging.facility' => defined('LOG_LOCAL5') ? constant('LOG_LOCAL5') : LOG_USER,
/*
* The process name that should be used when logging to syslog.
* The value is also written out by the other logging handlers.
*/
'logging.processname' => 'simplesamlphp',
/* Logging: file - Logfilename in the loggingdir from above.
*/
'logging.logfile' => 'simplesamlphp.log',
/* (New) statistics output configuration.
*
* This is an array of outputs. Each output has at least a 'class' option, which
* selects the output.
*/
'statistics.out' => array(
// Log statistics to the normal log.
/*
array(
'class' => 'core:Log',
'level' => 'notice',
),
*/
// Log statistics to files in a directory. One file per day.
/*
array(
'class' => 'core:File',
'directory' => '/var/log/stats',
),
*/
),
/*
* Enable
*
* Which functionality in simpleSAMLphp do you want to enable. Normally you would enable only
* one of the functionalities below, but in some cases you could run multiple functionalities.
* In example when you are setting up a federation bridge.
*/
'enable.saml20-idp' => false,
'enable.shib13-idp' => false,
'enable.adfs-idp' => false,
'enable.wsfed-sp' => false,
'enable.authmemcookie' => false,
/*
* This value is the duration of the session in seconds. Make sure that the time duration of
* cookies both at the SP and the IdP exceeds this duration.
*/
'session.duration' => 8 * (60*60), // 8 hours.
'session.requestcache' => 4 * (60*60), // 4 hours
/*
* Sets the duration, in seconds, data should be stored in the datastore. As the datastore is used for
* login and logout requests, thid option will control the maximum time these operations can take.
* The default is 4 hours (4*60*60) seconds, which should be more than enough for these operations.
*/
'session.datastore.timeout' => (4*60*60), // 4 hours
/*
* Sets the duration, in seconds, auth state should be stored.
*/
'session.state.timeout' => (60*60), // 1 hour
/*
* Option to override the default settings for the session cookie name
*/
'session.cookie.name' => 'SimpleSAMLSessionID',
/*
* Expiration time for the session cookie, in seconds.
*
* Defaults to 0, which means that the cookie expires when the browser is closed.
*
* Example:
* 'session.cookie.lifetime' => 30*60,
*/
'session.cookie.lifetime' => 0,
/*
* Limit the path of the cookies.
*
* Can be used to limit the path of the cookies to a specific subdirectory.
*
* Example:
* 'session.cookie.path' => '/simplesaml/',
*/
'session.cookie.path' => '/',
/*
* Cookie domain.
*
* Can be used to make the session cookie available to several domains.
*
* Example:
* 'session.cookie.domain' => '.example.org',
*/
'session.cookie.domain' => NULL,
/*
* Set the secure flag in the cookie.
*
* Set this to TRUE if the user only accesses your service
* through https. If the user can access the service through
* both http and https, this must be set to FALSE.
*/
'session.cookie.secure' => FALSE,
/*
* When set to FALSE fallback to transient session on session initialization
* failure, throw exception otherwise.
*/
'session.disable_fallback' => FALSE,
/*
* Enable secure POST from HTTPS to HTTP.
*
* If you have some SP's on HTTP and IdP is normally on HTTPS, this option
* enables secure POSTing to HTTP endpoint without warning from browser.
*
* For this to work, module.php/core/postredirect.php must be accessible
* also via HTTP on IdP, e.g. if your IdP is on
* https://idp.example.org/ssp/, then
* http://idp.example.org/ssp/module.php/core/postredirect.php must be accessible.
*/
'enable.http_post' => FALSE,
/*
* Options to override the default settings for php sessions.
*/
'session.phpsession.cookiename' => null,
'session.phpsession.savepath' => null,
'session.phpsession.httponly' => FALSE,
/*
* Option to override the default settings for the auth token cookie
*/
'session.authtoken.cookiename' => 'SimpleSAMLAuthToken',
/*
* Languages available, RTL languages, and what language is default
*/
'language.available' => array('en', 'no', 'nn', 'se', 'da', 'de', 'sv', 'fi', 'es', 'fr', 'it', 'nl', 'lb', 'cs', 'sl', 'lt', 'hr', 'hu', 'pl', 'pt', 'pt-br', 'tr', 'ja', 'zh', 'zh-tw', 'ru', 'et', 'he', 'id'),
'language.rtl' => array('ar','dv','fa','ur','he'),
'language.default' => 'en',
/**
* Custom getLanguage function called from SimpleSAML_XHTML_Template::getLanguage().
* Function should return language code of one of the available languages or NULL.
* See SimpleSAML_XHTML_Template::getLanguage() source code for more info.
*
* This option can be used to implement a custom function for determining
* the default language for the user.
*
* Example:
* 'language.get_language_function' => array('sspmod_example_Template', 'getLanguage'),
*/
/*
* Extra dictionary for attribute names.
* This can be used to define local attributes.
*
* The format of the parameter is a string with <module>:<dictionary>.
*
* Specifying this option will cause us to look for modules/<module>/dictionaries/<dictionary>.definition.json
* The dictionary should look something like:
*
* {
* "firstattribute": {
* "en": "English name",
* "no": "Norwegian name"
* },
* "secondattribute": {
* "en": "English name",
* "no": "Norwegian name"
* }
* }
*
* Note that all attribute names in the dictionary must in lowercase.
*
* Example: 'attributes.extradictionary' => 'ourmodule:ourattributes',
*/
'attributes.extradictionary' => NULL,
/*
* Which theme directory should be used?
*/
'theme.use' => 'default',
/*
* Default IdP for WS-Fed.
*/
'default-wsfed-idp' => 'urn:federation:pingfederate:localhost',
/*
* Whether the discovery service should allow the user to save his choice of IdP.
*/
'idpdisco.enableremember' => TRUE,
'idpdisco.rememberchecked' => TRUE,
// Disco service only accepts entities it knows.
'idpdisco.validate' => TRUE,
'idpdisco.extDiscoveryStorage' => NULL,
/*
* IdP Discovery service look configuration.
* Wether to display a list of idp or to display a dropdown box. For many IdP' a dropdown box
* gives the best use experience.
*
* When using dropdown box a cookie is used to highlight the previously chosen IdP in the dropdown.
* This makes it easier for the user to choose the IdP
*
* Options: [links,dropdown]
*
*/
'idpdisco.layout' => 'dropdown',
/*
* Whether simpleSAMLphp should sign the response or the assertion in SAML 1.1 authentication
* responses.
*
* The default is to sign the assertion element, but that can be overridden by setting this
* option to TRUE. It can also be overridden on a pr. SP basis by adding an option with the
* same name to the metadata of the SP.
*/
'shib13.signresponse' => TRUE,
/*
* Authentication processing filters that will be executed for all IdPs
* Both Shibboleth and SAML 2.0
*/
'authproc.idp' => array(
/* Enable the authproc filter below to add URN Prefixces to all attributes
10 => array(
'class' => 'core:AttributeMap', 'addurnprefix'
), */
/* Enable the authproc filter below to automatically generated eduPersonTargetedID.
20 => 'core:TargetedID',
*/
// Adopts language from attribute to use in UI
30 => 'core:LanguageAdaptor',
/* Add a realm attribute from edupersonprincipalname
40 => 'core:AttributeRealm',
*/
45 => array(
'class' => 'core:StatisticsWithAttribute',
'attributename' => 'realm',
'type' => 'saml20-idp-SSO',
),
/* When called without parameters, it will fallback to filter attributes the old way
* by checking the 'attributes' parameter in metadata on IdP hosted and SP remote.
*/
50 => 'core:AttributeLimit',
/*
* Search attribute "distinguishedName" for pattern and replaces if found
60 => array(
'class' => 'core:AttributeAlter',
'pattern' => '/OU=studerende/',
'replacement' => 'Student',
'subject' => 'distinguishedName',
'%replace',
),
*/
/*
* Consent module is enabled (with no permanent storage, using cookies).
90 => array(
'class' => 'consent:Consent',
'store' => 'consent:Cookie',
'focus' => 'yes',
'checked' => TRUE
),
*/
// If language is set in Consent module it will be added as an attribute.
99 => 'core:LanguageAdaptor',
),
/*
* Authentication processing filters that will be executed for all SPs
* Both Shibboleth and SAML 2.0
*/
'authproc.sp' => array(
/*
10 => array(
'class' => 'core:AttributeMap', 'removeurnprefix'
),
*/
10 => array(
'class' => 'saml:NameIDAttribute',
'format' => '%V',
'attribute' => 'NameID',
),
/*
* Generate the 'group' attribute populated from other variables, including eduPersonAffiliation.
*/
60 => array('class' => 'core:GenerateGroups', 'eduPersonAffiliation'),
// All users will be members of 'users' and 'members'
//61 => array('class' => 'core:AttributeAdd', 'groups' => array('users', 'members')),
// Adopts language from attribute to use in UI
90 => 'core:LanguageAdaptor',
),
/*
* This option configures the metadata sources. The metadata sources is given as an array with
* different metadata sources. When searching for metadata, simpleSAMPphp will search through
* the array from start to end.
*
* Each element in the array is an associative array which configures the metadata source.
* The type of the metadata source is given by the 'type' element. For each type we have
* different configuration options.
*
* Flat file metadata handler:
* - 'type': This is always 'flatfile'.
* - 'directory': The directory we will load the metadata files from. The default value for
* this option is the value of the 'metadatadir' configuration option, or
* 'metadata/' if that option is unset.
*
* XML metadata handler:
* This metadata handler parses an XML file with either an EntityDescriptor element or an
* EntitiesDescriptor element. The XML file may be stored locally, or (for debugging) on a remote
* web server.
* The XML hetadata handler defines the following options:
* - 'type': This is always 'xml'.
* - 'file': Path to the XML file with the metadata.
* - 'url': The url to fetch metadata from. THIS IS ONLY FOR DEBUGGING - THERE IS NO CACHING OF THE RESPONSE.
*
*
* Examples:
*
* This example defines two flatfile sources. One is the default metadata directory, the other
* is a metadata directory with autogenerated metadata files.
*
* 'metadata.sources' => array(
* array('type' => 'flatfile'),
* array('type' => 'flatfile', 'directory' => 'metadata-generated'),
* ),
*
* This example defines a flatfile source and an XML source.
* 'metadata.sources' => array(
* array('type' => 'flatfile'),
* array('type' => 'xml', 'file' => 'idp.example.org-idpMeta.xml'),
* ),
*
*
* Default:
* 'metadata.sources' => array(
* array('type' => 'flatfile')
* ),
*/
'metadata.sources' => array(
array('type' => 'flatfile'),
),
/*
* Configure the datastore for simpleSAMLphp.
*
* - 'phpsession': Limited datastore, which uses the PHP session.
* - 'memcache': Key-value datastore, based on memcache.
* - 'sql': SQL datastore, using PDO.
*
* The default datastore is 'phpsession'.
*
* (This option replaces the old 'session.handler'-option.)
*/
'store.type' => 'memcache',
/*
* The DSN the sql datastore should connect to.
*
* See http://www.php.net/manual/en/pdo.drivers.php for the various
* syntaxes.
*/
'store.sql.dsn' => 'sqlite:/path/to/sqlitedatabase.sq3',
/*
* The username and password to use when connecting to the database.
*/
'store.sql.username' => NULL,
'store.sql.password' => NULL,
/*
* The prefix we should use on our tables.
*/
'store.sql.prefix' => 'simpleSAMLphp',
/*
* Configuration for the MemcacheStore class. This allows you to store
* multiple redudant copies of sessions on different memcache servers.
*
* 'memcache_store.servers' is an array of server groups. Every data
* item will be mirrored in every server group.
*
* Each server group is an array of servers. The data items will be
* load-balanced between all servers in each server group.
*
* Each server is an array of parameters for the server. The following
* options are available:
* - 'hostname': This is the hostname or ip address where the
* memcache server runs. This is the only required option.
* - 'port': This is the port number of the memcache server. If this
* option isn't set, then we will use the 'memcache.default_port'
* ini setting. This is 11211 by default.
* - 'weight': This sets the weight of this server in this server
* group. http://php.net/manual/en/function.Memcache-addServer.php
* contains more information about the weight option.
* - 'timeout': The timeout for this server. By default, the timeout
* is 3 seconds.
*
* Example of redudant configuration with load balancing:
* This configuration makes it possible to lose both servers in the
* a-group or both servers in the b-group without losing any sessions.
* Note that sessions will be lost if one server is lost from both the
* a-group and the b-group.
*
* 'memcache_store.servers' => array(
* array(
* array('hostname' => 'mc_a1'),
* array('hostname' => 'mc_a2'),
* ),
* array(
* array('hostname' => 'mc_b1'),
* array('hostname' => 'mc_b2'),
* ),
* ),
*
* Example of simple configuration with only one memcache server,
* running on the same computer as the web server:
* Note that all sessions will be lost if the memcache server crashes.
*
* 'memcache_store.servers' => array(
* array(
* array('hostname' => 'localhost'),
* ),
* ),
*
*/
'memcache_store.servers' => array(
array(
array('hostname' => 'localhost'),
),
),
/*
* This value is the duration data should be stored in memcache. Data
* will be dropped from the memcache servers when this time expires.
* The time will be reset every time the data is written to the
* memcache servers.
*
* This value should always be larger than the 'session.duration'
* option. Not doing this may result in the session being deleted from
* the memcache servers while it is still in use.
*
* Set this value to 0 if you don't want data to expire.
*
* Note: The oldest data will always be deleted if the memcache server
* runs out of storage space.
*/
'memcache_store.expires' => 36 * (60*60), // 36 hours.
/*
* Should signing of generated metadata be enabled by default.
*
* Metadata signing can also be enabled for a individual SP or IdP by setting the
* same option in the metadata for the SP or IdP.
*/
'metadata.sign.enable' => FALSE,
/*
* The default key & certificate which should be used to sign generated metadata. These
* are files stored in the cert dir.
* These values can be overridden by the options with the same names in the SP or
* IdP metadata.
*
* If these aren't specified here or in the metadata for the SP or IdP, then
* the 'certificate' and 'privatekey' option in the metadata will be used.
* if those aren't set, signing of metadata will fail.
*/
'metadata.sign.privatekey' => NULL,
'metadata.sign.privatekey_pass' => NULL,
'metadata.sign.certificate' => NULL,
/*
* Proxy to use for retrieving URLs.
*
* Example:
* 'proxy' => 'tcp://proxy.example.com:5100'
*/
'proxy' => NULL,
);
require_once('/var/lib/simplesamlphp/secrets.inc.php');

53
drupal/simplesamlphp_auth/simplesamlphp/metadata/saml20-idp-remote.php Normal file
View File

@ -0,0 +1,53 @@
<?php
$metadata['http://idp-montpellier.entrouvert.org/idp/saml2/metadata'] = array (
'entityid' => 'http://idp-montpellier.entrouvert.org/idp/saml2/metadata',
'metadata-set' => 'saml20-idp-remote',
'SingleSignOnService' =>
array (
0 =>
array (
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
'Location' => 'http://idp-montpellier.entrouvert.org/idp/saml2/sso',
),
1 =>
array (
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
'Location' => 'http://idp-montpellier.entrouvert.org/idp/saml2/sso',
),
),
'SingleLogoutService' =>
array (
0 =>
array (
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
'Location' => 'http://idp-montpellier.entrouvert.org/idp/saml2/slo',
'ResponseLocation' => 'http://idp-montpellier.entrouvert.org/idp/saml2/slo_return',
),
1 =>
array (
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
'Location' => 'http://idp-montpellier.entrouvert.org/idp/saml2/slo',
'ResponseLocation' => 'http://idp-montpellier.entrouvert.org/idp/saml2/slo_return',
),
2 =>
array (
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP',
'Location' => 'http://idp-montpellier.entrouvert.org/idp/saml2/slo/soap',
),
),
'ArtifactResolutionService' =>
array (
0 =>
array (
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP',
'Location' => 'http://idp-montpellier.entrouvert.org/idp/saml2/artifact',
'index' => 1,
),
),
'certFingerprint' =>
array (
0 => 'f9af51c1613752e3ab4aa12f5b8f0fbfae7de6af',
),
'certData' => 'MIIDIzCCAgugAwIBAgIJANUBoick1pDpMA0GCSqGSIb3DQEBBQUAMBUxEzARBgNVBAoTCkVudHJvdXZlcnQwHhcNMTAxMjE0MTUzMzAyWhcNMTEwMTEzMTUzMzAyWjAVMRMwEQYDVQQKEwpFbnRyb3V2ZXJ0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvxFkfPdndlGgQPDZgFGXbrNAc/79PULZBuNdWFHDD9P5hNhZn9Kqm4Cp06Pe/A6u+g5wLnYvbZQcFCgfQAEzziJtb3J55OOlB7iMEI/T2AX2WzrUH8QT8NGhABONKU2Gg4XiyeXNhH5R7zdHlUwcWq3ZwNbtbY0TVc+n665EbrfV/59xihSqsoFrkmBLH0CoepUXtAzA7WDYn8AzusIuMx3n8844pJwgxhTB7Gjuboptlz9Hri8JRdXiVT9OS9Wt69ubcNoM6zuKASmtm48UuGnhj8v6XwvbjKZrL9kA+xf8ziazZfvvw/VGTm+IVFYB7d1x457jY5zjjXJvNysoowIDAQABo3YwdDAdBgNVHQ4EFgQUeF8ePnu0fcAK50iBQDgAhHkOu8kwRQYDVR0jBD4wPIAUeF8ePnu0fcAK50iBQDgAhHkOu8mhGaQXMBUxEzARBgNVBAoTCkVudHJvdXZlcnSCCQDVAaInJNaQ6TAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQAy8l3GhUtpPHx0FxzbRHVaaUSgMwYKGPhEIdGhqekKUJIx8et4xpEMFBl5XQjBNq/mp5vO3SPb2h2PVSks7xWnG3cvEkqJSOeofEEhkqnM45b2MH1S5uxp4i8UilPG6kmQiXU2rEUBdRk9xnRWos7epVivTSIv1NcplG6l41SXp6YgIb2ToT+rOKdIGIQuGDlzeR88fDxWEU0vEujZv/v1PE1YOV0xKjTTJumlBc6IViKhJeo1wiBBrVRIIkKKevHKQzteK8pWm9CYWculxT26TZ4VWzGbo06jo2zbumirrLLqnt1gmBDvDvlOwC/zAAyL4chbz66eQHTiIYZZvYgy',
);

12
drupal/simplesamlphp_auth/simplesamlphp_auth.info Normal file
View File

@ -0,0 +1,12 @@
name = simpleSAMLphp authentication
description = Allows users to authenticate to a remote SAML identity provider (IdP) via a locally configured SimpleSAMLphp service point (SP).
php = 5.1
core = 7.x
configure = admin/config/people/simplesamlphp_auth
; Information added by drupal.org packaging script on 2013-02-11
version = "7.x-2.0-alpha2"
core = "7.x"
project = "simplesamlphp_auth"
datestamp = "1360609258"

49
drupal/simplesamlphp_auth/simplesamlphp_auth.install Normal file
View File

@ -0,0 +1,49 @@
<?php
/**
* @file
* the install file for the simplesamlphp_auth module
*/
/**
* Implements hook_install().
*/
function simplesamlphp_auth_install() {
user_role_revoke_permissions(DRUPAL_AUTHENTICATED_RID, array('change own password'));
// Disable the open registration to the site and store the original setting.
$original = variable_get('user_register', 1);
variable_set('user_register', 0);
variable_set('simplesamlphp_auth_user_register_original', $original);
}
/**
* Implements hook_uninstall().
*/
function simplesamlphp_auth_uninstall() {
// Restore the original user registration directive.
$original = variable_get('simplesamlphp_auth_user_register_original', 1);
variable_set('user_register', $original);
variable_del('simplesamlphp_auth_user_register_original');
// Remove the created system variables.
variable_del('simplesamlphp_auth_activate');
variable_del('simplesamlphp_auth_installdir');
variable_del('simplesamlphp_auth_logout_page');
variable_del('simplesamlphp_auth_mailattr');
variable_del('simplesamlphp_auth_unique_id');
variable_del('simplesamlphp_auth_user_name');
variable_del('simplesamlphp_auth_authsource');
variable_del('simplesamlphp_auth_rolepopulation');
variable_del('simplesamlphp_auth_roleevaleverytime');
variable_del('simplesamlphp_auth_forcehttps');
variable_del('simplesamlphp_auth_registerusers');
variable_del('simplesamlphp_auth_allowsetdrupalpwd');
variable_del('simplesamlphp_auth_allowdefaultlogin');
variable_del('simplesamlphp_auth_allowdefaultloginroles');
variable_del('simplesamlphp_auth_allowdefaultloginusers');
variable_del('simplesamlphp_auth_logoutgotourl');
}

1074
drupal/simplesamlphp_auth/simplesamlphp_auth.module Normal file
View File

File diff suppressed because it is too large Load Diff

34
drupal/simplesamlphp_auth/simplesamlphp_auth.rules.inc Normal file
View File

@ -0,0 +1,34 @@
<?php
/**
* @file
* Integration with Rules module.
*/
/**
* Implementation of hook_rules_event_info().
* @ingroup rules
*/
function simplesamlphp_auth_rules_event_info() {
$defaults = array(
'group' => t('User'),
'module' => 'simplesamlphp_auth',
);
return array(
'simplesamlphp_auth_rules_event_register' => $defaults + array(
'label' => t('After registering a new user account via simpleSAMLphp'),
'group' => t('User'),
'variables' => array(
'user' => array('type' => 'user', 'label' => t('Logged in user')),
),
),
'simplesamlphp_auth_rules_event_login' => $defaults + array(
'label' => t('User has logged in via simpleSAMLphp'),
'group' => t('User'),
'variables' => array(
'user' => array('type' => 'user', 'label' => t('User')),
),
),
);
}