Initial import
This commit is contained in:
commit
8af076abc5
|
@ -0,0 +1,9 @@
|
|||
saml_auth plugin allows you to use SAML 2.0 protocol with Elgg.
|
||||
This plugin uses SimpleSAMLphp to "samlize" Elgg.
|
||||
|
||||
= Installation on Debian =
|
||||
-> Install the fllowing packages : apache2, php5, simplesamlphp, memcached and php5-memcache
|
||||
-> Configure a SAML 2.0 SP in simpleSAMLphp (follow simpleSAMLphp documentation)
|
||||
-> Configure simpleSAMLphp to use memcache
|
||||
-> Install this plugin into Elgg
|
||||
|
|
@ -0,0 +1,25 @@
|
|||
<?php
|
||||
|
||||
/**
|
||||
* Elgg SAML authentication
|
||||
*
|
||||
* @package ElggSAMLAuth
|
||||
* @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2
|
||||
* @author Jerome Schneider <jschneider@entrouvert.com>
|
||||
*/
|
||||
|
||||
$en = array(
|
||||
'saml_auth:settings:label:simplesamlphp' => "SimpleSAMLphp configuration",
|
||||
'saml_auth:settings:label:sp_name' => "Service Provider name",
|
||||
'saml_auth:settings:help:sp_name' => "The name of your SP in SimpleSAMLphp",
|
||||
'saml_auth:settings:label:attributes' => "Attributes mapping",
|
||||
'saml_auth:settings:label:username' => "Username",
|
||||
'saml_auth:settings:label:firstname' => "Firstname",
|
||||
'saml_auth:settings:label:surname' => "Surname",
|
||||
'saml_auth:settings:label:email' => "Email address",
|
||||
'saml_auth:account:authentication:text' => "Please click on the Log In button.",
|
||||
'saml_auth:samlerror' => "The SAML plugin is misconfigured. It will not be used.",
|
||||
);
|
||||
|
||||
add_translation('en', $en);
|
||||
?>
|
|
@ -0,0 +1,24 @@
|
|||
<?php
|
||||
|
||||
/**
|
||||
* Elgg SAML authentication
|
||||
*
|
||||
* @package ElggSAMLAuth
|
||||
* @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2
|
||||
* @author Jerome Schneider <jschneider@entrouvert.com>
|
||||
*/
|
||||
|
||||
$fr = array(
|
||||
'saml_auth:settings:label:simplesamlphp' => "Configuration de SimpleSAMLphp",
|
||||
'saml_auth:settings:label:sp_name' => "Nom du fournisseur de service",
|
||||
'saml_auth:settings:help:sp_name' => "Nom de votre fournisseur de service SimpleSAMLphp",
|
||||
'saml_auth:settings:label:attributes' => "Attributs",
|
||||
'saml_auth:settings:label:username' => "Nom d'utilisateur",
|
||||
'saml_auth:settings:label:firstname' => "Prénom",
|
||||
'saml_auth:settings:label:surname' => "Nom",
|
||||
'saml_auth:settings:label:email' => "Courriel",
|
||||
'saml_auth:samlerror' => "Le plugin SAML n'est pas configuré correctement. Il n'est pas utilisé.",
|
||||
);
|
||||
|
||||
add_translation('fr', $fr);
|
||||
?>
|
|
@ -0,0 +1,10 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<plugin_manifest>
|
||||
<field key="author" value="Jerome Schneider" />
|
||||
<field key="version" value="0.1" />
|
||||
<field key="description" value="Provides SAML authentication" />
|
||||
<field key="website" value="http://www.entrouvert.org/" />
|
||||
<field key="copyright" value="(C) Entr'ouvert 2010" />
|
||||
<field key="licence" value="GNU Public License version 2 or later" />
|
||||
<field key="elgg_version" value="2009022701" />
|
||||
</plugin_manifest>
|
|
@ -0,0 +1,120 @@
|
|||
<?php
|
||||
require_once('/usr/share/simplesamlphp/lib/_autoload.php');
|
||||
/**
|
||||
* Elgg SAML v2.0 authentication
|
||||
*
|
||||
* @package ElggSAMLAuth
|
||||
* @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2
|
||||
* @author Jerome Schneider <jschneider@entrouvert.com>
|
||||
*/
|
||||
|
||||
// Register the events
|
||||
register_elgg_event_handler('init','system','saml_auth_init');
|
||||
register_elgg_event_handler('logout','user','saml_logout');
|
||||
|
||||
/**
|
||||
* SAML Authentication init
|
||||
*
|
||||
* These parameters are required for the event API, but we won't use them:
|
||||
*/
|
||||
function saml_auth_init()
|
||||
{
|
||||
global $CONFIG;
|
||||
|
||||
init_config();
|
||||
$as = new SimpleSAML_Auth_Simple(get_plugin_setting('sp_name', 'saml_auth'));
|
||||
$isAuth = $as->isAuthenticated();
|
||||
$attributes = $as->getAttributes();
|
||||
$elgg_user = saml_map_attributes($attributes);
|
||||
if ($isAuth && ! isloggedin() && $elgg_user)
|
||||
{
|
||||
$user = get_user_by_username($elgg_user['username']);
|
||||
if (! $user)
|
||||
{
|
||||
register_user($elgg_user['username'], $elgg_user['password'],
|
||||
$elgg_user['name'], $elgg_user['email']);
|
||||
$user = get_user_by_username($elgg_user['username']);
|
||||
}
|
||||
else
|
||||
saml_sync_user($user, $elgg_user);
|
||||
if ($user)
|
||||
return login($user);
|
||||
// XXX: else return an error ?
|
||||
}
|
||||
}
|
||||
|
||||
function init_config()
|
||||
{
|
||||
$config = find_plugin_settings('saml_auth');
|
||||
if (! $config->sp_name)
|
||||
set_plugin_setting('sp_name', 'default-sp', 'saml_auth');
|
||||
if (! $config->username)
|
||||
set_plugin_setting('username', 'uid', 'saml_auth');
|
||||
if (! $config->firstname)
|
||||
set_plugin_setting('firstname', 'givenName', 'saml_auth');
|
||||
if (! $config->surname)
|
||||
set_plugin_setting('surname', 'sn', 'saml_auth');
|
||||
if (! $config->email)
|
||||
set_plugin_setting('email', 'mail', 'saml_auth');
|
||||
}
|
||||
|
||||
function saml_sync_user($user, $elgg_user)
|
||||
{
|
||||
$user->name = $elgg_user['name'];
|
||||
$user->email = $elgg_user['email'];
|
||||
$user->save();
|
||||
}
|
||||
|
||||
|
||||
function gen_rand_pwd()
|
||||
{
|
||||
$password = "";
|
||||
$chars = "0123456789_!@#$%&*()-=+/abcdfghjkmnpqrstvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ_!@#$%&*()-=+/";
|
||||
$i = 0;
|
||||
|
||||
while ($i < 18)
|
||||
{
|
||||
$char = substr($chars, rand(0, strlen($chars)-1), 1);
|
||||
$password .= $char;
|
||||
$i++;
|
||||
}
|
||||
return $password;
|
||||
}
|
||||
|
||||
function saml_map_attributes($attributes)
|
||||
{
|
||||
$elgg_user = array();
|
||||
|
||||
$config = find_plugin_settings('saml_auth');
|
||||
if (! $attributes[$config->username] or ! $attributes[$config->email])
|
||||
return false;
|
||||
$elgg_user['username'] = $attributes[$config->username][0];
|
||||
$elgg_user['password'] = gen_rand_pwd();
|
||||
$elgg_user['name'] = '';
|
||||
if ($attributes[$config->surname] || $attributes[$config->firstname])
|
||||
{
|
||||
if ($attributes[$config->firstname])
|
||||
$elgg_user['name'] = $attributes[$config->firstname][0];
|
||||
if ($attributes[$config->surname])
|
||||
{
|
||||
if (! empty($elgg_user['name']))
|
||||
$elgg_user['name'] .= ' ';
|
||||
$elgg_user['name'] .= $attributes[$config->surname][0];
|
||||
}
|
||||
}
|
||||
else
|
||||
$elgg_user['name'] = $elgg_user['username'];
|
||||
$elgg_user['email'] = $attributes[$config->email][0];
|
||||
|
||||
return $elgg_user;
|
||||
}
|
||||
|
||||
function saml_logout()
|
||||
{
|
||||
$as = new SimpleSAML_Auth_Simple(get_plugin_setting('sp_name', 'saml_auth'));
|
||||
if ($as->isAuthenticated())
|
||||
$as->logout();
|
||||
|
||||
return true;
|
||||
}
|
||||
|
|
@ -0,0 +1,38 @@
|
|||
<?php
|
||||
/**
|
||||
* Elgg login form
|
||||
*
|
||||
* @package Elgg
|
||||
* @subpackage Core
|
||||
* @author Curverider Ltd
|
||||
* @link http://elgg.org/
|
||||
*/
|
||||
|
||||
global $CONFIG;
|
||||
|
||||
$form_body = "<p class=\"loginbox\"><label>" . elgg_echo('username') . "<br />" . elgg_view('input/text', array('internalname' => 'username', 'class' => 'login-textarea')) . "</label>";
|
||||
$form_body .= "<br />";
|
||||
$form_body .= "<label>" . elgg_echo('password') . "<br />" . elgg_view('input/password', array('internalname' => 'password', 'class' => 'login-textarea')) . "</label><br />";
|
||||
|
||||
$form_body .= elgg_view('login/extend');
|
||||
|
||||
$form_body .= elgg_view('input/submit', array('value' => elgg_echo('login'))) . " <div id=\"persistent_login\"><label><input type=\"checkbox\" name=\"persistent\" value=\"true\" />".elgg_echo('user:persistent')."</label></div></p>";
|
||||
$form_body .= "<p class=\"loginbox\">";
|
||||
$form_body .= (!isset($CONFIG->disable_registration) || !($CONFIG->disable_registration)) ? "<a href=\"{$vars['url']}pg/register/\">" . elgg_echo('register') . "</a> | " : "";
|
||||
$form_body .= "<a href=\"{$vars['url']}account/forgotten_password.php\">" . elgg_echo('user:password:lost') . "</a></p>";
|
||||
|
||||
$login_url = $vars['url'];
|
||||
if ((isset($CONFIG->https_login)) && ($CONFIG->https_login)) {
|
||||
$login_url = str_replace("http", "https", $vars['url']);
|
||||
}
|
||||
?>
|
||||
|
||||
<div id="login-box">
|
||||
<h2><?php echo elgg_echo('login'); ?></h2>
|
||||
<?php
|
||||
echo elgg_view('input/form', array('body' => $form_body, 'action' => "{$login_url}action/login"));
|
||||
?>
|
||||
</div>
|
||||
<script type="text/javascript">
|
||||
$(document).ready(function() { $('input[name=username]').focus(); });
|
||||
</script>
|
|
@ -0,0 +1,44 @@
|
|||
<?php
|
||||
/**
|
||||
* Elgg SAML v2.0 authentication
|
||||
*
|
||||
* @package ElggSAMLAuth
|
||||
* @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2
|
||||
* @author Jerome Schneider <jschneider@entrouvert.com>
|
||||
*/
|
||||
require_once('/usr/share/simplesamlphp/lib/_autoload.php');
|
||||
|
||||
$SAML = true;
|
||||
|
||||
try {
|
||||
$as = new SimpleSAML_Auth_Simple(get_plugin_setting('sp_name', 'saml_auth'));
|
||||
} catch (Exception $e) {
|
||||
$SAML = false;
|
||||
register_error(elgg_echo('saml_auth:samlerror'));
|
||||
}
|
||||
if (array_key_exists('login', $_REQUEST))
|
||||
{
|
||||
try {
|
||||
$as->requireAuth();
|
||||
} catch (Exception $e) {
|
||||
$SAML = false;
|
||||
register_error(elgg_echo('saml_auth:samlerror'));
|
||||
}
|
||||
}
|
||||
$isAuth = $as->isAuthenticated();
|
||||
|
||||
?>
|
||||
|
||||
<?php if ($SAML == true): ?>
|
||||
<div id="login-box">
|
||||
<h2><?php echo elgg_echo('login'); ?></h2>
|
||||
<form method="post" action=".">
|
||||
<?php echo '<p>' . elgg_echo('saml_auth:account:authentication:text') . '</p>' ?>
|
||||
<input type="hidden" value="1" name="login">
|
||||
<input type="submit" value="Log in" class="submit_button" name="">
|
||||
</form>
|
||||
</div>
|
||||
<?php else: ?>
|
||||
<?php echo elgg_view("account/forms/default_login"); ?>
|
||||
<?php endif; ?>
|
||||
|
|
@ -0,0 +1,30 @@
|
|||
<?
|
||||
/**
|
||||
* Elgg SAML authentication
|
||||
*
|
||||
* @package ElggSAMLAuth
|
||||
* @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2
|
||||
* @author Jerome Schneider <jschnneider@entrouvert.com>
|
||||
*/
|
||||
?>
|
||||
<p>
|
||||
<fieldset style="border: 1px solid; padding: 15px; margin: 0 10px 0 10px">
|
||||
<legend><?php echo elgg_echo('saml_auth:settings:label:simplesamlphp');?></legend>
|
||||
|
||||
<label for="params[sp_name]"><?php echo elgg_echo('saml_auth:settings:label:sp_name');?></label><br/>
|
||||
<div class="example"><?php echo elgg_echo('saml_auth:settings:help:sp_name');?></div>
|
||||
<input type="text" name="params[sp_name]" value="<?php echo $vars['entity']->sp_name;?>"/><br/>
|
||||
</fieldset>
|
||||
<fieldset style="border: 1px solid; padding: 15px; margin: 0 10px 0 10px">
|
||||
<legend><?php echo elgg_echo('saml_auth:settings:label:attributes');?></legend>
|
||||
|
||||
<label for="params[username]"><?php echo elgg_echo('saml_auth:settings:label:username');?></label><br/>
|
||||
<input type="text" name="params[username]" value="<?php echo $vars['entity']->username;?>"/><br/>
|
||||
<label for="params[firstname]"><?php echo elgg_echo('saml_auth:settings:label:firstname');?></label><br/>
|
||||
<input type="text" name="params[firstname]" value="<?php echo $vars['entity']->firstname;?>"/><br/>
|
||||
<label for="params[surname]"><?php echo elgg_echo('saml_auth:settings:label:surname');?></label><br/>
|
||||
<input type="text" name="params[surname]" value="<?php echo $vars['entity']->surname;?>"/><br/>
|
||||
<label for="params[email]"><?php echo elgg_echo('saml_auth:settings:label:email');?></label><br/>
|
||||
<input type="text" name="params[email]" value="<?php echo $vars['entity']->email;?>"/><br/>
|
||||
</fieldset>
|
||||
</p>
|
Reference in New Issue