Manage NameID and email as uniqueid this allow to change email

* inc/simplesamlphp/metadata/saml20-idp-remote.php: add idp dev metadata
This commit is contained in:
Jérôme Schneider 2013-08-12 16:08:51 +02:00
parent afe7016670
commit 75196aef41
6 changed files with 144 additions and 10 deletions

View File

@ -69,12 +69,13 @@ function login_saml_successfull()
$first_name = $attributes['gn'][0];
$last_name = $attributes['sn'][0];
$email = $attributes['email'][0];
$nameid = $attributes['NameID'][0];
$display_name = $first_name . ' ' . $last_name;
spip_log("[auth_saml] authentification reussi pour l'utilisateur =".$email);
// Si l'utilisateur figure deja dans la base, y recuperer les infos
$result = spip_query("SELECT * FROM spip_auteurs WHERE email=" ._q($email). " AND statut<>'6form'" );
$result = spip_query("SELECT * FROM spip_auteurs WHERE (nameid=". _q($nameid) ." OR email=". _q($email) .") AND statut<>'6form'" );
$row_auteur = spip_fetch_array($result);
spip_log("[auth_saml] attribus utilisateur =".$row_auteur['login']);
@ -82,7 +83,9 @@ function login_saml_successfull()
if ($row_auteur) {
spip_log("[auth_saml] updating user [" . $email . "]");
spip_log("[auth_saml] display name : $display_name and login : $login");
spip_query("UPDATE spip_auteurs SET nom=" . _q($display_name) . ", login=" . _q($login) . " WHERE email="._q($email));
if (! $row_auteur['nameid'])
spip_query("UPDATE spip_auteurs SET nameid=" . _q($nameid) . " WHERE email="._q($email));
spip_query("UPDATE spip_auteurs SET nom=". _q($display_name) .", login=". _q($login) .", email="._q($email)." WHERE nameid="._q($nameid));
}
else
@ -90,14 +93,14 @@ function login_saml_successfull()
spip_log("[auth_saml] creating user [" . $login . "]");
spip_log("[auth_saml] display name : $display_name and email : $email");
$pass = hash('sha256', generate_password());
spip_query("INSERT INTO spip_auteurs (nom, login, email, pass, statut, webmestre) VALUES
('$display_name', '$login', '$email', '$pass', '6forum', 'non')");
spip_query("INSERT INTO spip_auteurs (nameid, nom, login, email, pass, statut, webmestre) VALUES
('$nameid', '$display_name', '$login', '$email', '$pass', '6forum', 'non')");
// On recupere l('utilisateur
$result = spip_query("SELECT * FROM spip_auteurs WHERE email=" ._q($email). " AND statut<>'6forum'" );
$result = spip_query("SELECT * FROM spip_auteurs WHERE nameid=" ._q($nameid). " AND statut<>'6forum'" );
$row_auteur = spip_fetch_array($result);
}
// Debug
spip_log('[auth_saml] login :' . $row_auteur['login'] . ' status : ' . $row_auteur['statut'] . ' email : ' . $row_auteur['email']);
spip_log('[auth_saml] nameid :' . $row_auteur['nameid'] . ' status : ' . $row_auteur['statut'] . ' email : ' . $row_auteur['email']);
// chargement de l'utilisateur en session
$GLOBALS['auteur_session'] = $row_auteur;
$session = charger_fonction('session', 'inc');

21
base/saml.php Normal file
View File

@ -0,0 +1,21 @@
<?php
/**
* Plugin SAML
*
*/
if (!defined("_ECRIRE_INC_VERSION")) return;
/**
* Ajouter des champs a la table auteurs
* @param array $tables_principales
* @return array
*/
function saml_declarer_tables_principales(&$tables_principales) {
// Extension de la table auteurs
$tables_principales['spip_auteurs']['field']['nameid'] = "text DEFAULT '' NOT NULL";
return $tables_principales;
}
?>

View File

@ -22,8 +22,12 @@ $config = array(
// The entity ID of the IdP this should SP should contact.
// Can be NULL/unset, in which case the user will be shown a list of available IdPs.
// 'idp' => 'https://mon-meyzieu.recette.entrouvert.com/idp/saml2/metadata',
'idp' => 'https://mon.meyzieu.fr/idp/saml2/metadata',
// Production
'idp' => 'https://mon.meyzieu.fr/idp/saml2/metadata',
// Recette
//'idp' => 'https://mon-meyzieu.recette.entrouvert.com/idp/saml2/metadata',
// Dev
//'idp' => 'http://mon.meyzieu.dev.entrouvert.org/idp/saml2/metadata',
// The URL to the discovery service.
// Can be NULL/unset, in which case a builtin discovery service will be used.

View File

@ -152,3 +152,78 @@ o2zbumirrLLqnt1gmBDvDvlOwC/zAAyL4chbz66eQHTiIYZZvYgy',
),
);
$metadata['http://mon.meyzieu.dev.entrouvert.org/idp/saml2/metadata'] = array (
'entityid' => 'http://mon.meyzieu.dev.entrouvert.org/idp/saml2/metadata',
'contacts' =>
array (
),
'metadata-set' => 'saml20-idp-remote',
'SingleSignOnService' =>
array (
0 =>
array (
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
'Location' => 'http://mon.meyzieu.dev.entrouvert.org/idp/saml2/sso',
),
1 =>
array (
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
'Location' => 'http://mon.meyzieu.dev.entrouvert.org/idp/saml2/sso',
),
),
'SingleLogoutService' =>
array (
0 =>
array (
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
'Location' => 'http://mon.meyzieu.dev.entrouvert.org/idp/saml2/slo',
'ResponseLocation' => 'http://mon.meyzieu.dev.entrouvert.org/idp/saml2/slo_return',
),
1 =>
array (
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
'Location' => 'http://mon.meyzieu.dev.entrouvert.org/idp/saml2/slo',
'ResponseLocation' => 'http://mon.meyzieu.dev.entrouvert.org/idp/saml2/slo_return',
),
2 =>
array (
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP',
'Location' => 'http://mon.meyzieu.dev.entrouvert.org/idp/saml2/slo/soap',
),
),
'ArtifactResolutionService' =>
array (
0 =>
array (
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP',
'Location' => 'http://mon.meyzieu.dev.entrouvert.org/idp/saml2/artifact',
'index' => 1,
),
),
'keys' =>
array (
0 =>
array (
'encryption' => true,
'signing' => true,
'type' => 'X509Certificate',
'X509Certificate' => 'MIIDIzCCAgugAwIBAgIJANUBoick1pDpMA0GCSqGSIb3DQEBBQUAMBUxEzARBgNV
BAoTCkVudHJvdXZlcnQwHhcNMTAxMjE0MTUzMzAyWhcNMTEwMTEzMTUzMzAyWjAV
MRMwEQYDVQQKEwpFbnRyb3V2ZXJ0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAvxFkfPdndlGgQPDZgFGXbrNAc/79PULZBuNdWFHDD9P5hNhZn9Kqm4Cp
06Pe/A6u+g5wLnYvbZQcFCgfQAEzziJtb3J55OOlB7iMEI/T2AX2WzrUH8QT8NGh
ABONKU2Gg4XiyeXNhH5R7zdHlUwcWq3ZwNbtbY0TVc+n665EbrfV/59xihSqsoFr
kmBLH0CoepUXtAzA7WDYn8AzusIuMx3n8844pJwgxhTB7Gjuboptlz9Hri8JRdXi
VT9OS9Wt69ubcNoM6zuKASmtm48UuGnhj8v6XwvbjKZrL9kA+xf8ziazZfvvw/VG
Tm+IVFYB7d1x457jY5zjjXJvNysoowIDAQABo3YwdDAdBgNVHQ4EFgQUeF8ePnu0
fcAK50iBQDgAhHkOu8kwRQYDVR0jBD4wPIAUeF8ePnu0fcAK50iBQDgAhHkOu8mh
GaQXMBUxEzARBgNVBAoTCkVudHJvdXZlcnSCCQDVAaInJNaQ6TAMBgNVHRMEBTAD
AQH/MA0GCSqGSIb3DQEBBQUAA4IBAQAy8l3GhUtpPHx0FxzbRHVaaUSgMwYKGPhE
IdGhqekKUJIx8et4xpEMFBl5XQjBNq/mp5vO3SPb2h2PVSks7xWnG3cvEkqJSOeo
fEEhkqnM45b2MH1S5uxp4i8UilPG6kmQiXU2rEUBdRk9xnRWos7epVivTSIv1Ncp
lG6l41SXp6YgIb2ToT+rOKdIGIQuGDlzeR88fDxWEU0vEujZv/v1PE1YOV0xKjTT
JumlBc6IViKhJeo1wiBBrVRIIkKKevHKQzteK8pWm9CYWculxT26TZ4VWzGbo06j
o2zbumirrLLqnt1gmBDvDvlOwC/zAAyL4chbz66eQHTiIYZZvYgy',
),
),
);

View File

@ -1,8 +1,8 @@
<plugin>
<nom>SPIPSaml</nom>
<auteur>[Jérôme Schneider->jschneider@entrouvert.org]</auteur>
<version>0.1</version>
<etat>experimental</etat>
<version>0.2</version>
<etat>test</etat>
<description>
<multi>
[en]SAML plugin providing Shibboleth authentication.
@ -13,8 +13,14 @@
[http://repos.entrouvert.org/spip-saml.git->http://repos.entrouvert.org/spip-saml.git]
</lien>
<prefix>saml</prefix>
<install>saml_administrations.php</install>
<pipeline>
<nom>definir_session</nom>
<inclure>saml_pipelines.php</inclure>
</pipeline>
<pipeline>
<nom>declarer_tables_principales</nom>
<inclure>base/saml.php</inclure>
</pipeline>
</plugin>

25
saml_administrations.php Normal file
View File

@ -0,0 +1,25 @@
<?php
if (!defined("_ECRIRE_INC_VERSION")) return;
include_spip('inc/meta');
include_spip('base/create');
function saml_install($action) {
$plugins_actifs = liste_plugin_actifs();
$version_script = $plugins_actifs['SAML']['version'];
switch ($action) {
case 'test':
return ((isset($GLOBALS['meta']['saml_version'])) AND
($GLOBALS['meta']['saml_version'] == $version_script));
case 'install':
include_spip('base/saml');
maj_tables('spip_auteurs');
ecrire_meta('saml_version', $version_script);
ecrire_metas();
break;
}
}
?>