Manage NameID and email as uniqueid this allow to change email
* inc/simplesamlphp/metadata/saml20-idp-remote.php: add idp dev metadata
This commit is contained in:
parent
afe7016670
commit
75196aef41
|
@ -69,12 +69,13 @@ function login_saml_successfull()
|
|||
$first_name = $attributes['gn'][0];
|
||||
$last_name = $attributes['sn'][0];
|
||||
$email = $attributes['email'][0];
|
||||
$nameid = $attributes['NameID'][0];
|
||||
$display_name = $first_name . ' ' . $last_name;
|
||||
|
||||
spip_log("[auth_saml] authentification reussi pour l'utilisateur =".$email);
|
||||
|
||||
// Si l'utilisateur figure deja dans la base, y recuperer les infos
|
||||
$result = spip_query("SELECT * FROM spip_auteurs WHERE email=" ._q($email). " AND statut<>'6form'" );
|
||||
$result = spip_query("SELECT * FROM spip_auteurs WHERE (nameid=". _q($nameid) ." OR email=". _q($email) .") AND statut<>'6form'" );
|
||||
$row_auteur = spip_fetch_array($result);
|
||||
|
||||
spip_log("[auth_saml] attribus utilisateur =".$row_auteur['login']);
|
||||
|
@ -82,7 +83,9 @@ function login_saml_successfull()
|
|||
if ($row_auteur) {
|
||||
spip_log("[auth_saml] updating user [" . $email . "]");
|
||||
spip_log("[auth_saml] display name : $display_name and login : $login");
|
||||
spip_query("UPDATE spip_auteurs SET nom=" . _q($display_name) . ", login=" . _q($login) . " WHERE email="._q($email));
|
||||
if (! $row_auteur['nameid'])
|
||||
spip_query("UPDATE spip_auteurs SET nameid=" . _q($nameid) . " WHERE email="._q($email));
|
||||
spip_query("UPDATE spip_auteurs SET nom=". _q($display_name) .", login=". _q($login) .", email="._q($email)." WHERE nameid="._q($nameid));
|
||||
|
||||
}
|
||||
else
|
||||
|
@ -90,14 +93,14 @@ function login_saml_successfull()
|
|||
spip_log("[auth_saml] creating user [" . $login . "]");
|
||||
spip_log("[auth_saml] display name : $display_name and email : $email");
|
||||
$pass = hash('sha256', generate_password());
|
||||
spip_query("INSERT INTO spip_auteurs (nom, login, email, pass, statut, webmestre) VALUES
|
||||
('$display_name', '$login', '$email', '$pass', '6forum', 'non')");
|
||||
spip_query("INSERT INTO spip_auteurs (nameid, nom, login, email, pass, statut, webmestre) VALUES
|
||||
('$nameid', '$display_name', '$login', '$email', '$pass', '6forum', 'non')");
|
||||
// On recupere l('utilisateur
|
||||
$result = spip_query("SELECT * FROM spip_auteurs WHERE email=" ._q($email). " AND statut<>'6forum'" );
|
||||
$result = spip_query("SELECT * FROM spip_auteurs WHERE nameid=" ._q($nameid). " AND statut<>'6forum'" );
|
||||
$row_auteur = spip_fetch_array($result);
|
||||
}
|
||||
// Debug
|
||||
spip_log('[auth_saml] login :' . $row_auteur['login'] . ' status : ' . $row_auteur['statut'] . ' email : ' . $row_auteur['email']);
|
||||
spip_log('[auth_saml] nameid :' . $row_auteur['nameid'] . ' status : ' . $row_auteur['statut'] . ' email : ' . $row_auteur['email']);
|
||||
// chargement de l'utilisateur en session
|
||||
$GLOBALS['auteur_session'] = $row_auteur;
|
||||
$session = charger_fonction('session', 'inc');
|
||||
|
|
|
@ -0,0 +1,21 @@
|
|||
<?php
|
||||
/**
|
||||
* Plugin SAML
|
||||
*
|
||||
*/
|
||||
|
||||
if (!defined("_ECRIRE_INC_VERSION")) return;
|
||||
|
||||
/**
|
||||
* Ajouter des champs a la table auteurs
|
||||
* @param array $tables_principales
|
||||
* @return array
|
||||
*/
|
||||
function saml_declarer_tables_principales(&$tables_principales) {
|
||||
// Extension de la table auteurs
|
||||
$tables_principales['spip_auteurs']['field']['nameid'] = "text DEFAULT '' NOT NULL";
|
||||
|
||||
return $tables_principales;
|
||||
}
|
||||
|
||||
?>
|
|
@ -22,8 +22,12 @@ $config = array(
|
|||
|
||||
// The entity ID of the IdP this should SP should contact.
|
||||
// Can be NULL/unset, in which case the user will be shown a list of available IdPs.
|
||||
// 'idp' => 'https://mon-meyzieu.recette.entrouvert.com/idp/saml2/metadata',
|
||||
'idp' => 'https://mon.meyzieu.fr/idp/saml2/metadata',
|
||||
// Production
|
||||
'idp' => 'https://mon.meyzieu.fr/idp/saml2/metadata',
|
||||
// Recette
|
||||
//'idp' => 'https://mon-meyzieu.recette.entrouvert.com/idp/saml2/metadata',
|
||||
// Dev
|
||||
//'idp' => 'http://mon.meyzieu.dev.entrouvert.org/idp/saml2/metadata',
|
||||
|
||||
// The URL to the discovery service.
|
||||
// Can be NULL/unset, in which case a builtin discovery service will be used.
|
||||
|
|
|
@ -152,3 +152,78 @@ o2zbumirrLLqnt1gmBDvDvlOwC/zAAyL4chbz66eQHTiIYZZvYgy',
|
|||
),
|
||||
);
|
||||
|
||||
$metadata['http://mon.meyzieu.dev.entrouvert.org/idp/saml2/metadata'] = array (
|
||||
'entityid' => 'http://mon.meyzieu.dev.entrouvert.org/idp/saml2/metadata',
|
||||
'contacts' =>
|
||||
array (
|
||||
),
|
||||
'metadata-set' => 'saml20-idp-remote',
|
||||
'SingleSignOnService' =>
|
||||
array (
|
||||
0 =>
|
||||
array (
|
||||
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
|
||||
'Location' => 'http://mon.meyzieu.dev.entrouvert.org/idp/saml2/sso',
|
||||
),
|
||||
1 =>
|
||||
array (
|
||||
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
|
||||
'Location' => 'http://mon.meyzieu.dev.entrouvert.org/idp/saml2/sso',
|
||||
),
|
||||
),
|
||||
'SingleLogoutService' =>
|
||||
array (
|
||||
0 =>
|
||||
array (
|
||||
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
|
||||
'Location' => 'http://mon.meyzieu.dev.entrouvert.org/idp/saml2/slo',
|
||||
'ResponseLocation' => 'http://mon.meyzieu.dev.entrouvert.org/idp/saml2/slo_return',
|
||||
),
|
||||
1 =>
|
||||
array (
|
||||
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
|
||||
'Location' => 'http://mon.meyzieu.dev.entrouvert.org/idp/saml2/slo',
|
||||
'ResponseLocation' => 'http://mon.meyzieu.dev.entrouvert.org/idp/saml2/slo_return',
|
||||
),
|
||||
2 =>
|
||||
array (
|
||||
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP',
|
||||
'Location' => 'http://mon.meyzieu.dev.entrouvert.org/idp/saml2/slo/soap',
|
||||
),
|
||||
),
|
||||
'ArtifactResolutionService' =>
|
||||
array (
|
||||
0 =>
|
||||
array (
|
||||
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP',
|
||||
'Location' => 'http://mon.meyzieu.dev.entrouvert.org/idp/saml2/artifact',
|
||||
'index' => 1,
|
||||
),
|
||||
),
|
||||
'keys' =>
|
||||
array (
|
||||
0 =>
|
||||
array (
|
||||
'encryption' => true,
|
||||
'signing' => true,
|
||||
'type' => 'X509Certificate',
|
||||
'X509Certificate' => 'MIIDIzCCAgugAwIBAgIJANUBoick1pDpMA0GCSqGSIb3DQEBBQUAMBUxEzARBgNV
|
||||
BAoTCkVudHJvdXZlcnQwHhcNMTAxMjE0MTUzMzAyWhcNMTEwMTEzMTUzMzAyWjAV
|
||||
MRMwEQYDVQQKEwpFbnRyb3V2ZXJ0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
|
||||
CgKCAQEAvxFkfPdndlGgQPDZgFGXbrNAc/79PULZBuNdWFHDD9P5hNhZn9Kqm4Cp
|
||||
06Pe/A6u+g5wLnYvbZQcFCgfQAEzziJtb3J55OOlB7iMEI/T2AX2WzrUH8QT8NGh
|
||||
ABONKU2Gg4XiyeXNhH5R7zdHlUwcWq3ZwNbtbY0TVc+n665EbrfV/59xihSqsoFr
|
||||
kmBLH0CoepUXtAzA7WDYn8AzusIuMx3n8844pJwgxhTB7Gjuboptlz9Hri8JRdXi
|
||||
VT9OS9Wt69ubcNoM6zuKASmtm48UuGnhj8v6XwvbjKZrL9kA+xf8ziazZfvvw/VG
|
||||
Tm+IVFYB7d1x457jY5zjjXJvNysoowIDAQABo3YwdDAdBgNVHQ4EFgQUeF8ePnu0
|
||||
fcAK50iBQDgAhHkOu8kwRQYDVR0jBD4wPIAUeF8ePnu0fcAK50iBQDgAhHkOu8mh
|
||||
GaQXMBUxEzARBgNVBAoTCkVudHJvdXZlcnSCCQDVAaInJNaQ6TAMBgNVHRMEBTAD
|
||||
AQH/MA0GCSqGSIb3DQEBBQUAA4IBAQAy8l3GhUtpPHx0FxzbRHVaaUSgMwYKGPhE
|
||||
IdGhqekKUJIx8et4xpEMFBl5XQjBNq/mp5vO3SPb2h2PVSks7xWnG3cvEkqJSOeo
|
||||
fEEhkqnM45b2MH1S5uxp4i8UilPG6kmQiXU2rEUBdRk9xnRWos7epVivTSIv1Ncp
|
||||
lG6l41SXp6YgIb2ToT+rOKdIGIQuGDlzeR88fDxWEU0vEujZv/v1PE1YOV0xKjTT
|
||||
JumlBc6IViKhJeo1wiBBrVRIIkKKevHKQzteK8pWm9CYWculxT26TZ4VWzGbo06j
|
||||
o2zbumirrLLqnt1gmBDvDvlOwC/zAAyL4chbz66eQHTiIYZZvYgy',
|
||||
),
|
||||
),
|
||||
);
|
||||
|
|
10
plugin.xml
10
plugin.xml
|
@ -1,8 +1,8 @@
|
|||
<plugin>
|
||||
<nom>SPIPSaml</nom>
|
||||
<auteur>[Jérôme Schneider->jschneider@entrouvert.org]</auteur>
|
||||
<version>0.1</version>
|
||||
<etat>experimental</etat>
|
||||
<version>0.2</version>
|
||||
<etat>test</etat>
|
||||
<description>
|
||||
<multi>
|
||||
[en]SAML plugin providing Shibboleth authentication.
|
||||
|
@ -13,8 +13,14 @@
|
|||
[http://repos.entrouvert.org/spip-saml.git->http://repos.entrouvert.org/spip-saml.git]
|
||||
</lien>
|
||||
<prefix>saml</prefix>
|
||||
<install>saml_administrations.php</install>
|
||||
<pipeline>
|
||||
<nom>definir_session</nom>
|
||||
<inclure>saml_pipelines.php</inclure>
|
||||
</pipeline>
|
||||
<pipeline>
|
||||
<nom>declarer_tables_principales</nom>
|
||||
<inclure>base/saml.php</inclure>
|
||||
</pipeline>
|
||||
|
||||
</plugin>
|
||||
|
|
|
@ -0,0 +1,25 @@
|
|||
<?php
|
||||
|
||||
if (!defined("_ECRIRE_INC_VERSION")) return;
|
||||
|
||||
include_spip('inc/meta');
|
||||
include_spip('base/create');
|
||||
|
||||
function saml_install($action) {
|
||||
$plugins_actifs = liste_plugin_actifs();
|
||||
$version_script = $plugins_actifs['SAML']['version'];
|
||||
|
||||
switch ($action) {
|
||||
case 'test':
|
||||
return ((isset($GLOBALS['meta']['saml_version'])) AND
|
||||
($GLOBALS['meta']['saml_version'] == $version_script));
|
||||
case 'install':
|
||||
include_spip('base/saml');
|
||||
maj_tables('spip_auteurs');
|
||||
ecrire_meta('saml_version', $version_script);
|
||||
ecrire_metas();
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
?>
|
Reference in New Issue