Update of the documentation
This commit is contained in:
parent
225ace30c6
commit
57d19f94a6
35
README
35
README
|
@ -1,12 +1,18 @@
|
|||
Lasso SPKit PHP v0.1
|
||||
Lasso SPKit PHP v0.3
|
||||
|
||||
This library contains code to ease the usage of the PHP bindings of the lasso
|
||||
library inside a service provider, usually an existing web application where
|
||||
you wish to handle some of the profile of the Liberty Alliance or SAML 2.0
|
||||
protocols.
|
||||
|
||||
The API is procedural, minimal and easy to comprehend. Depending
|
||||
upon the configuration
|
||||
The API is procedural, minimal and easy to understand.
|
||||
|
||||
Depending upong the configuration there is two functionning mode:
|
||||
- liberty state is reported through the function lassospkit_nameid() and
|
||||
lassospkit_federation(), your application MUST persist them by its own way.
|
||||
- liberty state is stored using one of the automatic storage mode, you just
|
||||
have to associate a user id with the liberty state. After any liberty event
|
||||
you can retrieve this user id.
|
||||
|
||||
= Description of the API =
|
||||
|
||||
|
@ -22,15 +28,16 @@ function lassospkit_nameid()
|
|||
|
||||
function lassospkit_set_nameid($nameid)
|
||||
* Set the nameid that the next SAML profile should use. Use it before
|
||||
presenting link for defederation or single logout. It has no effect if redirecting toward SSO.
|
||||
presenting link for defederation or single logout. It has no effect if
|
||||
redirecting toward SSO.
|
||||
|
||||
function lassospkit_userid()
|
||||
* When automated storage of the federation is activated this parameter will
|
||||
contain the last userID associated with the current nameID. The association
|
||||
is done by calling setUserID then making a successul SSO request (via a
|
||||
redirection to lassospki_websso_redirect).
|
||||
When automated storage is inactivated, it always returns null and set_userid
|
||||
is ignored by the backend code.
|
||||
redirection to lassospki_websso_redirect). When automated storage is
|
||||
inactivated, it always returns null and set_userid is ignored by the backend
|
||||
code.
|
||||
|
||||
function lassospkit_error()
|
||||
* When non-null gives a human readable explaination of the last unsucessful
|
||||
|
@ -38,14 +45,16 @@ function lassospkit_error()
|
|||
federate is identity in the context of an SSO request.
|
||||
|
||||
function lassospkit_federation()
|
||||
* Return an opaque blob containing informations on the federation created with an IdP
|
||||
afer a succesful request. If you intend to handle yourself storage of the federation,
|
||||
you must save this together with local user account/sessions informations and restores
|
||||
it before any future redirection to a logout/defederation request. If you user automated
|
||||
persistence you can ignore it.
|
||||
* Return an opaque blob containing informations on the federation created with
|
||||
an IdP afer a succesful request. If you intend to handle yourself storage of
|
||||
the federation, you must save this together with local user account/sessions
|
||||
informations and restores it before any future redirection to a
|
||||
logout/defederation request. If you user automated persistence you can ignore
|
||||
it.
|
||||
|
||||
function lassospkit_set_federation($federation)
|
||||
* Restore the opaque blob needed to initalize SAML requests. See previous function.
|
||||
* Restore the opaque blob needed to initalize SAML requests. See previous
|
||||
function.
|
||||
|
||||
function lassospkit_websso_redirect($relay)
|
||||
* URL to the local page intiating SSO exchanges with the IdP. Use the baseUrl
|
||||
|
|
|
@ -1,3 +1,9 @@
|
|||
spkitlasso (0.3.1ubuntu1-git-95065af809) jaunty; urgency=low
|
||||
|
||||
* Package from git development trunk.
|
||||
|
||||
-- Benjamin Dauvergne <bdauvergne@entrouvert.com> Tue, 03 Feb 2009 12:56:30 +0100
|
||||
|
||||
spkitlasso (0.3.1) jaunty; urgency=low
|
||||
|
||||
* Catch errors when building configuration
|
||||
|
|
|
@ -0,0 +1 @@
|
|||
../../endpoints/configure.php
|
|
@ -0,0 +1,62 @@
|
|||
<?php
|
||||
require_once("spkitlasso/lassospkit_helper.inc.php");
|
||||
require_once("spkitlasso/lassospkit_dispatcher.inc.php");
|
||||
require_once("spkitlasso/lassospkit_metadata.inc.php");
|
||||
require_once("spkitlasso/lassospkit_utils.inc.php");
|
||||
|
||||
dispatch(array('/login' => login,
|
||||
'/federate' => federate,
|
||||
'/ssoAssertionConsumer' => ssoAssertionConsumer,
|
||||
'/sloInit' => sloInit,
|
||||
'/sloSoap' => sloSoap,
|
||||
'/sloRedirect' => sloRedirect,
|
||||
'/sloResponse' => sloResponse,
|
||||
'/defederate' => defederate,
|
||||
'/defederateReturn' => defederateReturn,
|
||||
'/defederateNotification' => defederateNotification,
|
||||
'/metadata' => metadata));
|
||||
// TODO fill implementation
|
||||
function login() {
|
||||
$saml2 = new LassoSPKitLiberty(new LassoSPKitDummySession());
|
||||
$params = LassoSPKitUtilsSession::getParams('login');
|
||||
$federate = TRUE;
|
||||
if (isset($params['federate'])) {
|
||||
$federate = $params['federate'];
|
||||
}
|
||||
$saml2->sso(TRUE, $federate);
|
||||
}
|
||||
function federate() {
|
||||
$saml2 = new LassoSPKitLiberty(new LassoSPKitDummySession());
|
||||
$saml2->sso(TRUE, TRUE);
|
||||
}
|
||||
function ssoAssertionConsumer() {
|
||||
}
|
||||
function sloInit() {
|
||||
}
|
||||
function sloSoap() {
|
||||
}
|
||||
function sloRedirect() {
|
||||
}
|
||||
function sloResponse() {
|
||||
}
|
||||
function defederate() {
|
||||
}
|
||||
function defederateReturn() {
|
||||
}
|
||||
function defederateNotification() {
|
||||
}
|
||||
function metadata() {
|
||||
header('Content-type: text/xml');
|
||||
$datadir = LassoSPKitHelper::getMetadataDir(LASSO_PROTOCOL_LIBERTY_1_2);
|
||||
$pkey = $datadir . "/" . PRIVATE_KEY;
|
||||
LassoSPKitUtils::extractPublicKey($pkey, $publickey, $error);
|
||||
try {
|
||||
$content = LassoSPKitMetadataLiberty::generateMetadata(dirname(LassoSPKitUtils::mydir()), LassoSPKitConfig::get('organization'), $publickey);
|
||||
if ($content) {
|
||||
header('Content-type: text/xml');
|
||||
echo $content;
|
||||
}
|
||||
} catch (Exception $e) {
|
||||
throw $e;
|
||||
}
|
||||
}
|
|
@ -0,0 +1,82 @@
|
|||
<?php
|
||||
require_once('spkitlasso/lassospkit_saml2_endpoint.inc.php');
|
||||
require_once('spkitlasso/lassospkit_public_api.inc.php');
|
||||
|
||||
class EndpointExemple extends LassoSPKitSaml2Endpoint {
|
||||
function dispatchAndExit() {
|
||||
try {
|
||||
parent::dispatchAndExit();
|
||||
} catch (Exception $e) {
|
||||
$exceptionText = $e->__toString();
|
||||
$lines = explode("\n",$exceptionText);
|
||||
foreach ($lines as $line) {
|
||||
error_log($line);
|
||||
}
|
||||
die('There was an error, shoot yourself !');
|
||||
}
|
||||
}
|
||||
function headerHtml($title, $url) {
|
||||
?>
|
||||
<html>
|
||||
<head>
|
||||
<title><?php echo $title ?></title>
|
||||
<meta http-equiv="refresh" content="5; url=<?php echo $url?>" />
|
||||
</head>
|
||||
<body> <?php
|
||||
}
|
||||
function footerHtml() {
|
||||
?>
|
||||
</body>
|
||||
</html>
|
||||
<?php
|
||||
}
|
||||
function handleSso($ret) {
|
||||
$r = $this->relayState;
|
||||
$this->headerHtml("AssertionConsumer endpoint", $r);
|
||||
if ($ret == 0) {
|
||||
echo "Ouais on est loggé, aller <a href='$r'>$r</a>";
|
||||
} else {
|
||||
echo "Une erreur lasso s'est produite de code $ret" . strError($ret);
|
||||
}
|
||||
return $ret;
|
||||
}
|
||||
function handleSlo($ret) {
|
||||
$r = $this->relayState;
|
||||
if ($this->currentHttpMethod == LASSO_HTTP_METHOD_GET &&
|
||||
$this->currentHttpMethod == LASSO_HTTP_METHOD_POST) {
|
||||
$this->headerHtml("SLO endpoint", $r);
|
||||
if ($ret) {
|
||||
echo "Demande de slo échoué: " . strError($ret) . "($ret)";
|
||||
} else {
|
||||
echo "Demande de slo réussie";
|
||||
}
|
||||
echo "Go to <a href='$r'>$r</a>";
|
||||
$this->footerHtml();
|
||||
lassospkit_clean();
|
||||
} else {
|
||||
# Specialized
|
||||
$id = lassospkit_userid();
|
||||
error_log("Trying to destroy session $id");
|
||||
$session = LassoSPKitUtilsSession::getSingleton();
|
||||
$session->id = $id;
|
||||
$session->clean();
|
||||
}
|
||||
if ($ret) {
|
||||
error_log("Demande de slo échoué: $ret");
|
||||
} else {
|
||||
error_log("Demande de slo réussie: $ret");
|
||||
}
|
||||
|
||||
return $ret;
|
||||
}
|
||||
function handleNameIdManagement($ret) {
|
||||
if ($ret) {
|
||||
error_log('Erreur lors du nid: ' . $ret . ': ' . strError($ret));
|
||||
}
|
||||
return $ret;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
$endpoint = new EndpointExemple();
|
||||
$endpoint->dispatchAndExit();
|
|
@ -0,0 +1,2 @@
|
|||
.error { width: auto; color: red; border: 1px solid red; padding: 2px; }
|
||||
pre,.code { background: #BBB; border: 1px solid black; padding: 1ex;white-space: pre; overflow: scroll }
|
|
@ -0,0 +1 @@
|
|||
../include/
|
Reference in New Issue