entrouvert
/
spkitlasso
Archived
17
0
Fork 0
Code Issues Pull Requests Releases Activity

Update of the documentation

This commit is contained in:
Benjamin Dauvergne 2009-08-13 10:52:48 +02:00
parent 225ace30c6
commit 57d19f94a6
7 changed files with 176 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
README
View File

@ -1,12 +1,18 @@
Lasso SPKit PHP v0.1
Lasso SPKit PHP v0.3
This library contains code to ease the usage of the PHP bindings of the lasso
library inside a service provider, usually an existing web application where
you wish to handle some of the profile of the Liberty Alliance or SAML 2.0
protocols.
The API is procedural, minimal and easy to comprehend. Depending
upon the configuration
The API is procedural, minimal and easy to understand.
Depending upong the configuration there is two functionning mode:
- liberty state is reported through the function lassospkit_nameid() and
lassospkit_federation(), your application MUST persist them by its own way.
- liberty state is stored using one of the automatic storage mode, you just
have to associate a user id with the liberty state. After any liberty event
you can retrieve this user id.
= Description of the API =
@ -22,15 +28,16 @@ function lassospkit_nameid()
function lassospkit_set_nameid($nameid)
* Set the nameid that the next SAML profile should use. Use it before
presenting link for defederation or single logout. It has no effect if redirecting toward SSO.
presenting link for defederation or single logout. It has no effect if
redirecting toward SSO.
function lassospkit_userid()
* When automated storage of the federation is activated this parameter will
contain the last userID associated with the current nameID. The association
is done by calling setUserID then making a successul SSO request (via a
redirection to lassospki_websso_redirect).
When automated storage is inactivated, it always returns null and set_userid
is ignored by the backend code.
redirection to lassospki_websso_redirect). When automated storage is
inactivated, it always returns null and set_userid is ignored by the backend
code.
function lassospkit_error()
* When non-null gives a human readable explaination of the last unsucessful
@ -38,14 +45,16 @@ function lassospkit_error()
federate is identity in the context of an SSO request.
function lassospkit_federation()
* Return an opaque blob containing informations on the federation created with an IdP
afer a succesful request. If you intend to handle yourself storage of the federation,
you must save this together with local user account/sessions informations and restores
it before any future redirection to a logout/defederation request. If you user automated
persistence you can ignore it.
* Return an opaque blob containing informations on the federation created with
an IdP afer a succesful request. If you intend to handle yourself storage of
the federation, you must save this together with local user account/sessions
informations and restores it before any future redirection to a
logout/defederation request. If you user automated persistence you can ignore
it.
function lassospkit_set_federation($federation)
* Restore the opaque blob needed to initalize SAML requests. See previous function.
* Restore the opaque blob needed to initalize SAML requests. See previous
function.
function lassospkit_websso_redirect($relay)
* URL to the local page intiating SSO exchanges with the IdP. Use the baseUrl

6
debian/changelog vendored
View File

@ -1,3 +1,9 @@
spkitlasso (0.3.1ubuntu1-git-95065af809) jaunty; urgency=low
* Package from git development trunk.
-- Benjamin Dauvergne <bdauvergne@entrouvert.com> Tue, 03 Feb 2009 12:56:30 +0100
spkitlasso (0.3.1) jaunty; urgency=low
* Catch errors when building configuration

1
exemples/endpoints/configure.php Symbolic link
View File

@ -0,0 +1 @@
../../endpoints/configure.php

62
exemples/endpoints/liberty.php Normal file
View File

@ -0,0 +1,62 @@
<?php
require_once("spkitlasso/lassospkit_helper.inc.php");
require_once("spkitlasso/lassospkit_dispatcher.inc.php");
require_once("spkitlasso/lassospkit_metadata.inc.php");
require_once("spkitlasso/lassospkit_utils.inc.php");
dispatch(array('/login' => login,
'/federate' => federate,
'/ssoAssertionConsumer' => ssoAssertionConsumer,
'/sloInit' => sloInit,
'/sloSoap' => sloSoap,
'/sloRedirect' => sloRedirect,
'/sloResponse' => sloResponse,
'/defederate' => defederate,
'/defederateReturn' => defederateReturn,
'/defederateNotification' => defederateNotification,
'/metadata' => metadata));
// TODO fill implementation
function login() {
$saml2 = new LassoSPKitLiberty(new LassoSPKitDummySession());
$params = LassoSPKitUtilsSession::getParams('login');
$federate = TRUE;
if (isset($params['federate'])) {
$federate = $params['federate'];
}
$saml2->sso(TRUE, $federate);
}
function federate() {
$saml2 = new LassoSPKitLiberty(new LassoSPKitDummySession());
$saml2->sso(TRUE, TRUE);
}
function ssoAssertionConsumer() {
}
function sloInit() {
}
function sloSoap() {
}
function sloRedirect() {
}
function sloResponse() {
}
function defederate() {
}
function defederateReturn() {
}
function defederateNotification() {
}
function metadata() {
header('Content-type: text/xml');
$datadir = LassoSPKitHelper::getMetadataDir(LASSO_PROTOCOL_LIBERTY_1_2);
$pkey = $datadir . "/" . PRIVATE_KEY;
LassoSPKitUtils::extractPublicKey($pkey, $publickey, $error);
try {
$content = LassoSPKitMetadataLiberty::generateMetadata(dirname(LassoSPKitUtils::mydir()), LassoSPKitConfig::get('organization'), $publickey);
if ($content) {
header('Content-type: text/xml');
echo $content;
}
} catch (Exception $e) {
throw $e;
}
}

82
exemples/endpoints/saml2.php Normal file
View File

@ -0,0 +1,82 @@
<?php
require_once('spkitlasso/lassospkit_saml2_endpoint.inc.php');
require_once('spkitlasso/lassospkit_public_api.inc.php');
class EndpointExemple extends LassoSPKitSaml2Endpoint {
function dispatchAndExit() {
try {
parent::dispatchAndExit();
} catch (Exception $e) {
$exceptionText = $e->__toString();
$lines = explode("\n",$exceptionText);
foreach ($lines as $line) {
error_log($line);
}
die('There was an error, shoot yourself !');
}
}
function headerHtml($title, $url) {
?>
<html>
<head>
<title><?php echo $title ?></title>
<meta http-equiv="refresh" content="5; url=<?php echo $url?>" />
</head>
<body> <?php
}
function footerHtml() {
?>
</body>
</html>
<?php
}
function handleSso($ret) {
$r = $this->relayState;
$this->headerHtml("AssertionConsumer endpoint", $r);
if ($ret == 0) {
echo "Ouais on est loggé, aller <a href='$r'>$r</a>";
} else {
echo "Une erreur lasso s'est produite de code $ret" . strError($ret);
}
return $ret;
}
function handleSlo($ret) {
$r = $this->relayState;
if ($this->currentHttpMethod == LASSO_HTTP_METHOD_GET &&
$this->currentHttpMethod == LASSO_HTTP_METHOD_POST) {
$this->headerHtml("SLO endpoint", $r);
if ($ret) {
echo "Demande de slo échoué: " . strError($ret) . "($ret)";
} else {
echo "Demande de slo réussie";
}
echo "Go to <a href='$r'>$r</a>";
$this->footerHtml();
lassospkit_clean();
} else {
# Specialized
$id = lassospkit_userid();
error_log("Trying to destroy session $id");
$session = LassoSPKitUtilsSession::getSingleton();
$session->id = $id;
$session->clean();
}
if ($ret) {
error_log("Demande de slo échoué: $ret");
} else {
error_log("Demande de slo réussie: $ret");
}
return $ret;
}
function handleNameIdManagement($ret) {
if ($ret) {
error_log('Erreur lors du nid: ' . $ret . ': ' . strError($ret));
}
return $ret;
}
}
$endpoint = new EndpointExemple();
$endpoint->dispatchAndExit();

2
exemples/endpoints/style.css Normal file
View File

@ -0,0 +1,2 @@
.error { width: auto; color: red; border: 1px solid red; padding: 2px; }
pre,.code { background: #BBB; border: 1px solid black; padding: 1ex;white-space: pre; overflow: scroll }

1
exemples/spkitlasso Symbolic link
View File

@ -0,0 +1 @@
../include/