entrouvert
/
spkitlasso
Archived
17
0
Fork 0
Code Issues Pull Requests Releases Activity

* move index.php to exemple1.php 

* use the lassospkit sessionid as a real session id for logout
 * change redirects to relative url around exemple1.php
 * show attributes

 * lassospkit_endpoints.php:
  - store in var $currentHttpMethod the current http method.
  - add documentation to methods
  - handle relaystate in slo endpoints
This commit is contained in:
<bdauvergne@entrouvert.com> 1210088773 +0200 0001-01-01 00:00:00 +00:00
parent 6d9841b60e
commit dffdd1b050
2 changed files with 73 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
exemples/index.php → exemples/exemple1.php
View File

@ -2,10 +2,10 @@
require_once('spkitlasso/lassospkit_public_api.inc.php');
require_once('spkitlasso/lassospkit_debug.inc.php');
require_once('spkitlasso/lassospkit_utils.inc.php');
$myself = LassoSPKitUtils::myself();
if (isset($_SERVER['PATH_INFO']) && $_SERVER['PATH_INFO'] == '/logout') {
echo lassospkit_soap_logout();
header('Location: ..');
lassospkit_soap_logout();
header('Location: ../exemple.php');
exit(0);
}
if (isset($_SERVER['PATH_INFO']) && $_SERVER['PATH_INFO'] == '/login') {
@ -13,7 +13,9 @@ if (isset($_SERVER['PATH_INFO']) && $_SERVER['PATH_INFO'] == '/login') {
if (isset($_GET['passive']) && $_GET['passive'] == 1) {
$isPassive = true;
}
echo lassospkit_redirect_login('http://localhost/~bdauvergne/spkittest/',$isPassive);
# Very special
lassospkit_set_userid(LassoSPKitUtilsSession::getSingleton()->id);
lassospkit_redirect_login('../exemple.php',$isPassive);
exit(0);
}
if (isset($_SERVER['PATH_INFO']) && $_SERVER['PATH_INFO'] == '/federate') {
@ -21,7 +23,13 @@ if (isset($_SERVER['PATH_INFO']) && $_SERVER['PATH_INFO'] == '/federate') {
if (isset($_GET['passive']) && $_GET['passive'] == 1) {
$isPassive = true;
}
echo lassospkit_redirect_federate('http://localhost/~bdauvergne/spkittest/',$isPassive);
lassospkit_set_userid(LassoSPKitUtilsSession::getSingleton()->id);
lassospkit_redirect_federate('../exemple.php',$isPassive);
exit(0);
}
if (isset($_SERVER['PATH_INFO']) && $_SERVER['PATH_INFO'] == '/defederate') {
lassospkit_soap_defederate();
header('Location: ../exemple.php');
exit(0);
}
echo '<?xml version="1.0" encoding="UTF-8"?>';
@ -40,12 +48,12 @@ function show($a) {
<h1>Points d'accès</h1>
<ul>
<?
show("$myself/logout");
show("$myself/login");
show("$myself/federate");
show("$myself/login?passive=1");
show(lassospkit_defederation_url($myself));
show(lassospkit_configure_url());
echo lassospkit_datadir() . "<br/>";
show("exemple.php/logout");
show("exemple.php/login");
show("exemple.php/federate");
show("exemple.php/defederate");
show("exemple.php/login?passive=1");
if (isset($_GET['userid'])) {
lassospkit_set_userid($_GET['userid']);
@ -59,11 +67,12 @@ if ($federation) {
lassospkit_set_federation($federation);
}
?>
<li><? echo lassospkit_showCode(var_export($_COOKIE, 1)); ?></li>
<li>NameId: <? echo lassospkit_showCode(var_export($nameid,1)) ?></li>
<li>UserId: <? echo lassospkit_showCode($userid) ?></li>
<li>Error: <? echo lassospkit_showCode($error) ?></li>
<li>Federation: <? echo lassospkit_showCode($federation) ?></li>
<li>Attributes: <? echo lassospkit_showCode(var_export(lassospkit_get_assertion_attributes(),1)); ?></li>
<li>Cookies: <? echo lassospkit_showCode(var_export($_COOKIE, 1)); ?></li>
</ul>
</html>

75
include/lassospkit_endpoints.inc.php
View File

@ -9,6 +9,7 @@ require_once('lassospkit_autopersistentsession.inc.php');
class LassoSPKitEndpoint extends LassoSPKitUrlDispatch {
var $relayState = null;
var $currentHttpMethod;
function LassoSPKitEndpoint() {
$this->addDispatch('/assertionConsumer', 'assertionConsumer');
@ -46,40 +47,53 @@ class LassoSPKitEndpoint extends LassoSPKitUrlDispatch {
exit(1);
}
}
/** Get the profile object, LassoSPKitSaml2 or LassoSPKitLiberty */
function getProfileObject() {
throw new Exception('Not implemented');
}
/** Implementation of an assertion consumer endpoint, it supports
ARTIFACT, POST and GET methods */
function assertionConsumer() {
$ret = 0;
$profile = null;
try {
$profile = $this->getProfileObject();
$http_method = $this->limitMethodBrws($this->identifyHttpMethod());
$query_string = $this->getQueryString($http_method);
$ok = $profile->ssoConsumer($http_method, $query_string);
$this->relayState = $profile->relayState;
return $ok;
} catch (LassoError $e) {
return $e->getCode();
} catch (Exception $e) {
return -1;
}
}
/** Profiles initiés par l'IdP */
function sloBrws() {
$ret = 0;
try {
$profile = $this->getProfileObject();
$http_method = $this->limitMethodBrws($this->identifyHttpMethod());
$query_string = $this->getQueryString($http_method);
$ret = $profile->processRequestSLO($http_method, $query_string);
$ret = $ok;
} catch (LassoError $e) {
$ret = $e->getCode();
} catch (Exception $e) {
$ret = -1;
}
$this->relayState = $profile->relayState;
return $this->handleSso($ret);
}
/** Implementation of a SLO endpoint. It supports
ARTIFACT, GET and POST bindings. */
function sloBrws() {
$ret = 0;
$profile = null;
try {
$profile = $this->getProfileObject();
$http_method = $this->limitMethodBrws($this->identifyHttpMethod());
$query_string = $this->getQueryString($http_method);
$ret = $profile->processRequestSLO($http_method, $query_string);
$this->relayState = $profile->relayState;
} catch (LassoError $e) {
$ret = $e->getCode();
} catch (Exception $e) {
$ret = -1;
}
$this->relayState = $profile->relayState;
return $this->handleSlo($ret);
}
/** Implementation of a SLO endpoint. It supports
the SOAP binding. */
function sloSoap() {
$ret = 0;
$profile = null;
try {
$profile = $this->getProfileObject();
$ret = $profile->processSOAPRequestSLO();
@ -89,11 +103,14 @@ class LassoSPKitEndpoint extends LassoSPKitUrlDispatch {
} catch (Exception $e) {
$ret = -1;
}
$this->relayState = $profile->relayState;
return $this->handleSlo($ret);
}
/** Profiles initiés par le SP */
/** Implementation of the SLO endpoint return when SLO is initiated
by the SP, it supports the POST and GET binding. */
function sloReturn() {
$ret = 0;
$profile = null;
try {
$profile = $this->getProfileObject();
$http_method = $this->limitMethodBrws($this->identifyHttpMethod());
@ -104,23 +121,28 @@ class LassoSPKitEndpoint extends LassoSPKitUrlDispatch {
} catch (Exception $e) {
$ret = -1;
}
$this->relayState = $profile->relayState;
return $this->handlSloReturn($ret);
}
/** Helper function to identify the HTTP method used to access the current
* endpoint */
function identifyHttpMethod() {
$this->currentHttpMethod = -1;
if (isset($_POST) && ( isset($_POST['SAMLResponse']) || isset($_POST['SAMLRequest']))) {
return LASSO_HTTP_METHOD_POST;
$this->currentHttpMethod = LASSO_HTTP_METHOD_POST;
}
if (isset($_GET) && ( isset($_GET['SAMLResponse']) || isset($_GET['SAMLRequest']) )) {
return LASSO_HTTP_METHOD_REDIRECT;
$this->currentHttpMethod = LASSO_HTTP_METHOD_REDIRECT;
}
if (isset($_GET) && ( isset($_GET['SAMLart']))) {
return LASSO_HTTP_METHOD_ARTIFACT_GET;
$this->currentHttpMethod = LASSO_HTTP_METHOD_ARTIFACT_GET;
}
if (isset($_POST) && ( isset($_POST['SAMLart']))) {
return LASSO_HTTP_METHOD_ARTIFACT_POST;
$this->currentHttpMethod = LASSO_HTTP_METHOD_ARTIFACT_POST;
}
return LASSO_HTTP_METHOD_NONE;
return $this->currentHttpMethod;
}
/** Get the query string depending on the used HTTP method */
function getQueryString($http_method) {
switch ($http_method) {
case LASSO_HTTP_METHOD_POST:
@ -144,11 +166,18 @@ class LassoSPKitEndpoint extends LassoSPKitUrlDispatch {
}
return LASSO_HTTP_METHOD_NONE;
}
/** Dummy function to overload to handle the Sso */
function handleSso($ret) {
return $ret;
}
/** Dummy function to overload to handle the IdP
* initiated SLO. */
function handleSlo($ret) {
return $ret;
}
/** Dummy function to overload to handle the return
from the IdP for SP initiated logout. */
function handleSloReturn($ret) {
return $ret;
}
}