DokuWiki

It's better when it's simple

User Tools

Site Tools

Trace:
auth:ssp

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Next revisionBoth sides next revision
auth:ssp [2011-06-03 20:18] – [Configuration] 83.49.110.247auth:ssp [2012-04-12 12:48] – Upgrade class to remember user details for later use (subscriptions) 195.113.126.213
Line 19: Line 19:
 <?php <?php
 /** /**
- * SimpleSAMLphp authentication backend+ SSP. SimpleSAMLphp authentication backend
  * auth/ssp.class.php  * auth/ssp.class.php
  *  *
- * @author  Jorge Hervás <jordihv@gmail.com>+ * @author  Jorge Hervás <jordihv@gmail.com>, Lukas Slansky <lukas.slansky@upce.cz>
  * @license GPL2 http://www.gnu.org/licenses/gpl.html  * @license GPL2 http://www.gnu.org/licenses/gpl.html
- * @version 0.1 + * @version 0.2 
- * @date    June 2011+ * @date    April 2012
  */  */
 + 
 class auth_ssp extends auth_basic { class auth_ssp extends auth_basic {
 +  var $users = null;
   // declaration of the auth_simple object    // declaration of the auth_simple object 
   var $as;   var $as;
 + 
   /**   /**
    * Constructor.    * Constructor.
Line 41: Line 42:
     $this->cando['logoff'  = true;     $this->cando['logoff'  = true;
     $this->success = true;     $this->success = true;
 +  }
 + 
 +  /**
 +   * Return user info (copy from plain.class.php)
 +   *
 +   * Returns info about the given user needs to contain
 +   * at least these fields:
 +   *
 +   * name string  full name of the user
 +   * mail string  email addres of the user
 +   * grps array   list of groups the user is in
 +   *
 +   * @author  Lukas Slansky <lukas.slansky@upce.cz>
 +   */
 +  function getUserData($user){
 +
 +    if($this->users === null) $this->_loadUserData();
 +    return isset($this->users[$user]) ? $this->users[$user] : false;
 +  }
 +
 +  /**
 +   * Load all user data (modified copy from plain.class.php)
 +   *
 +   * loads the user file into a datastructure
 +   *
 +   * @author  Lukas Slansky <lukas.slansky@upce.cz>
 +   */
 +  function _loadUserData(){
 +    global $conf;
 +
 +    $this->users = array();
 +
 +    if(!@file_exists($conf['ssp_usersfile'])) return;
 +
 +    $lines = file($conf['ssp_usersfile']);
 +    foreach($lines as $line){
 +      $line = preg_replace('/#.*$/','',$line); //ignore comments
 +      $line = trim($line);
 +      if(empty($line)) continue;
 +
 +      $row    = explode(":",$line,5);
 +      $groups = array_values(array_filter(explode(",",$row[3])));
 +
 +      $this->users[$row[0]]['name'] = urldecode($row[1]);
 +      $this->users[$row[0]]['mail'] = $row[2];
 +      $this->users[$row[0]]['grps'] = $groups;
 +    }
 +  }
 +  
 +  /**
 +   * Save user data
 +   *
 +   * saves the user file into a datastructure
 +   *
 +   * @author  Lukas Slansky <lukas.slansky@upce.cz>
 +   */
 +  function _saveUserData($username, $userinfo) {
 +    global $conf;
 +
 +    if ($this->users === null) $this->_loadUserData();
 +    $pattern = '/^' . $username . ':/';
 +    
 +    // Delete old line from users file
 +    if (!io_deleteFromFile($conf['ssp_usersfile'], $pattern, true)) {
 +      msg('Error saving user data (1)', -1);
 +      return false;
 +    }
 +    $groups = join(',',$userinfo['grps']);
 +    $userline = join(':',array($username, $userinfo['name'], $userinfo['mail'], $groups))."\n";
 +    // Save new line into users file
 +    if (!io_saveFile($conf['ssp_usersfile'], $userline, true)) {
 +      msg('Error saving user data (2)', -1);
 +      return false;
 +    }
 +    $this->users[$username] = $userinfo;
 +    return true;
   }   }
  
Line 50: Line 127:
     global $USERINFO;     global $USERINFO;
     global $conf;     global $conf;
 + 
     $sticky ? $sticky = true : $sticky = false; //sanity check     $sticky ? $sticky = true : $sticky = false; //sanity check
 + 
     // loading of simplesamlphp library     // loading of simplesamlphp library
     require_once($conf['ssp_path'] . '/lib/_autoload.php');     require_once($conf['ssp_path'] . '/lib/_autoload.php');
 + 
     // create auth object and use api to require authentication and get attributes     // create auth object and use api to require authentication and get attributes
     $this->as = new SimpleSAML_Auth_Simple('default-sp');     $this->as = new SimpleSAML_Auth_Simple('default-sp');
 + 
     // the next line should be discommented to enable guest users (not authenticated) enter DokuWiki, see also documentation     // the next line should be discommented to enable guest users (not authenticated) enter DokuWiki, see also documentation
     # if ($this->as->isAuthenticated()) {     # if ($this->as->isAuthenticated()) {
Line 64: Line 141:
     $this->as->requireAuth();     $this->as->requireAuth();
     $attrs = $this->as->getAttributes();     $attrs = $this->as->getAttributes();
 + 
     // check for valid attributes (not empty) and update USERINFO var from dokuwiki     // check for valid attributes (not empty) and update USERINFO var from dokuwiki
     if (!isset($attrs[$conf['ssp_attr_name']][0])) {     if (!isset($attrs[$conf['ssp_attr_name']][0])) {
Line 70: Line 147:
     }     }
     $USERINFO['name'] = $attrs[$conf['ssp_attr_name']][0];     $USERINFO['name'] = $attrs[$conf['ssp_attr_name']][0];
 + 
     if (!isset($attrs[$conf['ssp_attr_mail']][0])) {     if (!isset($attrs[$conf['ssp_attr_mail']][0])) {
       $this->exitMissingAttribute('Mail');       $this->exitMissingAttribute('Mail');
     }     }
     $USERINFO['mail'] = $attrs[$conf['ssp_attr_mail']][0];     $USERINFO['mail'] = $attrs[$conf['ssp_attr_mail']][0];
 + 
     // groups may be empty (by default any user belongs to the user group) don't perform empty check     // groups may be empty (by default any user belongs to the user group) don't perform empty check
     $USERINFO['grps'] = $attrs[$conf['ssp_attr_grps']];     $USERINFO['grps'] = $attrs[$conf['ssp_attr_grps']];
 + 
     if (!isset($attrs[$conf['ssp_attr_user']][0])) {     if (!isset($attrs[$conf['ssp_attr_user']][0])) {
       $this->exitMissingAttribute('User');       $this->exitMissingAttribute('User');
     }     }
-   +  
 +    // save user info 
 +    if (!$this->_saveUserData($attrs[$conf['ssp_attr_user']][0], $USERINFO)) { 
 +      return false; 
 +    } 
 + 
     // assign user id to the user global information     // assign user id to the user global information
     $_SERVER['REMOTE_USER'] = $attrs[$conf['ssp_attr_user']][0];     $_SERVER['REMOTE_USER'] = $attrs[$conf['ssp_attr_user']][0];
 + 
     // assign user id and the data from USERINFO to the DokuWiki session cookie     // assign user id and the data from USERINFO to the DokuWiki session cookie
     $_SESSION[DOKU_COOKIE]['auth']['user'] = $attrs[$conf['ssp_attr_user']][0];     $_SESSION[DOKU_COOKIE]['auth']['user'] = $attrs[$conf['ssp_attr_user']][0];
     $_SESSION[DOKU_COOKIE]['auth']['info'] = $USERINFO;     $_SESSION[DOKU_COOKIE]['auth']['info'] = $USERINFO;
 + 
     # } // end if_isAuthenticated()     # } // end if_isAuthenticated()
  
     return true;     return true;
   }   }
 + 
   /**   /**
    * exit printing info and logout link    * exit printing info and logout link
Line 105: Line 187:
     die( $attribute . ' attribute missing from IdP. Please ' . $logoutlink . ' to return to login form');     die( $attribute . ' attribute missing from IdP. Please ' . $logoutlink . ' to return to login form');
   }   }
 + 
   /**   /**
    * Log off the current user from DokuWiki and IdP    * Log off the current user from DokuWiki and IdP
Line 114: Line 196:
     $this->as->logout('/');     $this->as->logout('/');
   }   }
 + 
 } }
 + 
 //Setup VIM: ex: et ts=2 enc=utf-8 : //Setup VIM: ex: et ts=2 enc=utf-8 :
 </code> </code>
Line 123: Line 205:
 ===== Configuration ===== ===== Configuration =====
  
-== 1. == For configuring the SimpleSAMLphp application look at the [[http://simplesamlphp.org/docs/1.8/|online documentation]] of the project +** 1. ** For configuring the SimpleSAMLphp application look at the [[http://simplesamlphp.org/docs/1.8/|online documentation]] of the project 
  
-== 2. == For installing the new backend just save the above code under .../dokuwiki/inc/auth/ssp.class.php +** 2. ** For installing the new backend just save the above code under .../dokuwiki/inc/auth/ssp.class.php 
  
-== 3. == Add the following lines in your DokuWiki configuration file (local.php): +** 3. ** Add the following lines in your DokuWiki configuration file (local.php): 
 <code php> <code php>
 // use the SimpleSAMLphp backend // use the SimpleSAMLphp backend
Line 135: Line 217:
 // path for the simplesamlphp installation root // path for the simplesamlphp installation root
 $conf['ssp_path'] = '/var/simplesamlphp'; $conf['ssp_path'] = '/var/simplesamlphp';
 +
 +// username to save user details
 +$conf['ssp_usersfile'] = $conf['savedir'] . '/users.ssp.php';
  
 // configure attribute names to match the ones used by our authentication backend (IdP) // configure attribute names to match the ones used by our authentication backend (IdP)
Line 143: Line 228:
 </code> </code>
  
-== 4. == Integrate SimpleSAMLphp and DokuWiki: +** 4. ** Integrate SimpleSAMLphp and DokuWiki: 
  
 a) By changing SimpleSAMLphp in the default session store type in the config/config.php file: a) By changing SimpleSAMLphp in the default session store type in the config/config.php file:
 Change this line:  Change this line: 
 <code php> <code php>
- 'store.type' => 'phpsession'+'store.type' => 'phpsession'
 </code> </code>
 To this: To this:
 <code php> <code php>
- 'store.type' => 'memcache'+'store.type' => 'memcache'
 </code> </code>
  
Line 167: Line 252:
 </code> </code>
  
-== 5. (optional) == +** 5. (optional) ** 
-Comment out the lines starting by '#' in the authentication backend to allow guest users visit the site without requiring user and password credentials+Uncomment the lines starting by '#' in the authentication backend to allow guest users visit the site without requiring user and password credentials
  
 In this case you should also modify the inc/template.php file to correct the behaviour of the login button, redirecting it to the IdP login form In this case you should also modify the inc/template.php file to correct the behaviour of the login button, redirecting it to the IdP login form
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki

Global DokuWiki Links