auth:ssp
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
auth:ssp [2011-06-03 20:18] – [Configuration] 83.49.110.247 | auth:ssp [2013-01-14 01:07] – [Code] 2001:638:904:ffd0:25b2:71e7:e527:f807 | ||
---|---|---|---|
Line 19: | Line 19: | ||
<?php | <?php | ||
/** | /** | ||
- | * SimpleSAMLphp authentication backend | + | |
* auth/ | * auth/ | ||
* | * | ||
- | * @author | + | * @author |
* @license GPL2 http:// | * @license GPL2 http:// | ||
- | * @version 0.1 | + | * @version 0.2 |
- | * @date | + | * @date |
*/ | */ | ||
+ | |||
class auth_ssp extends auth_basic { | class auth_ssp extends auth_basic { | ||
+ | var $users = null; | ||
// declaration of the auth_simple object | // declaration of the auth_simple object | ||
var $as; | var $as; | ||
+ | |||
/** | /** | ||
* Constructor. | * Constructor. | ||
Line 41: | Line 42: | ||
$this-> | $this-> | ||
$this-> | $this-> | ||
+ | } | ||
+ | |||
+ | /** | ||
+ | * Return user info (copy from plain.class.php) | ||
+ | * | ||
+ | * Returns info about the given user needs to contain | ||
+ | * at least these fields: | ||
+ | * | ||
+ | * name string | ||
+ | * mail string | ||
+ | * grps array list of groups the user is in | ||
+ | * | ||
+ | * @author | ||
+ | */ | ||
+ | function getUserData($user){ | ||
+ | |||
+ | if($this-> | ||
+ | return isset($this-> | ||
+ | } | ||
+ | |||
+ | /** | ||
+ | * Load all user data (modified copy from plain.class.php) | ||
+ | * | ||
+ | * loads the user file into a datastructure | ||
+ | * | ||
+ | * @author | ||
+ | */ | ||
+ | function _loadUserData(){ | ||
+ | global $conf; | ||
+ | |||
+ | $this-> | ||
+ | |||
+ | if(!@file_exists($conf[' | ||
+ | |||
+ | $lines = file($conf[' | ||
+ | foreach($lines as $line){ | ||
+ | $line = preg_replace('/# | ||
+ | $line = trim($line); | ||
+ | if(empty($line)) continue; | ||
+ | |||
+ | $row = explode(":", | ||
+ | $groups = array_values(array_filter(explode(",", | ||
+ | |||
+ | $this-> | ||
+ | $this-> | ||
+ | $this-> | ||
+ | } | ||
+ | } | ||
+ | | ||
+ | /** | ||
+ | * Save user data | ||
+ | * | ||
+ | * saves the user file into a datastructure | ||
+ | * | ||
+ | * @author | ||
+ | */ | ||
+ | function _saveUserData($username, | ||
+ | global $conf; | ||
+ | |||
+ | if ($this-> | ||
+ | $pattern = '/ | ||
+ | | ||
+ | // Delete old line from users file | ||
+ | if (!io_deleteFromFile($conf[' | ||
+ | msg(' | ||
+ | return false; | ||
+ | } | ||
+ | $groups = join(',', | ||
+ | $userline = join(':', | ||
+ | // Save new line into users file | ||
+ | if (!io_saveFile($conf[' | ||
+ | msg(' | ||
+ | return false; | ||
+ | } | ||
+ | $this-> | ||
+ | return true; | ||
} | } | ||
Line 50: | Line 127: | ||
global $USERINFO; | global $USERINFO; | ||
global $conf; | global $conf; | ||
+ | |||
$sticky ? $sticky = true : $sticky = false; //sanity check | $sticky ? $sticky = true : $sticky = false; //sanity check | ||
+ | |||
// loading of simplesamlphp library | // loading of simplesamlphp library | ||
require_once($conf[' | require_once($conf[' | ||
+ | |||
// create auth object and use api to require authentication and get attributes | // create auth object and use api to require authentication and get attributes | ||
$this-> | $this-> | ||
+ | |||
// the next line should be discommented to enable guest users (not authenticated) enter DokuWiki, see also documentation | // the next line should be discommented to enable guest users (not authenticated) enter DokuWiki, see also documentation | ||
# if ($this-> | # if ($this-> | ||
Line 64: | Line 141: | ||
$this-> | $this-> | ||
$attrs = $this-> | $attrs = $this-> | ||
+ | |||
// check for valid attributes (not empty) and update USERINFO var from dokuwiki | // check for valid attributes (not empty) and update USERINFO var from dokuwiki | ||
if (!isset($attrs[$conf[' | if (!isset($attrs[$conf[' | ||
Line 70: | Line 147: | ||
} | } | ||
$USERINFO[' | $USERINFO[' | ||
+ | |||
if (!isset($attrs[$conf[' | if (!isset($attrs[$conf[' | ||
$this-> | $this-> | ||
} | } | ||
$USERINFO[' | $USERINFO[' | ||
+ | |||
// groups may be empty (by default any user belongs to the user group) don't perform empty check | // groups may be empty (by default any user belongs to the user group) don't perform empty check | ||
$USERINFO[' | $USERINFO[' | ||
+ | |||
if (!isset($attrs[$conf[' | if (!isset($attrs[$conf[' | ||
$this-> | $this-> | ||
} | } | ||
- | + | ||
+ | // save user info | ||
+ | if (!$this-> | ||
+ | return false; | ||
+ | } | ||
+ | |||
// assign user id to the user global information | // assign user id to the user global information | ||
$_SERVER[' | $_SERVER[' | ||
+ | |||
// assign user id and the data from USERINFO to the DokuWiki session cookie | // assign user id and the data from USERINFO to the DokuWiki session cookie | ||
$_SESSION[DOKU_COOKIE][' | $_SESSION[DOKU_COOKIE][' | ||
$_SESSION[DOKU_COOKIE][' | $_SESSION[DOKU_COOKIE][' | ||
+ | |||
# } // end if_isAuthenticated() | # } // end if_isAuthenticated() | ||
return true; | return true; | ||
} | } | ||
+ | |||
/** | /** | ||
* exit printing info and logout link | * exit printing info and logout link | ||
Line 105: | Line 187: | ||
die( $attribute . ' attribute missing from IdP. Please ' . $logoutlink . ' to return to login form' | die( $attribute . ' attribute missing from IdP. Please ' . $logoutlink . ' to return to login form' | ||
} | } | ||
+ | |||
/** | /** | ||
* Log off the current user from DokuWiki and IdP | * Log off the current user from DokuWiki and IdP | ||
Line 112: | Line 194: | ||
function logOff(){ | function logOff(){ | ||
// use the simpleSAMLphp authentication object created in trustExternal to logout | // use the simpleSAMLphp authentication object created in trustExternal to logout | ||
- | $this-> | + | |
+ | | ||
} | } | ||
+ | |||
} | } | ||
+ | |||
//Setup VIM: ex: et ts=2 enc=utf-8 : | //Setup VIM: ex: et ts=2 enc=utf-8 : | ||
</ | </ | ||
Line 123: | Line 206: | ||
===== Configuration ===== | ===== Configuration ===== | ||
- | == 1. == For configuring the SimpleSAMLphp application look at the [[http:// | + | ** 1. ** For configuring the SimpleSAMLphp application look at the [[http:// |
- | == 2. == For installing the new backend just save the above code under .../ | + | ** 2. ** For installing the new backend just save the above code under .../ |
- | == 3. == Add the following lines in your DokuWiki configuration file (local.php): | + | ** 3. ** Add the following lines in your DokuWiki configuration file (local.php): |
<code php> | <code php> | ||
// use the SimpleSAMLphp backend | // use the SimpleSAMLphp backend | ||
Line 135: | Line 218: | ||
// path for the simplesamlphp installation root | // path for the simplesamlphp installation root | ||
$conf[' | $conf[' | ||
+ | |||
+ | // username to save user details | ||
+ | $conf[' | ||
// configure attribute names to match the ones used by our authentication backend (IdP) | // configure attribute names to match the ones used by our authentication backend (IdP) | ||
Line 143: | Line 229: | ||
</ | </ | ||
- | == 4. == Integrate SimpleSAMLphp and DokuWiki: | + | ** 4. ** Integrate SimpleSAMLphp and DokuWiki: |
a) By changing SimpleSAMLphp in the default session store type in the config/ | a) By changing SimpleSAMLphp in the default session store type in the config/ | ||
Change this line: | Change this line: | ||
<code php> | <code php> | ||
- | ' | + | ' |
</ | </ | ||
To this: | To this: | ||
<code php> | <code php> | ||
- | ' | + | ' |
</ | </ | ||
Line 167: | Line 253: | ||
</ | </ | ||
- | == 5. (optional) | + | ** 5. (optional) |
- | Comment out the lines starting by '#' | + | Uncomment |
In this case you should also modify the inc/ | In this case you should also modify the inc/ |