auth:ssp
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
auth:ssp [2011-06-06 17:01] – [Configuration] 83.49.108.130 | auth:ssp [Unknown date] (current) – removed - external edit (Unknown date) 127.0.0.1 | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== SimpleSAMLphp Authentication Backend ====== | ||
- | |||
- | This authentication backend deals with a single sign on web authentication system based on [[http:// | ||
- | |||
- | |||
- | ===== Requirements ===== | ||
- | |||
- | * A Service Provider provided by the SimpleSAMLphp application in the same machine of the Dokuwiki installation | ||
- | * An Identity Provider installed on the same machine as the above or on a remote machine | ||
- | * SSL support on the server for production sites | ||
- | * Other requirements are possible depending on the configuration of SimpleSAMLphp | ||
- | |||
- | |||
- | ===== Code ===== | ||
- | |||
- | Save this under .../ | ||
- | |||
- | <code php> | ||
- | <?php | ||
- | /** | ||
- | * SSP. SimpleSAMLphp authentication backend | ||
- | * auth/ | ||
- | * | ||
- | * @author | ||
- | * @license GPL2 http:// | ||
- | * @version 0.1 | ||
- | * @date June 2011 | ||
- | */ | ||
- | |||
- | class auth_ssp extends auth_basic { | ||
- | // declaration of the auth_simple object | ||
- | var $as; | ||
- | |||
- | /** | ||
- | * Constructor. | ||
- | * Sets additional capabilities and config strings | ||
- | */ | ||
- | function auth_ssp() { | ||
- | // we set the features of our authentication backend to TRUE, the base class defaults to FALSE the rest | ||
- | $this-> | ||
- | $this-> | ||
- | $this-> | ||
- | } | ||
- | |||
- | /** | ||
- | * Do external authentication (SSO) | ||
- | * Params are not used | ||
- | */ | ||
- | function trustExternal($user, | ||
- | global $USERINFO; | ||
- | global $conf; | ||
- | |||
- | $sticky ? $sticky = true : $sticky = false; //sanity check | ||
- | |||
- | // loading of simplesamlphp library | ||
- | require_once($conf[' | ||
- | |||
- | // create auth object and use api to require authentication and get attributes | ||
- | $this-> | ||
- | |||
- | // the next line should be discommented to enable guest users (not authenticated) enter DokuWiki, see also documentation | ||
- | # if ($this-> | ||
- | |||
- | $this-> | ||
- | $attrs = $this-> | ||
- | |||
- | // check for valid attributes (not empty) and update USERINFO var from dokuwiki | ||
- | if (!isset($attrs[$conf[' | ||
- | $this-> | ||
- | } | ||
- | $USERINFO[' | ||
- | |||
- | if (!isset($attrs[$conf[' | ||
- | $this-> | ||
- | } | ||
- | $USERINFO[' | ||
- | |||
- | // groups may be empty (by default any user belongs to the user group) don't perform empty check | ||
- | $USERINFO[' | ||
- | |||
- | if (!isset($attrs[$conf[' | ||
- | $this-> | ||
- | } | ||
- | |||
- | // assign user id to the user global information | ||
- | $_SERVER[' | ||
- | |||
- | // assign user id and the data from USERINFO to the DokuWiki session cookie | ||
- | $_SESSION[DOKU_COOKIE][' | ||
- | $_SESSION[DOKU_COOKIE][' | ||
- | |||
- | # } // end if_isAuthenticated() | ||
- | |||
- | return true; | ||
- | } | ||
- | |||
- | /** | ||
- | * exit printing info and logout link | ||
- | * | ||
- | */ | ||
- | function exitMissingAttribute( $attribute ){ | ||
- | // get logout link | ||
- | $url = $this-> | ||
- | $logoutlink = '<a href="' | ||
- | die( $attribute . ' attribute missing from IdP. Please ' . $logoutlink . ' to return to login form' | ||
- | } | ||
- | |||
- | /** | ||
- | * Log off the current user from DokuWiki and IdP | ||
- | * | ||
- | */ | ||
- | function logOff(){ | ||
- | // use the simpleSAMLphp authentication object created in trustExternal to logout | ||
- | $this-> | ||
- | } | ||
- | |||
- | } | ||
- | |||
- | //Setup VIM: ex: et ts=2 enc=utf-8 : | ||
- | </ | ||
- | |||
- | |||
- | ===== Configuration ===== | ||
- | |||
- | ** 1. ** For configuring the SimpleSAMLphp application look at the [[http:// | ||
- | |||
- | ** 2. ** For installing the new backend just save the above code under .../ | ||
- | |||
- | ** 3. ** Add the following lines in your DokuWiki configuration file (local.php): | ||
- | <code php> | ||
- | // use the SimpleSAMLphp backend | ||
- | $conf[' | ||
- | $conf[' | ||
- | |||
- | // path for the simplesamlphp installation root | ||
- | $conf[' | ||
- | |||
- | // configure attribute names to match the ones used by our authentication backend (IdP) | ||
- | $conf[' | ||
- | $conf[' | ||
- | $conf[' | ||
- | $conf[' | ||
- | </ | ||
- | |||
- | ** 4. ** Integrate SimpleSAMLphp and DokuWiki: | ||
- | |||
- | a) By changing SimpleSAMLphp in the default session store type in the config/ | ||
- | Change this line: | ||
- | <code php> | ||
- | ' | ||
- | </ | ||
- | To this: | ||
- | <code php> | ||
- | ' | ||
- | </ | ||
- | |||
- | b) OR by setting in the same file the value ' | ||
- | <code php> | ||
- | ' | ||
- | </ | ||
- | and comment the lines that set the cookie params in the init.php file of DokuWiki, | ||
- | <code php> | ||
- | if (version_compare(PHP_VERSION, | ||
- | // | ||
- | }else{ | ||
- | // | ||
- | </ | ||
- | |||
- | ** 5. (optional) ** | ||
- | Uncomment the lines starting by '#' | ||
- | |||
- | In this case you should also modify the inc/ | ||
- | <code php> | ||
- | // $out .= html_btn(' | ||
- | $as = new SimpleSAML_Auth_Simple(' | ||
- | $link_as = $as-> | ||
- | $out .= '< | ||
- | </ | ||
auth/ssp.1307372490.txt.gz · Last modified: 2011-06-06 17:01 by 83.49.108.130