New login method (saml). Ticket#3393

Conflicts: pandora_console/include/auth/mysql.php
2016-02-17 13:05:22 +01:00 · 2016-02-17 13:05:22 +01:00 · 08569e64e3
parent 4786db20e8
commit 08569e64e3
5 changed files with 28 additions and 4 deletions
--- a/pandora_console/general/login_page.php
+++ b/pandora_console/general/login_page.php
@ -124,6 +124,9 @@ echo '<div id="login_in">';
 				'', 'class="login login_password" placeholder="'.__('Password').'"', false, true);
 			echo '</div>';
 			echo '<div class="login_button">';
+			if ($config['auth'] == 'saml') {
+				html_print_submit_button(__("Login with SAML"), "login_button_saml", false, 'class="sub login_boton"');
+			}
 			html_print_submit_button(__("Login"), "login_button", false, 'class="sub next_login"');
 			echo '</div>';
 			break;
--- a/pandora_console/godmode/setup/setup_auth.php
+++ b/pandora_console/godmode/setup/setup_auth.php
@ -252,8 +252,8 @@ echo '</form>';
 	// Event callback for the auth select
 	function show_selected_rows (event) {
 		var auth_method = $(this).val();
-		
-		if (auth_method !== 'mysql') {
+
+		if ((auth_method !== 'mysql') && (auth_method !== 'saml')) {
 			$('tr.remote').show();
 			show_autocreate_options(null);
 		}
@ -266,8 +266,10 @@ echo '</form>';
 			if (value !== 'mysql')
 				$('tr.' + value).hide();
 		});
+
 		// Show the selected auth method
 		$('tr.' + auth_method).show();
+
 	}
 	
 	// Event callback for the autocreate remote users radio buttons
--- a/pandora_console/include/auth/mysql.php
+++ b/pandora_console/include/auth/mysql.php
@ -248,7 +248,8 @@ function process_user_login_remote ($login, $pass, $api = false) {
 			}
 			else {
 				if ($return === "permissions_changed") {
-					$config["auth_error"] = __("Your permmission have been change. Please, login again");
+					$config["auth_error"] =
+						__("Your permissions have changed. Please, login again.");
 					return false;
 				}
 			}
--- a/pandora_console/include/constants.php
+++ b/pandora_console/include/constants.php
@ -460,4 +460,12 @@ define("OPTION_TREE_GROUP_SELECT",		6);
 define("OPTION_SINGLE_SELECT_TIME",		7);
 define("OPTION_CUSTOM_INPUT",			8);
 define("OPTION_AGENT_AUTOCOMPLETE",		9);
+
+/* SAML attributes constants */
+define("ROLES_AND_TAGS", "urn:mace:rediris.es:entitlement:monitoring:");
+define("USER_DESC", "commonName");
+define("ID_USER_IN_PANDORA", "eduPersonTargetedId");
+define("GROUP_IN_PANDORA", "schacHomeOrganization");
+define("MAIL_IN_PANDORA", "mail");
+
 ?>
--- a/pandora_console/index.php
+++ b/pandora_console/index.php
@ -282,12 +282,17 @@ if (! isset ($config['id_user'])) {
 				exit ("</html>");
 			}
 		}
-		
+		$login_button_saml = get_parameter("login_button_saml", false);
 		if (isset ($double_auth_success) && $double_auth_success) {
 			// This values are true cause there are checked before complete the 2nd auth step
 			$nick_in_db = $_SESSION["prepared_login_da"]['id_user'];
 			$expired_pass = false;
 		}
+		else if (($config['auth'] == 'saml') && $login_button_saml) {
+			include_once(ENTERPRISE_DIR . "/include/auth/saml.php");
+			$saml_user_id = saml_process_user_login();
+			$nick_in_db = $saml_user_id;
+		}
 		else {
 			// process_user_login is a virtual function which should be defined in each auth file.
 			// It accepts username and password. The rest should be internal to the auth file.
@ -496,6 +501,11 @@ if (isset ($_GET["bye"])) {
 	// Unregister Session (compatible with 5.2 and 6.x, old code was deprecated
 	unset($_SESSION['id_usuario']);
 	unset($iduser);
+	if ($config['auth'] == 'saml') {
+		require_once('/opt/simplesamlphp/lib/_autoload.php');
+		$as = new SimpleSAML_Auth_Simple('example-userpass');
+		$as->logout();
+	}
 	while (@ob_end_flush ());
 	exit ("</html>");
 }