mirror of
https://github.com/pandorafms/pandorafms.git
synced 2025-07-28 08:14:38 +02:00
New login method (saml). Ticket#3393
This commit is contained in:
Arturo Gonzalez
parent
d912f033c8
commit
a3a38c9bb6
@ -124,6 +124,9 @@ echo '<div id="login_in">';
|
|||||||
'', 'class="login login_password" placeholder="'.__('Password').'"', false, true);
|
'', 'class="login login_password" placeholder="'.__('Password').'"', false, true);
|
||||||
echo '</div>';
|
echo '</div>';
|
||||||
echo '<div class="login_button">';
|
echo '<div class="login_button">';
|
||||||
|
if ($config['auth'] == 'saml') {
|
||||||
|
html_print_submit_button(__("Login with SAML"), "login_button_saml", false, 'class="sub login_boton"');
|
||||||
|
}
|
||||||
html_print_submit_button(__("Login"), "login_button", false, 'class="sub next_login"');
|
html_print_submit_button(__("Login"), "login_button", false, 'class="sub next_login"');
|
||||||
echo '</div>';
|
echo '</div>';
|
||||||
break;
|
break;
|
||||||
|
|||||||
@ -253,7 +253,7 @@ echo '</form>';
|
|||||||
function show_selected_rows (event) {
|
function show_selected_rows (event) {
|
||||||
var auth_method = $(this).val();
|
var auth_method = $(this).val();
|
||||||
|
|
||||||
if (auth_method !== 'mysql') {
|
if ((auth_method !== 'mysql') && (auth_method !== 'saml')) {
|
||||||
$('tr.remote').show();
|
$('tr.remote').show();
|
||||||
show_autocreate_options(null);
|
show_autocreate_options(null);
|
||||||
}
|
}
|
||||||
@ -266,8 +266,10 @@ echo '</form>';
|
|||||||
if (value !== 'mysql')
|
if (value !== 'mysql')
|
||||||
$('tr.' + value).hide();
|
$('tr.' + value).hide();
|
||||||
});
|
});
|
||||||
|
|
||||||
// Show the selected auth method
|
// Show the selected auth method
|
||||||
$('tr.' + auth_method).show();
|
$('tr.' + auth_method).show();
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// Event callback for the autocreate remote users radio buttons
|
// Event callback for the autocreate remote users radio buttons
|
||||||
|
|||||||
@ -538,8 +538,7 @@ function update_user_password ($user, $password_new) {
|
|||||||
$config['rpandora_dbname'], $config['rpandora_user'],
|
$config['rpandora_dbname'], $config['rpandora_user'],
|
||||||
$config['rpandora_pass']);
|
$config['rpandora_pass']);
|
||||||
$remote_pass_update = db_process_sql ($sql, 'affected_rows', $connection);
|
$remote_pass_update = db_process_sql ($sql, 'affected_rows', $connection);
|
||||||
html_debug_print($remote_pass_update, true);
|
|
||||||
html_debug_print($sql, true);
|
|
||||||
if (!$remote_pass_update) {
|
if (!$remote_pass_update) {
|
||||||
$config["auth_error"] = __('Could not changes password on remote pandora');
|
$config["auth_error"] = __('Could not changes password on remote pandora');
|
||||||
return false;
|
return false;
|
||||||
|
|||||||
@ -460,4 +460,12 @@ define("OPTION_TREE_GROUP_SELECT", 6);
|
|||||||
define("OPTION_SINGLE_SELECT_TIME", 7);
|
define("OPTION_SINGLE_SELECT_TIME", 7);
|
||||||
define("OPTION_CUSTOM_INPUT", 8);
|
define("OPTION_CUSTOM_INPUT", 8);
|
||||||
define("OPTION_AGENT_AUTOCOMPLETE", 9);
|
define("OPTION_AGENT_AUTOCOMPLETE", 9);
|
||||||
|
|
||||||
|
/* SAML attributes constants */
|
||||||
|
define("ROLES_AND_TAGS", "urn:mace:rediris.es:entitlement:monitoring:");
|
||||||
|
define("USER_DESC", "commonName");
|
||||||
|
define("ID_USER_IN_PANDORA", "eduPersonTargetedId");
|
||||||
|
define("GROUP_IN_PANDORA", "schacHomeOrganization");
|
||||||
|
define("MAIL_IN_PANDORA", "mail");
|
||||||
|
|
||||||
?>
|
?>
|
||||||
|
|||||||
@ -282,12 +282,17 @@ if (! isset ($config['id_user'])) {
|
|||||||
exit ("</html>");
|
exit ("</html>");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
$login_button_saml = get_parameter("login_button_saml", false);
|
||||||
if (isset ($double_auth_success) && $double_auth_success) {
|
if (isset ($double_auth_success) && $double_auth_success) {
|
||||||
// This values are true cause there are checked before complete the 2nd auth step
|
// This values are true cause there are checked before complete the 2nd auth step
|
||||||
$nick_in_db = $_SESSION["prepared_login_da"]['id_user'];
|
$nick_in_db = $_SESSION["prepared_login_da"]['id_user'];
|
||||||
$expired_pass = false;
|
$expired_pass = false;
|
||||||
}
|
}
|
||||||
|
else if (($config['auth'] == 'saml') && $login_button_saml) {
|
||||||
|
include_once(ENTERPRISE_DIR . "/include/auth/saml.php");
|
||||||
|
$saml_user_id = saml_process_user_login();
|
||||||
|
$nick_in_db = $saml_user_id;
|
||||||
|
}
|
||||||
else {
|
else {
|
||||||
// process_user_login is a virtual function which should be defined in each auth file.
|
// process_user_login is a virtual function which should be defined in each auth file.
|
||||||
// It accepts username and password. The rest should be internal to the auth file.
|
// It accepts username and password. The rest should be internal to the auth file.
|
||||||
@ -496,6 +501,11 @@ if (isset ($_GET["bye"])) {
|
|||||||
// Unregister Session (compatible with 5.2 and 6.x, old code was deprecated
|
// Unregister Session (compatible with 5.2 and 6.x, old code was deprecated
|
||||||
unset($_SESSION['id_usuario']);
|
unset($_SESSION['id_usuario']);
|
||||||
unset($iduser);
|
unset($iduser);
|
||||||
|
if ($config['auth'] == 'saml') {
|
||||||
|
require_once('/opt/simplesamlphp/lib/_autoload.php');
|
||||||
|
$as = new SimpleSAML_Auth_Simple('example-userpass');
|
||||||
|
$as->logout();
|
||||||
|
}
|
||||||
while (@ob_end_flush ());
|
while (@ob_end_flush ());
|
||||||
exit ("</html>");
|
exit ("</html>");
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user