Revert "Revert "New login method (saml). Ticket#3393""

This reverts commit f59665fe4b.
2016-05-18 12:04:52 +02:00 · 2016-05-18 12:04:52 +02:00 · b98056b65a
parent e8b6c8e50a
commit b98056b65a
5 changed files with 32 additions and 5 deletions
--- a/pandora_console/general/login_page.php
+++ b/pandora_console/general/login_page.php
@ -124,7 +124,12 @@ echo '<div id="login_in">';
 				'', 'class="login login_password" placeholder="'.__('Password').'"', false, true);
 			echo '</div>';
 			echo '<div class="login_button">';
-			html_print_submit_button(__("Login"), "login_button", false, 'class="sub next_login"');
+			if ($config['auth'] == 'saml') {
+				html_print_submit_button(__("Login with SAML"), "login_button_saml", false, 'class="sub login_boton"');
+			}
+			else {
+				html_print_submit_button(__("Login"), "login_button", false, 'class="sub next_login"');
+			}
 			echo '</div>';
 			break;
 		case 'logout':
--- a/pandora_console/godmode/setup/setup_auth.php
+++ b/pandora_console/godmode/setup/setup_auth.php
@ -255,12 +255,14 @@ echo '</form>';

 		if (auth_method !== 'mysql') {
 			$('tr.remote').show();
+			if (auth_method == 'saml') {
+				$('tr#table2-autocreate_remote_users').hide();
+			}
 			show_autocreate_options(null);
 		}
 		else {
 			$('tr.remote').hide();
-		}
-		
+		}	
 		// Hide all the auth methods (except mysql)
 		_.each(auth_methods, function(value, key) {
 			if (value !== 'mysql')
--- a/pandora_console/include/auth/mysql.php
+++ b/pandora_console/include/auth/mysql.php
@ -248,7 +248,8 @@ function process_user_login_remote ($login, $pass, $api = false) {
 			}
 			else {
 				if ($return === "permissions_changed") {
-					$config["auth_error"] = __("Your permmission have been change. Please, login again");
+					$config["auth_error"] =
+						__("Your permissions have changed. Please, login again.");
 					return false;
 				}
 			}
--- a/pandora_console/include/constants.php
+++ b/pandora_console/include/constants.php
@ -460,4 +460,13 @@ define("OPTION_TREE_GROUP_SELECT",		6);
 define("OPTION_SINGLE_SELECT_TIME",		7);
 define("OPTION_CUSTOM_INPUT",			8);
 define("OPTION_AGENT_AUTOCOMPLETE",		9);
+
+/* SAML attributes constants */
+define("SAML_ROLE", "urn:mace:rediris.es:entitlement:monitoring:role");
+define("SAML_TAG", "urn:mace:rediris.es:entitlement:monitoring:tag");
+define("USER_DESC", "commonName");
+define("ID_USER_IN_PANDORA", "eduPersonTargetedId");
+define("GROUP_IN_PANDORA", "schacHomeOrganization");
+define("MAIL_IN_PANDORA", "mail");
+
 ?>
--- a/pandora_console/index.php
+++ b/pandora_console/index.php
@ -282,12 +282,22 @@ if (! isset ($config['id_user'])) {
 				exit ("</html>");
 			}
 		}
-		
+		$login_button_saml = get_parameter("login_button_saml", false);
 		if (isset ($double_auth_success) && $double_auth_success) {
 			// This values are true cause there are checked before complete the 2nd auth step
 			$nick_in_db = $_SESSION["prepared_login_da"]['id_user'];
 			$expired_pass = false;
 		}
+		else if (($config['auth'] == 'saml') && $login_button_saml) {
+			if (is_user_admin($nick)) {
+				$nick_in_db = $nick;
+			}
+			else {
+				include_once(ENTERPRISE_DIR . "/include/auth/saml.php");
+				$saml_user_id = saml_process_user_login();
+				$nick_in_db = $saml_user_id;
+			}
+		}
 		else {
 			// process_user_login is a virtual function which should be defined in each auth file.
 			// It accepts username and password. The rest should be internal to the auth file.