From b98056b65a21a2c78bad17492dd0a1041e6a339c Mon Sep 17 00:00:00 2001 From: Arturo Gonzalez Date: Wed, 18 May 2016 12:04:52 +0200 Subject: [PATCH] Revert "Revert "New login method (saml). Ticket#3393"" This reverts commit f59665fe4bdc5bad2bfe7072f2f1fef33fcc1afe. --- pandora_console/general/login_page.php | 7 ++++++- pandora_console/godmode/setup/setup_auth.php | 6 ++++-- pandora_console/include/auth/mysql.php | 3 ++- pandora_console/include/constants.php | 9 +++++++++ pandora_console/index.php | 12 +++++++++++- 5 files changed, 32 insertions(+), 5 deletions(-) diff --git a/pandora_console/general/login_page.php b/pandora_console/general/login_page.php index 43d3d0a82b..fcfd3e5607 100755 --- a/pandora_console/general/login_page.php +++ b/pandora_console/general/login_page.php @@ -124,7 +124,12 @@ echo '
'; '', 'class="login login_password" placeholder="'.__('Password').'"', false, true); echo '
'; echo '
'; - html_print_submit_button(__("Login"), "login_button", false, 'class="sub next_login"'); + if ($config['auth'] == 'saml') { + html_print_submit_button(__("Login with SAML"), "login_button_saml", false, 'class="sub login_boton"'); + } + else { + html_print_submit_button(__("Login"), "login_button", false, 'class="sub next_login"'); + } echo '
'; break; case 'logout': diff --git a/pandora_console/godmode/setup/setup_auth.php b/pandora_console/godmode/setup/setup_auth.php index 58ee2ef332..47adec0ef7 100644 --- a/pandora_console/godmode/setup/setup_auth.php +++ b/pandora_console/godmode/setup/setup_auth.php @@ -255,12 +255,14 @@ echo ''; if (auth_method !== 'mysql') { $('tr.remote').show(); + if (auth_method == 'saml') { + $('tr#table2-autocreate_remote_users').hide(); + } show_autocreate_options(null); } else { $('tr.remote').hide(); - } - + } // Hide all the auth methods (except mysql) _.each(auth_methods, function(value, key) { if (value !== 'mysql') diff --git a/pandora_console/include/auth/mysql.php b/pandora_console/include/auth/mysql.php index d443f5c024..f8942581fe 100644 --- a/pandora_console/include/auth/mysql.php +++ b/pandora_console/include/auth/mysql.php @@ -248,7 +248,8 @@ function process_user_login_remote ($login, $pass, $api = false) { } else { if ($return === "permissions_changed") { - $config["auth_error"] = __("Your permmission have been change. Please, login again"); + $config["auth_error"] = + __("Your permissions have changed. Please, login again."); return false; } } diff --git a/pandora_console/include/constants.php b/pandora_console/include/constants.php index dd6d1ec41e..45952fbd52 100644 --- a/pandora_console/include/constants.php +++ b/pandora_console/include/constants.php @@ -460,4 +460,13 @@ define("OPTION_TREE_GROUP_SELECT", 6); define("OPTION_SINGLE_SELECT_TIME", 7); define("OPTION_CUSTOM_INPUT", 8); define("OPTION_AGENT_AUTOCOMPLETE", 9); + +/* SAML attributes constants */ +define("SAML_ROLE", "urn:mace:rediris.es:entitlement:monitoring:role"); +define("SAML_TAG", "urn:mace:rediris.es:entitlement:monitoring:tag"); +define("USER_DESC", "commonName"); +define("ID_USER_IN_PANDORA", "eduPersonTargetedId"); +define("GROUP_IN_PANDORA", "schacHomeOrganization"); +define("MAIL_IN_PANDORA", "mail"); + ?> diff --git a/pandora_console/index.php b/pandora_console/index.php index df4d864265..4bd92a645f 100755 --- a/pandora_console/index.php +++ b/pandora_console/index.php @@ -282,12 +282,22 @@ if (! isset ($config['id_user'])) { exit (""); } } - + $login_button_saml = get_parameter("login_button_saml", false); if (isset ($double_auth_success) && $double_auth_success) { // This values are true cause there are checked before complete the 2nd auth step $nick_in_db = $_SESSION["prepared_login_da"]['id_user']; $expired_pass = false; } + else if (($config['auth'] == 'saml') && $login_button_saml) { + if (is_user_admin($nick)) { + $nick_in_db = $nick; + } + else { + include_once(ENTERPRISE_DIR . "/include/auth/saml.php"); + $saml_user_id = saml_process_user_login(); + $nick_in_db = $saml_user_id; + } + } else { // process_user_login is a virtual function which should be defined in each auth file. // It accepts username and password. The rest should be internal to the auth file.