<?php
/**
* This file implements an script which can be used to authenticate users with Auth MemCookie.
* See: http://authmemcookie.sourceforge.net/
*
* The configuration for this script is stored in config/authmemcookie.php.
*
* The file extra/auth_memcookie.conf contains an example of how Auth Memcookie can be configured
* to use simpleSAMLphp.
*/
require_once('_include.php');
try {
/* Load simpleSAMLphp configuration. */
$globalConfig = SimpleSAML_Configuration::getInstance();
/* Check if this module is enabled. */
if(!$globalConfig->getBoolean('enable.authmemcookie', FALSE)) {
throw new SimpleSAML_Error_Error('NOACCESS');
}
/* Load Auth MemCookie configuration. */
$amc = SimpleSAML_AuthMemCookie::getInstance();
/* Determine the method we should use to authenticate the user and retrieve the attributes. */
$loginMethod = $amc->getLoginMethod();
switch($loginMethod) {
case 'authsource':
/* The default now. */
$sourceId = $amc->getAuthSource();
$s = new SimpleSAML_Auth_Simple($sourceId);
break;
case 'saml2':
$s = new SimpleSAML_Auth_BWC('saml2/sp/initSSO.php', 'saml2');
break;
case 'shib13':
$s = new SimpleSAML_Auth_BWC('shib13/sp/initSSO.php', 'shib13');
break;
default:
/* Should never happen, as the login method is checked in the AuthMemCookie class. */
throw new Exception('Invalid login method.');
}
/* Check if the user is authorized. We attempt to authenticate the user if not. */
$s->requireAuth();
/* Generate session id and save it in a cookie. */
$sessionID = SimpleSAML_Utilities::generateID();
$cookieName = $amc->getCookieName();
$sessionHandler = SimpleSAML_SessionHandler::getSessionHandler();
$sessionHandler->setCookie($cookieName, $sessionID);
/* Generate the authentication information. */
$attributes = $s->getAttributes();
$authData = array();
/* Username. */
$usernameAttr = $amc->getUsernameAttr();
if(!array_key_exists($usernameAttr, $attributes)) {
throw new Exception('The user doesn\'t have an attribute named \'' . $usernameAttr .
'\'. This attribute is expected to contain the username.');
}
$authData['UserName'] = $attributes[$usernameAttr];
/* Groups. */
$groupsAttr = $amc->getGroupsAttr();
if($groupsAttr !== NULL) {
if(!array_key_exists($groupsAttr, $attributes)) {
throw new Exception('The user doesn\'t have an attribute named \'' . $groupsAttr .
'\'. This attribute is expected to contain the groups the user is a member of.');
}
$authData['Groups'] = $attributes[$groupsAttr];
} else {
$authData['Groups'] = array();
}
$authData['RemoteIP'] = $_SERVER['REMOTE_ADDR'];
foreach($attributes as $n => $v) {
$authData['ATTR_' . $n] = $v;
}
/* Store the authentication data in the memcache server. */
$data = '';
foreach($authData as $n => $v) {
if(is_array($v)) {
$v = implode(':', $v);
}
$data .= $n . '=' . $v . "\r\n";
}
$memcache = $amc->getMemcache();
$expirationTime = $s->getAuthData('Expire');
$memcache->set($sessionID, $data, 0, $expirationTime);
/* Register logout handler. */
$session = SimpleSAML_Session::getSessionFromRequest();
$session->registerLogoutHandler('SimpleSAML_AuthMemCookie', 'logoutHandler');
/* Redirect the user back to this page to signal that the login is completed. */
SimpleSAML_Utilities::redirectTrustedURL(SimpleSAML_Utilities::selfURL());
} catch(Exception $e) {
throw new SimpleSAML_Error_Error('CONFIG', $e);
}
|
Download
