Skip to content
Snippets Groups Projects
Commit 06b4d810 authored by Andreas Åkre Solberg's avatar Andreas Åkre Solberg
Browse files

Adding a working version of Radius authentication plugin 

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@14 44740490-163a-0410-bde0-09ae8108e29a
parent 73479678
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
config/config-template.php
+ 9
1
View file @ 06b4d810
...@@ -41,7 +41,15 @@ $config = array ( ...@@ -41,7 +41,15 @@ $config = array (
*/ */
'auth.ldap.dnpattern' => 'uid=%username%,dc=feide,dc=no,ou=feide,dc=uninett,dc=no', 'auth.ldap.dnpattern' => 'uid=%username%,dc=feide,dc=no,ou=feide,dc=uninett,dc=no',
'auth.ldap.hostname' => 'ldap.uninett.no', 'auth.ldap.hostname' => 'ldap.uninett.no',
'auth.ldap.attributes' => 'objectclass=*' 'auth.ldap.attributes' => 'objectclass=*',
/*
* Radius authentication. This is only relevant if you use the Radius authentication plugin.
*/
'auth.radius.hostname' => 'radius.example.org',
'auth.radius.port' => '1812',
'auth.radius.secret' => 'topsecret'
); );
......
www/auth/login-radius.php
+ 42
48
View file @ 06b4d810
<?php <?php
require_once('../../www/_include.php'); require_once('../../www/_include.php');
require_once('SimpleSAML/Utilities.php'); require_once('SimpleSAML/Utilities.php');
require_once('SimpleSAML/Session.php'); require_once('SimpleSAML/Session.php');
require_once('SimpleSAML/XML/MetaDataStore.php'); require_once('SimpleSAML/XML/MetaDataStore.php');
...@@ -25,65 +23,61 @@ $attributes = array(); ...@@ -25,65 +23,61 @@ $attributes = array();
if (isset($_POST['username'])) { if (isset($_POST['username'])) {
$dn = str_replace('%username%', $_POST['username'], $config->getValue('auth.ldap.dnpattern')); try {
$pwd = $_POST['password'];
$ds = ldap_connect($config->getValue('auth.ldap.hostname'));
if ($ds) { $radius = radius_auth_open();
// ( resource $radius_handle, string $hostname, int $port, string $secret, int $timeout, int $max_tries )
if (!ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3)) { if (! radius_add_server($radius, $config->getValue('auth.radius.hostname'), $config->getValue('auth.radius.port'),
echo "Failed to set LDAP Protocol version to 3"; $config->getValue('auth.radius.secret'), 5, 3)) {
exit; throw new Exception('Problem occured when connecting to Radius server: ' . radius_strerror($radius));
} }
/*
if (!ldap_start_tls($ds)) { if (! radius_create_request($radius,RADIUS_ACCESS_REQUEST)) {
echo "Failed to start TLS"; throw new Exception('Problem occured when creating the Radius request: ' . radius_strerror($radius));
exit;
} }
*/
if (!ldap_bind($ds, $dn, $pwd)) { radius_put_attr($radius,RADIUS_USER_NAME,$_POST['username']);
$error = "Bind failed, wrong username or password. Tried with DN=[" . $dn . "] DNPattern=[" . $config->getValue('auth.ldap.dnpattern') . "]"; radius_put_attr($radius,RADIUS_USER_PASSWORD, $_POST['password']);
switch (radius_send_request($radius))
} else { {
$sr = ldap_read($ds, $dn, $config->getValue('auth.ldap.attributes')); case RADIUS_ACCESS_ACCEPT:
$ldapentries = ldap_get_entries($ds, $sr);
// GOOD Login :)
$attributes = array('urn:mace:eduroam.no:username' => array($_POST['username']));
for ($i = 0; $i < $ldapentries[0]['count']; $i++) {
$values = array();
if ($ldapentries[0][$i] == 'jpegphoto') continue;
for ($j = 0; $j < $ldapentries[0][$ldapentries[0][$i]]['count']; $j++) {
$values[] = $ldapentries[0][$ldapentries[0][$i]][$j];
}
$attributes[$ldapentries[0][$i]] = $values; $session->setAuthenticated(true);
} $session->setAttributes($attributes);
$returnto = $_REQUEST['RelayState'];
// generelt ldap_next_entry for flere, men bare ett her header("Location: " . $returnto);
//print_r($ldapentries);
//print_r($attributes); exit(0);
case RADIUS_ACCESS_REJECT:
$session->setAuthenticated(true); throw new Exception('Radius authentication error: Bad credentials ');
$session->setAttributes($attributes); break;
$returnto = $_REQUEST['RelayState']; case RADIUS_ACCESS_CHALLENGE:
header("Location: " . $returnto); throw new Exception('Radius authentication error: Challenge requested');
break;
default:
throw new Exception('Error during radius authentication: ' . radius_strerror($radius));
} }
// ldap_close() om du vil, men frigjoeres naar skriptet slutter
}
} catch (Exception $e) {
$error = $e->getMessage();
}
} }
$t = new SimpleSAML_XHTML_Template($config, 'login.php'); $t = new SimpleSAML_XHTML_Template($config, 'login.php');
$t->data['header'] = 'simpleSAMLphp: Enter username and password'; $t->data['header'] = 'simpleSAMLphp: Enter username and password';
$t->data['requestid'] = $_REQUEST['RequestID']; $t->data['relaystate'] = $_REQUEST['RelayState'];
$t->data['error'] = $error; $t->data['error'] = $error;
if (isset($error)) { if (isset($error)) {
$t->data['username'] = $_POST['username']; $t->data['username'] = $_POST['username'];
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment