From 1a22ece479f09ff3b017646269da944c017560e3 Mon Sep 17 00:00:00 2001
From: Mads Freek Petersen <freek@wayf.dk>
Date: Tue, 22 Apr 2008 22:25:08 +0000
Subject: [PATCH] Addes ldap login module from wayf.dk
git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@510 44740490-163a-0410-bde0-09ae8108e29a
---
www/auth/login-wayf-ldap.php | 85 ++++++++++++++++++++++++++++++++++++
1 file changed, 85 insertions(+)
create mode 100755 www/auth/login-wayf-ldap.php
diff --git a/www/auth/login-wayf-ldap.php b/www/auth/login-wayf-ldap.php
new file mode 100755
index 000000000..b631aee6a
--- /dev/null
+++ b/www/auth/login-wayf-ldap.php
@@ -0,0 +1,85 @@
+<?php
+
+/**
+ * This file is part of SimpleSAMLphp. See the file COPYING in the
+ * root of the distribution for licence information.
+ *
+ * This file implements authentication of users using CAS.
+ *
+ * @author Mads Freek, RUC.
+ * @package simpleSAMLphp
+ * @version $Id$
+ */
+
+require_once('../../www/_include.php');
+require_once((isset($SIMPLESAML_INCPREFIX)?$SIMPLESAML_INCPREFIX:'') . 'SimpleSAML/Utilities.php');
+require_once((isset($SIMPLESAML_INCPREFIX)?$SIMPLESAML_INCPREFIX:'') . 'SimpleSAML/Session.php');
+require_once((isset($SIMPLESAML_INCPREFIX)?$SIMPLESAML_INCPREFIX:'') . 'SimpleSAML/Auth/LDAP.php');
+require_once((isset($SIMPLESAML_INCPREFIX)?$SIMPLESAML_INCPREFIX:'') . 'SimpleSAML/Metadata/MetaDataStorageHandler.php');
+
+
+$config = SimpleSAML_Configuration::getInstance();
+$session = SimpleSAML_Session::getInstance(TRUE);
+
+try {
+ $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
+ // TODO: Make this authentication module independent from SAML 2.0
+ $idpentityid = $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted');
+
+ $ldapconfigfile = $config->getBaseDir() . 'config/cas-ldap.php';
+ require_once($ldapconfigfile);
+
+ if (!array_key_exists($idpentityid, $casldapconfig)) {
+ throw new Exception('No LDAP authentication configuration for this SAML 2.0 entity ID [' . $idpentityid . ']');
+ }
+
+ $ldapconfig = $casldapconfig[$idpentityid]['ldap'];
+
+} catch (Exception $exception) {
+ SimpleSAML_Utilities::fatalError($session->getTrackID(), 'METADATA', $exception);
+}
+
+/*
+ * Load the RelayState argument. The RelayState argument contains the address
+ * we should redirect the user to after a successful authentication.
+ */
+if (!array_key_exists('RelayState', $_REQUEST)) {
+ SimpleSAML_Utilities::fatalError($session->getTrackID(), 'NORELAYSTATE');
+}
+
+$relaystate = $_REQUEST['RelayState'];
+
+if ($username = $_POST['username']) {
+ try {
+ $ldap = new SimpleSAML_Auth_LDAP($ldapconfig['servers'], $ldapconfig['enable_tls']);
+
+ $attributes = $ldap->validate($ldapconfig, $username, $_POST['password']);
+
+ if ($attributes === FALSE) {
+ $error = "LDAP_INVALID_CREDENTIALS";
+ } else {
+ $session->setAuthenticated(true, 'login-wayf-ldap');
+ $session->setAttributes($attributes);
+
+ $session->setNameID(array(
+ 'value' => SimpleSAML_Utilities::generateID(),
+ 'Format' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'));
+ SimpleSAML_Utilities::redirect($relaystate);
+ }
+ } catch(Exception $e) {
+ SimpleSAML_Utilities::fatalError($session->getTrackID(), 'LDAPERROR', $e);
+ }
+}
+
+$t = new SimpleSAML_XHTML_Template($config, $ldapconfig['template']);
+
+$t->data['header'] = 'simpleSAMLphp: Enter username and password';
+$t->data['relaystate'] = htmlspecialchars($relaystate);
+$t->data['error'] = $error;
+if (isset($error)) {
+ $t->data['username'] = htmlspecialchars($username);
+}
+
+$t->show();
+
+?>
\ No newline at end of file
--
GitLab