From 41ed7ae31057eda21e54eb88bfbe31413fc9a673 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andreas=20=C3=85kre=20Solberg?= <andreas.solberg@uninett.no>
Date: Sat, 6 Oct 2007 08:12:07 +0000
Subject: [PATCH] Adding support for multiple LDAP backends with new
authentication module
git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@21 44740490-163a-0410-bde0-09ae8108e29a
---
config/ldapmulti-template.php | 27 +++++
templates/login-ldapmulti.php | 142 +++++++++++++++++++++++++++
www/auth/login-ldapmulti.php | 106 ++++++++++++++++++++
www/example-simple/saml2-example.php | 6 --
4 files changed, 275 insertions(+), 6 deletions(-)
create mode 100644 config/ldapmulti-template.php
create mode 100644 templates/login-ldapmulti.php
create mode 100644 www/auth/login-ldapmulti.php
diff --git a/config/ldapmulti-template.php b/config/ldapmulti-template.php
new file mode 100644
index 000000000..df80ef030
--- /dev/null
+++ b/config/ldapmulti-template.php
@@ -0,0 +1,27 @@
+<?php
+/*
+ * The configuration of simpleSAMLphp
+ *
+ *
+ */
+
+$ldapmulti = array (
+
+ 'feide.no' => array(
+ 'description' => 'Feide',
+ 'dnpattern' => 'uid=%username%,dc=feide,dc=no,ou=feide,dc=uninett,dc=no',
+ 'hostname' => 'ldap.uninett.no',
+ 'attributes' => 'objectclass=*',
+ ),
+ 'uninett.no' => array(
+ 'description' => 'UNINETT',
+ 'dnpattern' => 'uid=%username%,ou=people,dc=uninett,dc=no',
+ 'hostname' => 'ldap.uninett.no',
+ 'attributes' => 'objectclass=*',
+ )
+
+);
+
+
+
+?>
\ No newline at end of file
diff --git a/templates/login-ldapmulti.php b/templates/login-ldapmulti.php
new file mode 100644
index 000000000..fc9eac46e
--- /dev/null
+++ b/templates/login-ldapmulti.php
@@ -0,0 +1,142 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+<title><?php echo $data['header']; ?></title>
+<script>
+<!--
+function sf(){document.f.username.focus();}
+// -->
+</script>
+<style type="text/css">
+
+/* these styles are in the head of this page because this is a unique page */
+
+/* THE BIG GUYS */
+* {margin:0;padding:0}
+body {text-align:center;padding: 20px 0;background: #222;color:#333;font:83%/1.5 arial,tahoma,verdana,sans-serif}
+img {border:none;display:block}
+hr {margin: 1em 0;background:#eee;height:1px;color:#eee;border:none;clear:both}
+
+/* LINKS */
+a,a:link,a:link,a:link,a:hover {font-weight:bold;background:transparent;text-decoration:underline;cursor:pointer}
+a:link {color:#c00}
+a:visited {color:#999}
+a:hover,a:active {color:#069}
+
+/* LISTS */
+ul {margin: .3em 0 1.5em 2em}
+ ul.related {margin-top:-1em}
+li {margin-left:2em}
+dt {font-weight:bold}
+#wrap {border: 1px solid #fff;position:relative;background:#fff;width:600px;margin: 0 auto;text-align:left}
+#header {background: #666 url("/<?php echo $data['baseurlpath']; ?>resources/sprites.gif") repeat-x 0 100%;margin: 0 0 25px;padding: 0 0 8px}
+#header h1 {color:#fff;font-size: 145%;padding:20px 20px 12px}
+#poweredby {width:96px;height:63px;position:absolute;top:0;right:0}
+#content {padding: 0 20px}
+
+/* TYPOGRAPHY */
+p, ul, ol {margin: 0 0 1.5em}
+h1, h2, h3, h4, h5, h6 {letter-spacing: -1px;font-family: arial,verdana,sans-serif;margin: 1.2em 0 .3em;color:#000;border-bottom: 1px solid #eee;padding-bottom: .1em}
+h1 {font-size: 196%;margin-top:0;border:none}
+h2 {font-size: 136%}
+h3 {font-size: 126%}
+h4 {font-size: 116%}
+h5 {font-size: 106%}
+h6 {font-size: 96%}
+
+.old {text-decoration:line-through}
+</style>
+</head>
+<body onload="sf();">
+
+<div id="wrap">
+
+ <div id="header">
+ <h1>simpleSAMLphp authentication</h1>
+ <div id="poweredby"><img src="/<?php echo $data['baseurlpath']; ?>resources/icons/lock.png" alt="Login screen" /></div>
+ </div>
+
+ <div id="content">
+
+ <?php if (isset($data['error'])) { ?>
+ <div style="border-left: 1px solid #e8e8e8; border-bottom: 1px solid #e8e8e8; background: #f5f5f5"
+ <img src="/<?php echo $data['baseurlpath']; ?>resources/icons/bomb.png" style="float: left; margin: 15px " />
+ <h2>What you entered was not accepted!</h2>
+
+ <p><?php echo $data['error']; ?> </p>
+ </div>
+ <?php } ?>
+
+ <h2 style="break: both">Enter your username and password</h2>
+
+ <p>
+ A service has requested you to authenticate your self. That means you need to enter your username and password in the form below.
+ </p>
+
+ <form action="?" method="post" name="f">
+
+ <table>
+ <tr>
+ <td rowspan="3"><img src="/<?php echo $data['baseurlpath']; ?>resources/icons/pencil.png" /></td>
+ <td style="padding: .3em;">Username</td>
+ <td><input type="text" tabindex="1" name="username"
+ <?php if (isset($data['username'])) {
+ echo 'value="' . $data['username'] . '"';
+ } ?> /></td>
+
+
+ <td style="padding: .4em; rowspan="3">
+ <input type="submit" tabindex="3" value="Login" />
+ <input type="hidden" name="RelayState" value="<?php echo $data['relaystate']; ?>" />
+ </td>
+ </tr>
+
+ <tr>
+ <td style="padding: .3em;">Organization</td>
+ <td><select name="org" tabindex="2">
+ <?php
+
+ foreach ($data['ldapconfig'] AS $key => $entry) {
+ echo '<option ' .
+ ($key == $data['org'] ? 'selected="selected" ' : '')
+ . 'value="' . $key . '">' . $entry['description'] . '</option>';
+ }
+
+ ?>
+ </select></td>
+ </tr>
+
+ <tr>
+ <td style="padding: .3em;">Password</td>
+ <td><input type="password" tabindex="2" name="password" /></td>
+ </tr>
+ </table>
+
+
+ </form>
+
+
+ <h2>Help! I don't remember my password.</h2>
+
+
+ <p>Too bad! - Without your username and password you cannot authenticate your self and access the service.
+ There may be someone that can help you. Contact the help desk at your university!</p>
+
+ <h2>About simpleSAMLphp</h2>
+ <p>Hey! This simpleSAMLphp thing is pretty cool, where can I read more about it?
+ You can find more information about simpleSAMLphp at <a href="http://rnd.feide.no">the Feide RnD blog</a> over at <a href="http://uninett.no">UNINETT</a>.</p>
+
+
+ <hr />
+
+ Copyright © 2007 <a href="http://rnd.feide.no/">Feide RnD</a>
+
+ <hr />
+
+ </div>
+
+</div>
+
+</body>
+</html>
diff --git a/www/auth/login-ldapmulti.php b/www/auth/login-ldapmulti.php
new file mode 100644
index 000000000..72dbe3b24
--- /dev/null
+++ b/www/auth/login-ldapmulti.php
@@ -0,0 +1,106 @@
+<?php
+
+
+require_once('../../www/_include.php');
+
+
+require_once('SimpleSAML/Utilities.php');
+require_once('SimpleSAML/Session.php');
+require_once('SimpleSAML/XML/MetaDataStore.php');
+require_once('SimpleSAML/XML/SAML20/AuthnRequest.php');
+require_once('SimpleSAML/Bindings/SAML20/HTTPRedirect.php');
+require_once('SimpleSAML/XHTML/Template.php');
+
+session_start();
+
+$config = SimpleSAML_Configuration::getInstance();
+$metadata = new SimpleSAML_XML_MetaDataStore($config);
+$session = SimpleSAML_Session::getInstance();
+
+
+$ldapconfigfile = $config->getValue('basedir') . 'config/ldapmulti.php';
+require_once($ldapconfigfile);
+
+
+$error = null;
+$attributes = array();
+
+if (isset($_POST['username'])) {
+
+ $ldapconfig = $ldapmulti[$_POST['org']];
+
+
+
+ $dn = str_replace('%username%', $_POST['username'], $ldapconfig['dnpattern'] );
+ $pwd = $_POST['password'];
+
+ $ds = ldap_connect($ldapconfig['hostname']);
+
+ if ($ds) {
+
+ if (!ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3)) {
+ echo "Failed to set LDAP Protocol version to 3";
+ exit;
+ }
+ /*
+ if (!ldap_start_tls($ds)) {
+ echo "Failed to start TLS";
+ exit;
+ }
+ */
+ if (!ldap_bind($ds, $dn, $pwd)) {
+ $error = "Bind failed, wrong username or password. Tried with DN=[" . $dn . "] DNPattern=[" . $ldapconfig['dnpattern'] . "]";
+
+
+ } else {
+ $sr = ldap_read($ds, $dn, $ldapconfig['attributes'] );
+ $ldapentries = ldap_get_entries($ds, $sr);
+
+
+ for ($i = 0; $i < $ldapentries[0]['count']; $i++) {
+ $values = array();
+ if ($ldapentries[0][$i] == 'jpegphoto') continue;
+ for ($j = 0; $j < $ldapentries[0][$ldapentries[0][$i]]['count']; $j++) {
+ $values[] = $ldapentries[0][$ldapentries[0][$i]][$j];
+ }
+
+ $attributes[$ldapentries[0][$i]] = $values;
+ }
+
+ // generelt ldap_next_entry for flere, men bare ett her
+ //print_r($ldapentries);
+ //print_r($attributes);
+
+ $session->setAuthenticated(true);
+ $session->setAttributes($attributes);
+
+ $session->setNameID(SimpleSAML_Utilities::generateID());
+ $session->setNameIDFormat('urn:oasis:names:tc:SAML:2.0:nameid-format:transient');
+
+ $returnto = $_REQUEST['RelayState'];
+ header("Location: " . $returnto);
+ exit(0);
+
+ }
+ // ldap_close() om du vil, men frigjoeres naar skriptet slutter
+ }
+
+
+}
+
+
+$t = new SimpleSAML_XHTML_Template($config, 'login-ldapmulti.php');
+
+$t->data['header'] = 'simpleSAMLphp: Enter username and password';
+$t->data['relaystate'] = $_REQUEST['RelayState'];
+$t->data['ldapconfig'] = $ldapmulti;
+$t->data['org'] = $_REQUEST['org'];
+$t->data['error'] = $error;
+if (isset($error)) {
+ $t->data['username'] = $_POST['username'];
+}
+
+$t->show();
+
+
+?>
diff --git a/www/example-simple/saml2-example.php b/www/example-simple/saml2-example.php
index 80c3d4eab..576ef4d29 100644
--- a/www/example-simple/saml2-example.php
+++ b/www/example-simple/saml2-example.php
@@ -36,8 +36,6 @@ $attributes = $session->getAttributes();
*
*/
-
-
$et = new SimpleSAML_XHTML_Template($config, 'status.php');
$et->data['header'] = 'SAML 2.0 SP Demo Example';
@@ -48,10 +46,6 @@ $et->data['valid'] = $session->isValid() ? 'Session is valid' : 'Session is inva
$et->data['logout'] = '<p>[ <a href="/' . $config->getValue('baseurlpath') . 'saml2/sp/initSLO.php?RelayState=/' .
$config->getValue('baseurlpath') . 'logout.html">Logout</a> ]';
-/*
-$et->data['logout'] = '[ <a href="https://sam.feide.no/amserver/saml2/jsp/idpSingleLogoutInit.jsp?binding=urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect">IdP intiated logout from Feide (only if you are connected to the Feide IdP)</a> ]</p>
- <p>[ <a href="/' . $config->getValue('baseurlpath') . 'saml2/sp/initSLO.php?RelayState=' . urlencode(SimpleSAML_Utilities::selfURL()) . '">SP initated logout</a> ]';
-*/
$et->show();
--
GitLab