Skip to content
Snippets Groups Projects
Commit c7cfdabf authored by Jaime Perez Crespo's avatar Jaime Perez Crespo
Browse files

Remove www/auth/*. Closes #13.

parent 97cbe2de
Branches
Tags
No related merge requests found
<?php
/**
* WARNING:
*
* THIS FILE IS DEPRECATED AND WILL BE REMOVED IN FUTURE VERSIONS
*
* @deprecated
*/
require_once('../_include.php');
$config = SimpleSAML_Configuration::getInstance();
$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
$session = SimpleSAML_Session::getSessionFromRequest();
SimpleSAML_Logger::warning('The file auth/login-admin.php is deprecated and will be removed in future versions.');
SimpleSAML_Logger::info('AUTH -admin: Accessing auth endpoint login-admin');
$error = null;
$attributes = array();
$username = null;
/* Load the RelayState argument. The RelayState argument contains the address
* we should redirect the user to after a successful authentication.
*/
if (!array_key_exists('RelayState', $_REQUEST)) {
throw new SimpleSAML_Error_Error('NORELAYSTATE');
}
$relaystate = SimpleSAML_Utilities::checkURLAllowed($_REQUEST['RelayState']);
$correctpassword = $config->getString('auth.adminpassword', '123');
if (empty($correctpassword) or $correctpassword === '123') {
throw new SimpleSAML_Error_Error('NOTSET');
}
if (isset($_POST['password'])) {
/* Validate and sanitize form data. */
if (SimpleSAML_Utils_Crypto::pwValid($correctpassword, $_POST['password'])) {
$username = 'admin';
$password = $_POST['password'];
$attributes = array('user' => array('admin'));
$session->doLogin('login-admin');
$session->setAttributes($attributes);
$session->setNameID(array(
'value' => SimpleSAML_Utilities::generateID(),
'Format' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'));
SimpleSAML_Logger::info('AUTH - admin: '. $username . ' successfully authenticated');
/**
* Create a statistics log entry for every successfull login attempt.
* Also log a specific attribute as set in the config: statistics.authlogattr
*/
$authlogattr = $config->getValue('statistics.authlogattr', null);
if ($authlogattr && array_key_exists($authlogattr, $attributes))
SimpleSAML_Logger::stats('AUTH-login-admin OK ' . $attributes[$authlogattr][0]);
else
SimpleSAML_Logger::stats('AUTH-login-admin OK');
SimpleSAML_Utilities::redirectTrustedURL($relaystate);
exit(0);
} else {
SimpleSAML_Logger::stats('AUTH-login-admin Failed');
$error = 'error_wrongpassword';
SimpleSAML_Logger::info($error);
}
}
$t = new SimpleSAML_XHTML_Template($config, 'login.php', 'login');
$t->data['header'] = 'simpleSAMLphp: Enter username and password';
$t->data['relaystate'] = $relaystate;
$t->data['admin'] = TRUE;
$t->data['autofocus'] = 'password';
$t->data['error'] = $error;
if (isset($error)) {
$t->data['username'] = $username;
}
$t->show();
<?php
/**
* WARNING:
*
* THIS FILE IS DEPRECATED AND WILL BE REMOVED IN FUTURE VERSIONS
*
* @deprecated
*/
/**
* This file is part of SimpleSAMLphp. See the file COPYING in the
* root of the distribution for licence information.
*
* This file implements authentication of users using CAS.
*
* @author Mads Freek, RUC.
* @package simpleSAMLphp
*/
require_once('../_include.php');
$config = SimpleSAML_Configuration::getInstance();
$session = SimpleSAML_Session::getSessionFromRequest();
SimpleSAML_Logger::warning('The file auth/login-cas-ldap.php is deprecated and will be removed in future versions.');
try {
$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
// TODO: Make this authentication module independent from SAML 2.0
$idpentityid = $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted');
$ldapconfigfile = $config->getBaseDir() . 'config/cas-ldap.php';
require_once($ldapconfigfile);
if (!array_key_exists($idpentityid, $casldapconfig)) {
throw new Exception('No CAS authentication configuration for this SAML 2.0 entity ID [' . $idpentityid . ']');
}
$casconfig = $casldapconfig[$idpentityid]['cas'];
$ldapconfig = $casldapconfig[$idpentityid]['ldap'];
} catch (Exception $exception) {
throw new SimpleSAML_Error_Error('METADATA', $exception);
}
/*
* Load the RelayState argument. The RelayState argument contains the address
* we should redirect the user to after a successful authentication.
*/
if (!array_key_exists('RelayState', $_REQUEST)) {
throw new SimpleSAML_Error_Error('NORELAYSTATE');
}
function casValidate($cas) {
$service = SimpleSAML_Utilities::selfURL();
$service = preg_replace("/(\?|&)?ticket=.*/", "", $service); # always tagged on by cas
/**
* Got response from CAS server.
*/
if (isset($_GET['ticket'])) {
$ticket = urlencode($_GET['ticket']);
#ini_set('default_socket_timeout', 15);
if (isset($cas['validate'])) { # cas v1 yes|no\r<username> style
$paramPrefix = strpos($cas['validate'], '?') ? '&' : '?';
$result = SimpleSAML_Utilities::fetch($cas['validate'] . $paramPrefix . 'ticket=' . $ticket . '&service=' . urlencode($service) );
$res = preg_split("/\r?\n/",$result);
if (strcmp($res[0], "yes") == 0) {
return array($res[1], array());
} else {
throw new Exception("Failed to validate CAS service ticket: $ticket");
}
} elseif (isset($cas['serviceValidate'])) { # cas v2 xml style
$paramPrefix = strpos($cas['serviceValidate'], '?') ? '&' : '?';
$result = SimpleSAML_Utilities::fetch($cas['serviceValidate'] . $paramPrefix . 'ticket=' . $ticket . '&service=' . urlencode($service) );
$dom = DOMDocument::loadXML($result);
$xPath = new DOMXpath($dom);
$xPath->registerNamespace("cas", 'http://www.yale.edu/tp/cas');
$success = $xPath->query("/cas:serviceResponse/cas:authenticationSuccess/cas:user");
if ($success->length == 0) {
$failure = $xPath->evaluate("/cas:serviceResponse/cas:authenticationFailure");
throw new Exception("Error when validating CAS service ticket: " . $failure->item(0)->textContent);
} else {
$attributes = array();
if ($casattributes = $cas['attributes']) { # some has attributes in the xml - attributes is a list of XPath expressions to get them
foreach ($casattributes as $name => $query) {
$attrs = $xPath->query($query);
foreach ($attrs as $attrvalue) $attributes[$name][] = $attrvalue->textContent;
}
}
$casusername = $success->item(0)->textContent;
return array($casusername, $attributes);
}
} else {
throw new Exception("validate or serviceValidate not specified");
}
/**
* First request, will redirect the user to the CAS server for authentication.
*/
} else {
SimpleSAML_Logger::info("AUTH - cas-ldap: redirecting to {$cas['login']}");
SimpleSAML_Utilities::redirectTrustedURL($cas['login'], array(
'service' => $service
));
}
}
try {
list($username, $casattributes) = casValidate($casconfig);
SimpleSAML_Logger::info('AUTH - cas-ldap: '. $username . ' authenticated by ' . $casconfig['validate']);
$ldapattributes = array();
if ($ldapconfig['servers']) {
$ldap = new SimpleSAML_Auth_LDAP($ldapconfig['servers'], $ldapconfig['enable_tls']);
$ldapattributes = $ldap->validate($ldapconfig, $username);
}
$attributes = array_merge_recursive($casattributes, $ldapattributes);
$session->doLogin('login-cas-ldap');
$session->setAttributes($attributes);
$session->setNameID(array(
'value' => SimpleSAML_Utilities::generateID(),
'Format' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'));
SimpleSAML_Utilities::redirectUntrustedURL($_REQUEST['RelayState']);
} catch(Exception $exception) {
throw new SimpleSAML_Error_Error('CASERROR', $exception);
}
<?php
/**
* WARNING:
*
* THIS FILE IS DEPRECATED AND WILL BE REMOVED IN FUTURE VERSIONS
*
* @deprecated
*/
require_once('../_include.php');
$config = SimpleSAML_Configuration::getInstance();
$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
$session = SimpleSAML_Session::getSessionFromRequest();
SimpleSAML_Logger::warning('The file auth/login-ldapmulti.php is deprecated and will be removed in future versions.');
$ldapconfigfile = $config->getBaseDir() . 'config/ldapmulti.php';
require_once($ldapconfigfile);
SimpleSAML_Logger::info('AUTH - ldap-multi: Accessing auth endpoint login-ldapmulti');
$error = null;
$attributes = array();
/* Load the RelayState argument. The RelayState argument contains the address
* we should redirect the user to after a successful authentication.
*/
if (!array_key_exists('RelayState', $_REQUEST)) {
throw new SimpleSAML_Error_Error('NORELAYSTATE');
}
$relaystate = SimpleSAML_Utilities::checkURLAllowed($_REQUEST['RelayState']);
if (isset($_POST['username'])) {
try {
$ldapconfig = $ldapmulti[$_POST['org']];
if ($ldapconfig['search.enable'] === TRUE) {
if(!$ldap->bind($ldapconfig['search.username'], $ldapconfig['search.password'])) {
throw new Exception('Error authenticating using search username & password.');
}
$dn = $ldap->searchfordn($ldapconfig['search.base'], $ldapconfig['search.attributes'], $_POST['username']);
} else {
$dn = str_replace('%username%', $_POST['username'], $ldapconfig['dnpattern'] );
}
$pwd = $_POST['password'];
$ldap = new SimpleSAML_Auth_LDAP($ldapconfig['hostname'], $ldapconfig['enable_tls']);
if (($pwd == "") or (!$ldap->bind($dn, $pwd))) {
SimpleSAML_Logger::info('AUTH - ldap-multi: '. $_POST['username'] . ' failed to authenticate. DN=' . $dn);
throw new Exception('Wrong username or password');
}
$attributes = $ldap->getAttributes($dn, $ldapconfig['attributes']);
SimpleSAML_Logger::info('AUTH - ldap-multi: '. $_POST['username'] . ' successfully authenticated');
$session->doLogin('login-ldapmulti');
$session->setAttributes($attributes);
$session->setNameID(array(
'value' => SimpleSAML_Utilities::generateID(),
'Format' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'));
/**
* Create a statistics log entry for every successfull login attempt.
* Also log a specific attribute as set in the config: statistics.authlogattr
*/
$authlogattr = $config->getValue('statistics.authlogattr', null);
if ($authlogattr && array_key_exists($authlogattr, $attributes)) {
SimpleSAML_Logger::stats('AUTH-login-ldapmulti OK ' . $attributes[$authlogattr][0]);
} else {
SimpleSAML_Logger::stats('AUTH-login-ldapmulti OK');
}
SimpleSAML_Utilities::redirectTrustedURL($relaystate);
} catch (Exception $e) {
$error = $e->getMessage();
}
}
$t = new SimpleSAML_XHTML_Template($config, 'login-ldapmulti.php', 'login');
$t->data['header'] = 'simpleSAMLphp: Enter username and password';
$t->data['relaystate'] = $relaystate;
$t->data['ldapconfig'] = $ldapmulti;
$t->data['org'] = $_REQUEST['org'];
$t->data['error'] = $error;
if (isset($error)) {
$t->data['username'] = $_POST['username'];
}
$t->show();
?>
<?php
/**
* WARNING:
*
* THIS FILE IS DEPRECATED AND WILL BE REMOVED IN FUTURE VERSIONS
*
* @deprecated
*/
require_once('../_include.php');
$config = SimpleSAML_Configuration::getInstance();
$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
$session = SimpleSAML_Session::getSessionFromRequest();
SimpleSAML_Logger::warning('The file auth/login-radius.php is deprecated and will be removed in future versions.');
SimpleSAML_Logger::info('AUTH - radius: Accessing auth endpoint login');
$error = null;
$attributes = array();
/* Load the RelayState argument. The RelayState argument contains the address
* we should redirect the user to after a successful authentication.
*/
if (!array_key_exists('RelayState', $_REQUEST)) {
throw new SimpleSAML_Error_Error('NORELAYSTATE');
}
$relaystate = SimpleSAML_Utilities::checkURLAllowed($_REQUEST['RelayState']);
if (isset($_POST['username'])) {
try {
$radius = radius_auth_open();
// ( resource $radius_handle, string $hostname, int $port, string $secret, int $timeout, int $max_tries )
if (! radius_add_server($radius, $config->getValue('auth.radius.hostname'), $config->getValue('auth.radius.port'),
$config->getValue('auth.radius.secret'), 5, 3)) {
SimpleSAML_Logger::critical('AUTH - radius: Problem occurred when connecting to Radius server: '.radius_strerror($radius));
throw new Exception('Problem occurred when connecting to Radius server: ' . radius_strerror($radius));
}
if (! radius_create_request($radius,RADIUS_ACCESS_REQUEST)) {
SimpleSAML_Logger::critical('AUTH - radius: Problem occurred when creating the Radius request: '.radius_strerror($radius));
throw new Exception('Problem occurred when creating the Radius request: ' . radius_strerror($radius));
}
radius_put_attr($radius,RADIUS_USER_NAME,$_POST['username']);
radius_put_attr($radius,RADIUS_USER_PASSWORD, $_POST['password']);
switch (radius_send_request($radius))
{
case RADIUS_ACCESS_ACCEPT:
// GOOD Login :)
$attributes = array( $config->getValue('auth.radius.URNForUsername') => array($_POST['username']));
// get AAI attribute sets. Contributed by Stefan Winter, (c) RESTENA
while ($resa = radius_get_attr($radius)) {
if (! is_array($resa)) {
printf ("Error getting attribute: %s\n", radius_strerror($res));
exit;
}
if ($resa['attr'] == RADIUS_VENDOR_SPECIFIC) {
$resv = radius_get_vendor_attr($resa['data']);
if (is_array($resv)) {
$vendor = $resv['vendor'];
$attrv = $resv['attr'];
$datav = $resv['data'];
/**
* Uncomment this to debug vendor attributes.
*/
// printf("Got Vendor Attr:%d %d Bytes %s<br/>", $attrv, strlen($datav), bin2hex($datav));
if ($vendor == $config->getValue('auth.radius.vendor') && $attrv == $config->getValue('auth.radius.vendor-attr')) {
$attrib_name = strtok ($datav,'=');
$attrib_value = strtok ('=');
// if the attribute name is already in result set, add another value
if (array_key_exists($attrib_name, $attributes)) {
$attributes[$attrib_name][] = $attrib_value;
} else {
$attributes[$attrib_name] = array($attrib_value);
}
}
}
}
}
// end of contribution
//$attributes = array('urn:mace:eduroam.no:username' => array($_POST['username']));
SimpleSAML_Logger::info('AUTH - radius: '. $_POST['username'] . ' successfully authenticated');
$session->doLogin('login-radius');
$session->setAttributes($attributes);
$session->setNameID(array(
'value' => SimpleSAML_Utilities::generateID(),
'Format' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'));
/**
* Create a statistics log entry for every successfull login attempt.
* Also log a specific attribute as set in the config: statistics.authlogattr
*/
$authlogattr = $config->getValue('statistics.authlogattr', null);
if ($authlogattr && array_key_exists($authlogattr, $attributes)) {
SimpleSAML_Logger::stats('AUTH-login-radius OK ' . $attributes[$authlogattr][0]);
} else {
SimpleSAML_Logger::stats('AUTH-login-radius OK');
}
SimpleSAML_Utilities::redirectTrustedURL($relaystate);
case RADIUS_ACCESS_REJECT:
SimpleSAML_Logger::info('AUTH - radius: '. $_POST['username'] . ' failed to authenticate');
throw new Exception('Radius authentication error: Bad credentials ');
break;
case RADIUS_ACCESS_CHALLENGE:
SimpleSAML_Logger::critical('AUTH - radius: Challenge requested: ' . radius_strerror($radius));
throw new Exception('Radius authentication error: Challenge requested');
break;
default:
SimpleSAML_Logger::critical('AUTH -radius: General radius error: ' . radius_strerror($radius));
throw new Exception('Error during radius authentication: ' . radius_strerror($radius));
}
} catch (Exception $e) {
$error = $e->getMessage();
}
}
$t = new SimpleSAML_XHTML_Template($config, 'login.php', 'login');
$t->data['header'] = 'simpleSAMLphp: Enter username and password';
$t->data['relaystate'] = $relaystate;
$t->data['error'] = $error;
if (isset($error)) {
$t->data['username'] = $_POST['username'];
}
$t->show();
<?php
/**
* WARNING:
*
* THIS FILE IS DEPRECATED AND WILL BE REMOVED IN FUTURE VERSIONS
*
* @deprecated
*/
require_once('../_include.php');
$config = SimpleSAML_Configuration::getInstance();
$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
$session = SimpleSAML_Session::getSessionFromRequest();
SimpleSAML_Logger::warning('The file auth/login-tlsclient.php is deprecated and will be removed in future versions.');
SimpleSAML_Logger::info('AUTH - ldap: Accessing auth endpoint login');
$ldapconfig = SimpleSAML_Configuration::getConfig('ldap.php');
$error = null;
$attributes = array();
$username = null;
/* Load the RelayState argument. The RelayState argument contains the address
* we should redirect the user to after a successful authentication.
*/
if (!array_key_exists('RelayState', $_REQUEST)) {
throw new SimpleSAML_Error_Error('NORELAYSTATE');
}
try {
$attributes = array();
$userid = null;
if (!array_key_exists('SSL_CLIENT_VERIFY', $_SERVER))
throw new Exception('Apache header variable SSL_CLIENT_VERIFY was not available. Recheck your apache configuration.');
if (strcmp($_SERVER['SSL_CLIENT_VERIFY'], "SUCCESS") != 0) {
throw new SimpleSAML_Error_Error('NOTVALIDCERT', $e);
}
$userid = $_SERVER['SSL_CLIENT_S_DN'];
$attributes['CertificateDN'] = array($userid);
$attributes['CertificateDNCN'] = array($_SERVER['SSL_CLIENT_S_DN_CN']);
$session->doLogin('tlsclient');
$session->setAttributes($attributes);
#echo '<pre>';
#print_r($_SERVER);
#echo '</pre>'; exit;
SimpleSAML_Logger::info('AUTH - tlsclient: '. $userid . ' successfully authenticated');
$session->setNameID(array(
'value' => SimpleSAML_Utilities::generateID(),
'Format' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient')
);
/**
* Create a statistics log entry for every successfull login attempt.
* Also log a specific attribute as set in the config: statistics.authlogattr
*/
$authlogattr = $config->getValue('statistics.authlogattr', null);
if ($authlogattr && array_key_exists($authlogattr, $attributes)) {
SimpleSAML_Logger::stats('AUTH-tlsclient OK ' . $attributes[$authlogattr][0]);
} else {
SimpleSAML_Logger::stats('AUTH-tlsclient OK');
}
SimpleSAML_Utilities::redirectUntrustedURL($_REQUEST['RelayState']);
} catch (Exception $e) {
throw new SimpleSAML_Error_Error('CONFIG', $e);
}
?>
\ No newline at end of file
<?php
/**
* WARNING:
*
* THIS FILE IS DEPRECATED AND WILL BE REMOVED IN FUTURE VERSIONS
*
* @deprecated
*/
/**
* This file is part of SimpleSAMLphp. See the file COPYING in the
* root of the distribution for licence information.
*
* This file implements authentication of users using CAS.
*
* @author Mads Freek, RUC.
* @package simpleSAMLphp
*/
require_once('../_include.php');
$config = SimpleSAML_Configuration::getInstance();
$session = SimpleSAML_Session::getSessionFromRequest();
SimpleSAML_Logger::warning('The file auth/login-wayf-ldap.php is deprecated and will be removed in future versions.');
try {
$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
// TODO: Make this authentication module independent from SAML 2.0
$idpentityid = $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted');
$ldapconfigfile = $config->getBaseDir() . 'config/cas-ldap.php';
require_once($ldapconfigfile);
if (!array_key_exists($idpentityid, $casldapconfig)) {
throw new Exception('No LDAP authentication configuration for this SAML 2.0 entity ID [' . $idpentityid . ']');
}
$ldapconfig = $casldapconfig[$idpentityid]['ldap'];
} catch (Exception $exception) {
throw new SimpleSAML_Error_Error('METADATA', $exception);
}
/*
* Load the RelayState argument. The RelayState argument contains the address
* we should redirect the user to after a successful authentication.
*/
if (!array_key_exists('RelayState', $_REQUEST)) {
throw new SimpleSAML_Error_Error('NORELAYSTATE');
}
$relaystate = SimpleSAML_Utilities::checkURLAllowed($_REQUEST['RelayState']);
if ($username = $_POST['username']) {
try {
$ldap = new SimpleSAML_Auth_LDAP($ldapconfig['servers'], $ldapconfig['enable_tls']);
$attributes = $ldap->validate($ldapconfig, $username, $_POST['password']);
if ($attributes === FALSE) {
$error = "LDAP_INVALID_CREDENTIALS";
} else {
$session->doLogin('login-wayf-ldap');
$session->setAttributes($attributes);
$session->setNameID(array(
'value' => SimpleSAML_Utilities::generateID(),
'Format' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'));
SimpleSAML_Utilities::redirectTrustedURL($relaystate);
}
} catch(Exception $e) {
throw new SimpleSAML_Error_Error('LDAPERROR', $e);
}
}
$t = new SimpleSAML_XHTML_Template($config, $ldapconfig['template']);
$t->data['header'] = 'simpleSAMLphp: Enter username and password';
$t->data['relaystate'] = htmlspecialchars($relaystate);
$t->data['error'] = $error;
if (isset($error)) {
$t->data['username'] = htmlspecialchars($username);
}
$t->show();
?>
\ No newline at end of file
<?php
/**
* WARNING:
*
* THIS FILE IS DEPRECATED AND WILL BE REMOVED IN FUTURE VERSIONS
*
* @deprecated
*/
require_once('../_include.php');
$config = SimpleSAML_Configuration::getInstance();
$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
$session = SimpleSAML_Session::getSessionFromRequest();
SimpleSAML_Logger::warning('The file auth/login.php is deprecated and will be removed in future versions.');
SimpleSAML_Logger::info('AUTH - ldap: Accessing auth endpoint login');
$ldapconfig = SimpleSAML_Configuration::getConfig('ldap.php');
$error = null;
$attributes = array();
$username = null;
/* Load the RelayState argument. The RelayState argument contains the address
* we should redirect the user to after a successful authentication.
*/
if (!array_key_exists('RelayState', $_REQUEST)) {
throw new SimpleSAML_Error_Error('NORELAYSTATE');
}
$relaystate = $_REQUEST['RelayState'];
if (isset($_POST['username'])) {
try {
/* Validate and sanitize form data. */
/* First, make sure that the password field is included. */
if (!array_key_exists('password', $_POST)) {
$error = 'error_nopassword';
continue;
}
$username = $_POST['username'];
$password = $_POST['password'];
/* Escape any characters with a special meaning in LDAP. The following
* characters have a special meaning (according to RFC 2253):
* ',', '+', '"', '\', '<', '>', ';', '*'
* These characters are escaped by prefixing them with '\'.
*/
$ldapusername = addcslashes($username, ',+"\\<>;*');
/*
* Connecting to LDAP.
*/
$ldap = new SimpleSAML_Auth_LDAP($ldapconfig->getValue('auth.ldap.hostname'),
$ldapconfig->getValue('auth.ldap.enable_tls'));
if($ldapconfig->getValue('auth.ldap.search.enable', FALSE)) {
/* We are configured to search for the users dn. */
$searchUsername = $ldapconfig->getValue('auth.ldap.search.username', NULL);
if($searchUsername !== NULL) {
/* Log in with username & password for searching. */
$searchPassword = $ldapconfig->getValue('auth.ldap.search.password', NULL);
if($searchPassword === NULL) {
throw new Exception('"auth.ldap.search.username" is configured, but not' .
' "auth.ldap.search.password".');
}
if(!$ldap->bind($searchUsername, $searchPassword)) {
throw new Exception('Error authenticating using search username & password.');
}
}
$searchBase = $ldapconfig->getValue('auth.ldap.search.base', NULL);
$searchAttributes = $ldapconfig->getValue('auth.ldap.search.attributes', NULL);
if($searchBase === NULL || $searchAttributes === NULL) {
throw new Exception('"auth.ldap.search.base" and "auth.ldap.search.attributes"' .
' must be configured before LDAP search can be enabled.');
}
/* Search for the dn. */
$dn = $ldap->searchfordn($searchBase, $searchAttributes, $username);
} else {
/* We aren't configured to search for the dn. Insert the LDAP username into the pattern
* configured in the 'auth.ldap.dnpattern' option.
*/
$dn = str_replace('%username%', $ldapusername, $ldapconfig->getValue('auth.ldap.dnpattern'));
}
/*
* Do LDAP bind using DN.
*/
if (($password == "") or (!$ldap->bind($dn, $password))) {
SimpleSAML_Logger::info('AUTH - ldap: '. $username . ' failed to authenticate. DN=' . $dn);
throw new Exception('error_wrongpassword');
}
/*
* Retrieve attributes from LDAP
*/
$attributes = $ldap->getAttributes($dn, $ldapconfig->getValue('auth.ldap.attributes', null));
SimpleSAML_Logger::info('AUTH - ldap: '. $ldapusername . ' successfully authenticated');
$session->doLogin('login');
$session->setAttributes($attributes);
$session->setNameID(array(
'value' => SimpleSAML_Utilities::generateID(),
'Format' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'));
/**
* Create a statistics log entry for every successfull login attempt.
* Also log a specific attribute as set in the config: statistics.authlogattr
*/
$authlogattr = $config->getValue('statistics.authlogattr', null);
if ($authlogattr && array_key_exists($authlogattr, $attributes))
SimpleSAML_Logger::stats('AUTH-login OK ' . $attributes[$authlogattr][0]);
else
SimpleSAML_Logger::stats('AUTH-login OK');
$returnto = $_REQUEST['RelayState'];
SimpleSAML_Utilities::redirectUntrustedURL($returnto);
} catch (Exception $e) {
SimpleSAML_Logger::error('AUTH - ldap: User: '.(isset($requestedUser) ? $requestedUser : 'na'). ':'. $e->getMessage());
SimpleSAML_Logger::stats('AUTH-login Failed');
$error = $e->getMessage();
}
}
$t = new SimpleSAML_XHTML_Template($config, 'login.php', 'login');
$t->data['header'] = 'simpleSAMLphp: Enter username and password';
$t->data['relaystate'] = $relaystate;
$t->data['error'] = $error;
if (isset($error)) {
$t->data['username'] = $username;
}
$t->show();
?>
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment