Skip to content
Snippets Groups Projects
Verified Commit da09d045 authored by Damien's avatar Damien
Browse files

FEAT #13268 TIME 2:20 SSo connection

parent b89264e9
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
apps/maarch_entreprise/xml/login_method.xml
+ 0
8
View file @ da09d045
...@@ -14,18 +14,10 @@ ...@@ -14,18 +14,10 @@
</METHOD> </METHOD>
<METHOD> <METHOD>
<ID>sso</ID> <ID>sso</ID>
<NAME>_SSO_LOGIN</NAME>
<SCRIPT>sso_connect.php</SCRIPT>
<ENABLED>false</ENABLED> <ENABLED>false</ENABLED>
</METHOD> </METHOD>
<METHOD> <METHOD>
<ID>keycloak</ID> <ID>keycloak</ID>
<ENABLED>false</ENABLED> <ENABLED>false</ENABLED>
</METHOD> </METHOD>
<METHOD>
<ID>shibboleth</ID>
<NAME>Shibboleth</NAME>
<SCRIPT>shibbolethConnect.php</SCRIPT>
<ENABLED>false</ENABLED>
</METHOD>
</ROOT> </ROOT>
src/core/controllers/AuthenticationController.php
+ 41
5
View file @ da09d045
...@@ -64,6 +64,10 @@ class AuthenticationController ...@@ -64,6 +64,10 @@ class AuthenticationController
$provider = new Keycloak($keycloakConfig); $provider = new Keycloak($keycloakConfig);
$authUri = $provider->getAuthorizationUrl(['scope' => $keycloakConfig['scope']]); $authUri = $provider->getAuthorizationUrl(['scope' => $keycloakConfig['scope']]);
$keycloakState = $provider->getState(); $keycloakState = $provider->getState();
} elseif ($loggingMethod['id'] == 'sso') {
$ssoConfiguration = ConfigurationModel::getByPrivilege(['privilege' => 'admin_sso', 'select' => ['value']]);
$ssoConfiguration = !empty($ssoConfiguration['value']) ? json_decode($ssoConfiguration['value'], true) : null;
$authUri = $ssoConfiguration['value']['uri'] ?? null;
} }
$return = [ $return = [
...@@ -285,6 +289,15 @@ class AuthenticationController ...@@ -285,6 +289,15 @@ class AuthenticationController
if (!AuthenticationController::isUserAuthorized(['login' => $login])) { if (!AuthenticationController::isUserAuthorized(['login' => $login])) {
return $response->withStatus(403)->withJson(['errors' => 'Authentication unauthorized']); return $response->withStatus(403)->withJson(['errors' => 'Authentication unauthorized']);
} }
} elseif ($loggingMethod['id'] == 'sso') {
$authenticated = AuthenticationController::ssoConnection();
if (!empty($authenticated['errors'])) {
return $response->withStatus(401)->withJson(['errors' => $authenticated['errors']]);
}
$login = strtolower($authenticated['login']);
if (!AuthenticationController::isUserAuthorized(['login' => $login])) {
return $response->withStatus(403)->withJson(['errors' => 'Authentication unauthorized']);
}
} else { } else {
return $response->withStatus(403)->withJson(['errors' => 'Logging method unauthorized']); return $response->withStatus(403)->withJson(['errors' => 'Logging method unauthorized']);
} }
...@@ -334,14 +347,16 @@ class AuthenticationController ...@@ -334,14 +347,16 @@ class AuthenticationController
{ {
$loggingMethod = CoreConfigModel::getLoggingMethod(); $loggingMethod = CoreConfigModel::getLoggingMethod();
$res = ['logoutUrl' => null]; $logoutUrl = null;
if ($loggingMethod['id'] == 'cas') { if ($loggingMethod['id'] == 'cas') {
$res = AuthenticationController::casDisconnection(); $disconnection = AuthenticationController::casDisconnection();
$logoutUrl = $disconnection['logoutUrl'];
} elseif ($loggingMethod['id'] == 'keycloak') { } elseif ($loggingMethod['id'] == 'keycloak') {
$res = AuthenticationController::keycloakDisconnection(); $disconnection = AuthenticationController::keycloakDisconnection();
$logoutUrl = $disconnection['logoutUrl'];
} }
return $response->withJson(['logoutUrl' => $res['logoutUrl']]); return $response->withJson(['logoutUrl' => $logoutUrl]);
} }
private static function standardConnection(array $args) private static function standardConnection(array $args)
...@@ -487,9 +502,31 @@ class AuthenticationController ...@@ -487,9 +502,31 @@ class AuthenticationController
\phpCAS::setFixedServiceURL(UrlController::getCoreUrl() . 'dist/index.html'); \phpCAS::setFixedServiceURL(UrlController::getCoreUrl() . 'dist/index.html');
\phpCAS::setNoClearTicketsFromUrl(); \phpCAS::setNoClearTicketsFromUrl();
$logoutUrl = \phpCAS::getServerLogoutURL(); $logoutUrl = \phpCAS::getServerLogoutURL();
return ['logoutUrl' => $logoutUrl]; return ['logoutUrl' => $logoutUrl];
} }
private static function ssoConnection()
{
$ssoConfiguration = ConfigurationModel::getByPrivilege(['privilege' => 'admin_sso', 'select' => ['value']]);
if (empty($ssoConfiguration['value'])) {
return ['errors' => 'Sso configuration missing'];
}
$ssoConfiguration = json_decode($ssoConfiguration['value'], true);
$mapping = array_column($ssoConfiguration['mapping'], 'ssoId', 'maarchId');
if (empty($mapping['login'])) {
return ['errors' => 'Sso configuration missing : no login mapping'];
}
$login = $_SERVER[$mapping['login']];
if (empty($login)) {
return ['errors' => 'Authentication Failed : login not present in header'];
}
return ['login' => $login];
}
private static function keycloakConnection(array $args) private static function keycloakConnection(array $args)
{ {
$keycloakConfig = CoreConfigModel::getKeycloakConfiguration(); $keycloakConfig = CoreConfigModel::getKeycloakConfiguration();
...@@ -507,7 +544,6 @@ class AuthenticationController ...@@ -507,7 +544,6 @@ class AuthenticationController
} }
try { try {
// We got an access token, let's now get the user's details
$user = $provider->getResourceOwner($token); $user = $provider->getResourceOwner($token);
$login = $user->getId(); $login = $user->getId();
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment