FEAT #17590 TIME 0:50 back: azure saml connection

e932be53 · Hamza HRAMCHI · 79b4dcc6 · e932be53 · e932be53
Commit e932be53 authored 3 years ago by Hamza HRAMCHI
--- a/src/app/configuration/controllers/ConfigurationController.php
+++ b/src/app/configuration/controllers/ConfigurationController.php
@@ -24,7 +24,7 @@ use SrcCore\models\AuthenticationModel;
 class ConfigurationController
 {
-    public const CONNECTION_MODES  = ['default', 'ldap', 'kerberos', 'x509'];
+    public const CONNECTION_MODES  = ['default', 'ldap', 'kerberos', 'x509', 'azure_saml'];
    public function get(Request $request, Response $response)
    {
@@ -49,10 +49,11 @@ class ConfigurationController
            $configurations          = $configurations[0];
            $configurations['value'] = json_decode($configurations['value']);
            $configurations['availableConnections'] = [
-                ['id' => 'default',  'allowed' => true],
+                ['id' => 'default',    'allowed' => true],
-                ['id' => 'kerberos', 'allowed' => true],
+                ['id' => 'kerberos',   'allowed' => true],
-                ['id' => 'x509',     'allowed' => true],
+                ['id' => 'x509',       'allowed' => true],
-                ['id' => 'ldap',     'allowed' => !empty($ldapConfigurations)]
+                ['id' => 'ldap',       'allowed' => !empty($ldapConfigurations)],
+                ['id' => 'azure_saml', 'allowed' => true],
            ];
        }

--- a/src/core/controllers/AuthenticationController.php
+++ b/src/core/controllers/AuthenticationController.php
@@ -166,6 +166,13 @@ class AuthenticationController
                return $response->withStatus(401)->withJson(['errors' => 'No identifier detected for kerberos']);
            }
            $authenticated = true;
+        } else if ($connection == 'azure_saml') {
+            $authenticated = AuthenticationController::azureSamlConnection();
+            if (!empty($authenticated['errors'])) {
+                return $response->withStatus(401)->withJson(['errors' => $authenticated['errors']]);
+            }
+            $login = strtolower($authenticated['login']);
+            $authenticated = true;
        } else {
            $authenticated = AuthenticationModel::authentication(['login' => $login, 'password' => $body['password']]);
        }
@@ -222,6 +229,29 @@ class AuthenticationController
        return $response->withStatus(204);
    }
+    private static function azureSamlConnection()
+    {
+        $libDir = CoreConfigModel::getLibrariesDirectory();
+        if (!is_file($libDir . 'simplesamlphp/lib/_autoload.php')) {
+            return ['errors' => 'Library simplesamlphp not present'];
+        }
+        require_once($libDir . 'simplesamlphp/lib/_autoload.php');
+        $as = new \SimpleSAML\Auth\Simple('default-sp');
+        $as->requireAuth([
+            'ReturnTo'          => UrlController::getCoreUrl(),
+            'skipRedirection'   => true
+        ]);
+        $attributes = $as->getAttributes();
+        $login = $attributes['http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name'][0];
+        if (empty($login)) {
+            return ['errors' => 'Authentication Failed : login not present in attributes'];
+        }
+        return ['login' => $login];
+    }
    public function getRefreshedToken(Request $request, Response $response)
    {
        $queryParams = $request->getQueryParams();