WIP : SAML Connection ok. Still disconnection to do.

a4cbf2a3 · Arnaud Pauget · Jerome Boucher · cc2eb917 · a4cbf2a3 · a4cbf2a3
Verified Commit a4cbf2a3 authored 1 year ago by Arnaud Pauget Committed by Jerome Boucher 8 months ago
--- a/core/Request/AbstractRequest.php
+++ b/core/Request/AbstractRequest.php
@@ -179,8 +179,21 @@ abstract class AbstractRequest
                    }
                    break;
                case LAABS_SAML_AUTH:
-                    if (isset($_SERVER['REMOTE_USER']) && isset($_SERVER['AUTH_TYPE'])) {
-                        return new remoteAuthentication($_SERVER['REMOTE_USER'], $_SERVER['AUTH_TYPE']);
+                    $samlLib = \laabs::getSAMLlib();
+                    if (!is_file($samlLib . '/lib/_autoload.php')) {
+                        throw new \Exception("Could not find saml autoload file '$samlLib/lib/_autoload.php'");
+                    }
+                    require_once($samlLib . '/lib/_autoload.php');
+                    $as = new \SimpleSAML\Auth\Simple('default-sp');
+                    $as->requireAuth();
+                    
+                    $attributes = $as->getAttributes();
+                    $login = $attributes['http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name'][0];
+                    if (empty($login)) {
+                        var_dump('Authentication Failed : login not present in attributes');
+                    }
+                    if (isset($login)) {
+                        return new samlAuthentication($login);
                    }
                    break;
            }

--- a/core/Request/samlAuthentication.php
+++ b/core/Request/samlAuthentication.php
@@ -6,14 +6,12 @@ namespace core\Request;
 class samlAuthentication
    extends abstractAuthentication
 {
-    public static $mode = LAABS_REMOTE_AUTH;
+    public static $mode = LAABS_SAML_AUTH;

    public $samlUser;
-    public $authType;

-    public function __construct($samlUser, $authType)
+    public function __construct($samlUser)
    {
        $this->samlUser = $samlUser;
-        $this->authType = $authType;
    }
 }
\ No newline at end of file
--- a/core/laabsAppTrait.php
+++ b/core/laabsAppTrait.php
@@ -1491,4 +1491,16 @@ trait laabsAppTrait
        return self::getList('LAABS_AUTH_MODES');
    }

+    /**
+     * Get the simple SAML libraries
+     *
+     * @return string
+     */
+    public static function getSAMLlib()
+    {
+        if (isset($_SERVER['SAML_LIBRARIES_DIR'])) {
+            return $_SERVER['SAML_LIBRARIES_DIR'];
+        }
+    }
+
 }
--- a/src/bundle/auth/Controller/userAuthentication.php
+++ b/src/bundle/auth/Controller/userAuthentication.php
@@ -358,5 +358,18 @@ class userAuthentication

        \laabs::unsetToken("AUTH");
        \laabs::unsetToken("ORGANIZATION");
+
+        // Redirect to SSO disconnect is saml is enabled
+        $authModes = \laabs::getAuthModes();
+        if (in_array("saml", $authModes)) {
+            $samlLib = \laabs::getSAMLlib();
+            if (!is_file($samlLib . '/lib/_autoload.php')) {
+                throw new \Exception("Could not find saml autoload file '$samlLib/lib/_autoload.php'");
+            }
+            require_once($samlLib . '/lib/_autoload.php');
+            $as = new \SimpleSAML\Auth\Simple('default-sp');
+            header('Location: ' . $as->getLogoutURL());
+            exit;
+        }
    }
 }
--- a/src/presentation/maarchRM/Observer/authentication.php
+++ b/src/presentation/maarchRM/Observer/authentication.php
@@ -122,6 +122,21 @@ class authentication
                        }
                        break;

+                    case LAABS_SAML_AUTH:
+                        try {
+                            $userAuthenticationController = \laabs::newController('auth/userAuthentication');
+                            $this->requestToken = $this->account = $userAuthenticationController->logRemoteUser($requestAuth->samlUser);
+                            $this->accountId = $this->account->accountId;
+
+                            \laabs::kernel()->response->code = 307;
+                            \laabs::kernel()->response->setHeader('Location', '/');
+                            \laabs::kernel()->sendResponse();
+                            \laabs::kernel()->end();
+                        } catch (\Exception $e) {
+                            throw $e;
+                        }
+                        break;
+
                    /*case LAABS_DIGEST_AUTH:
                        if ($this->authenticationService->logIn($requestAuth->username, $requestAuth->nonce, $requestAuth->uri, $requestAuth->response, $requestAuth->qop, $requestAuth->nc, $requestAuth->cnonce)) {
                            $token = $this->encrypt($_SESSION['dependency']['authentication']['credential']);