Index: lang/en_utf8/auth_saml.php
===================================================================
--- lang/en_utf8/auth_saml.php (revisión: 1)
+++ lang/en_utf8/auth_saml.php (copia de trabajo)
@@ -7,7 +7,7 @@
$string['auth_saml_entityid_description'] = 'Entity ID for the SAML2 environment you want to use:
eg: sam.feide.no
';
$string['auth_saml_samllib'] = 'SimpleSAMLPHP Library path';
-$string['auth_saml_samllib_description'] = 'Library path for the SimpleSAMLPHP environment you want to eg: /home/simplesaml';
+$string['auth_saml_samllib_description'] = 'Library path for the SimpleSAMLPHP environment you want to eg: /home/simplesaml/lib';
$string['auth_saml_samlconfig'] = 'SimpleSAMLPHP config directory';
$string['auth_saml_samlconfig_description'] = 'Config directorypath for the SimpleSAMLPHP environment you want to eg: /home/simplesaml/config';
@@ -23,4 +23,5 @@
$string['auth_saml_username'] = 'SAML username mapping';
$string['auth_saml_username_description'] = 'SAML attribute that is mapped to Moodle username - this defaults to mail';
-?>
\ No newline at end of file
+$string['auth_saml_username_error'] = 'IdP returned a set of data that no contain the SAML username mapping field. This field is required to login';
+?>
Index: auth.php
===================================================================
--- auth.php (revisión: 1)
+++ auth.php (copia de trabajo)
@@ -4,10 +4,10 @@
* @license http://www.gnu.org/copyleft/gpl.html GNU Public License
* @package auth/saml
* @version 1.0
- *
+ *
* Authentication Plugin: SAML based SSO Authentication
*
- * Authentication using SAML2 with SimpleSAMLphp.
+ * Authentication using SAML2 with SimpleSAMLphp.
*
* Based on plugins made by Sergio Gómez (moodle_ssp) and Martin Dougiamas (Shibboleth).
*
@@ -25,7 +25,7 @@
* SimpleSAML authentication plugin.
**/
class auth_plugin_saml extends auth_plugin_base {
-
+
/**
* Constructor.
*/
@@ -33,7 +33,7 @@
$this->authtype = 'saml';
$this->config = get_config('auth/saml');
}
-
+
/**
* Returns true if the username and password work and false if they are
* wrong or don't exist.
@@ -48,11 +48,11 @@
unset($GLOBALS['saml_login']);
return TRUE;
}
-
+
return FALSE;
}
-
-
+
+
/**
* Returns the user information for 'external' users. In this case the
* attributes provided by Identity Provider
@@ -63,7 +63,7 @@
if($login_attributes = $GLOBALS['saml_login_attributes']) {
$attributemap = $this->get_attributes();
$result = array();
-
+
foreach ($attributemap as $key => $value) {
if(isset($login_attributes[$value]) && $attribute = $login_attributes[$value][0]) {
$result[$key] = $attribute;
@@ -74,30 +74,30 @@
unset($GLOBALS['saml_login_attributes']);
return $result;
}
-
+
return FALSE;
}
-
+
/*
* Returns array containg attribute mappings between Moodle and Identity Provider.
*/
function get_attributes() {
$configarray = (array) $this->config;
-
+
$fields = array("firstname", "lastname", "email", "phone1", "phone2",
"department", "address", "city", "country", "description",
"idnumber", "lang", "guid");
-
+
$moodleattributes = array();
foreach ($fields as $field) {
if (isset($configarray["field_map_$field"])) {
$moodleattributes[$field] = $configarray["field_map_$field"];
}
}
-
+
return $moodleattributes;
}
-
+
/**
* Returns true if this authentication plugin is 'internal'.
*
@@ -106,7 +106,7 @@
function is_internal() {
return false;
}
-
+
/**
* Returns true if this authentication plugin can change the user's
* password.
@@ -116,11 +116,11 @@
function can_change_password() {
return false;
}
-
+
function loginpage_hook() {
// Prevent username from being shown on login page after logout
$GLOBALS['CFG']->nolastloggedin = true;
-
+
return;
}
@@ -131,7 +131,7 @@
redirect($GLOBALS['CFG']->wwwroot.'/auth/saml/index.php?logout=1');
}
}
-
+
/**
* Prints a form for configuring this authentication plugin.
*
@@ -150,14 +150,14 @@
* do stuff before it is inserted in config_plugin
*/
function validate_form(&$form, &$err) {
- if (!isset ($form->samllib) || !file_exists($form->samllib.'/lib/_autoload.php')) {
+ if (!isset ($form->samllib) || !file_exists($form->samllib.'/_autoload.php')) {
$err['samllib'] = get_string('errorbadlib', 'auth_saml', $form->samllib);
}
if (!isset ($form->samlconfig) || !file_exists($form->samlconfig.'/config.php')) {
$err['samlconfig'] = get_string('errorbadconfig', 'auth_saml', $form->samlconfig);
}
}
-
+
/**
* Processes and stores configuration data for this authentication plugin.
*
@@ -184,18 +184,23 @@
if (!isset ($config->notshowusername)) {
$config->notshowusername = '';
}
-
- // save settings
+ if (!isset ($config->supportcourses)) {
+ $config->supportcourses = '';
+ }
+ if (!isset ($config->samlcourses)) {
+ $config->samlcourses = 'irisUserEntitlement';
+ }
+
+ // save settings
set_config('entityid', $config->entityid, 'auth/saml');
set_config('samllib', $config->samllib, 'auth/saml');
set_config('samlconfig', $config->samlconfig, 'auth/saml');
set_config('username', $config->username, 'auth/saml');
set_config('dologout', $config->dologout, 'auth/saml');
set_config('notshowusername', $config->notshowusername, 'auth/saml');
-
return true;
}
-
+
/**
* Cleans and returns first of potential many values (multi-valued attributes)
*
@@ -204,7 +209,7 @@
function get_first_string($string) {
$list = split( ';', $string);
$clean_string = trim($list[0]);
-
+
return $clean_string;
}
}
Index: config.html
===================================================================
--- config.html (revisión: 1)
+++ config.html (copia de trabajo)
@@ -7,7 +7,7 @@
*
* Authentication Plugin: SAML based SSO Authentication
*
- * Authentication using SAML2 with SimpleSAMLphp.
+ * Authentication using SAML2 with SimpleSAMLphp.
*
* Based on plugins made by Sergio Gómez (moodle_ssp) and Martin Dougiamas (Shibboleth).
*
@@ -28,8 +28,9 @@
$config->samlconfig = '/home/simplesaml/config';
}
if (!isset ($config->username)) {
- $config->userame = 'mail';
+ $config->username = 'mail';
}
+
if (!isset ($config->dologout)) {
$config->dologout = '';
}
@@ -100,6 +101,7 @@
|
+
', true, false);
Index: index.php
===================================================================
--- index.php (revisión: 1)
+++ index.php (copia de trabajo)
@@ -1,16 +1,16 @@
-wantsurl) ? $SESSION->wantsurl : $CFG->wwwroot.'/';
+$wantsurl = isset($SESSION->wantsurl) ? $SESSION->wantsurl : $CFG->wwwroot.'/';
// get the plugin config for saml
$pluginconfig = get_config('auth/saml');
+
// completely discard the Moodle session as it interfers with the SimpleSAMLPHP one
session_destroy();
session_unset();
@@ -49,9 +50,9 @@
session_name($tmp_session);
session_set_cookie_params($tmp_cookie_params['lifetime'], $tmp_cookie_params['path'], $tmp_cookie_params['domain'], $tmp_cookie_params['secure'], $tmp_cookie_params['httponly']);
-// now boot strap SimpleSAMLPHP and get everything that we could
+// now boot strap SimpleSAMLPHP and get everything that we could
// possibly need data wise
-require_once($pluginconfig->samllib . '/lib/_autoload.php');
+require_once($pluginconfig->samllib . '/_autoload.php');
SimpleSAML_Configuration::init($pluginconfig->samlconfig);
$saml_config = SimpleSAML_Configuration::getInstance();
$saml_session = SimpleSAML_Session::getInstance();
@@ -87,37 +88,63 @@
* check that the saml session is OK - if not send to the IdP for authentication
* if good, then do the Moodle login, and send to the home page, or landing page
* if otherwise specified
- *
+ *
* @param boolean $valid_saml_session
* @param object $saml_config
* @param array $pluginconfig
* @param array $saml_attributes
- * @return nothing
+ * @return nothing
*/
function simplesaml_check_and_login($valid_saml_session, $saml_config, $pluginconfig, $saml_attributes) {
global $CFG, $USER, $SESSION;
- if (!$valid_saml_session) { #
+ if (!$valid_saml_session) { #
// not valid session. Ship user off to Identity Provider
- SimpleSAML_Utilities::redirect('/'.$saml_config->getValue('baseurlpath').'saml2/sp/initSSO.php', array('RelayState' => SimpleSAML_Utilities::selfURL(), 'idpentityid' => $pluginconfig->entityid,));
+
+ $initsso_array = array();
+ $initsso_array['RelayState'] = SimpleSAML_Utilities::selfURL();
+
+ if(isset($pluginconfig->entityid) && $pluginconfig->entityid != '') {
+ $initsso_array['idpentityid'] = $pluginconfig->entityid;
+ }
+ SimpleSAML_Utilities::redirect('/'.$saml_config->getValue('baseurlpath').'saml2/sp/initSSO.php', $initsso_array);
} else {
// Valid session. Register or update user in Moodle, log him on, and redirect to Moodle front
-
- // we require the plugin to know that we are now doing a saml login in hook puser_login
+
+ // we require the plugin to know that we are now doing a saml login in hook puser_login
$GLOBALS['saml_login'] = TRUE;
-
+
// make variables accessible to saml->get_userinfo. Information will be requested from authenticate_user_login -> create_user_record / update_user_record
$GLOBALS['saml_login_attributes'] = $saml_attributes;
-
+
+ if ($pluginconfig->username != '') {
+ $username_field = $pluginconfig->username;
+ }
+ else {
+ $username_field = 'mail';
+ }
+
+ if( $pluginconfig->supportcourses && isset($pluginconfig->samlcourses)) {
+ $USER->courses = $saml_attributes[$pluginconfig->samlcourses];
+ }
+ $CFG->notshowusername = $pluginconfig->notshowusername;
+ $CFG->supportcourses = $pluginconfig->supportcourses;
+
// just passes time as a password. User will never log in directly to moodle with this password anyway or so we hope?
- $USER = authenticate_user_login($saml_attributes[$pluginconfig->username][0], time());
+
+ if(!isset($saml_attributes[$username_field])) {
+ error(get_string("auth_saml_username_error", "auth_saml"));
+ }
+
+ $USER = authenticate_user_login($saml_attributes[$username_field][0], time());
$USER->loggedin = true;
$USER->site = $CFG->wwwroot;
-
+
// complete the user login sequence
$USER = get_complete_user_data('id', $USER->id);
+
complete_user_login($USER);
-
+
// just fast copied this from some other module - might not work...
if (isset($SESSION->wantsurl) and (strpos($SESSION->wantsurl, $CFG->wwwroot) === 0)) {
$urltogo = $SESSION->wantsurl;
@@ -129,4 +156,4 @@
}
}
-?>
\ No newline at end of file
+?>