Loading .htaccess +9 −0 Original line number Diff line number Diff line Loading @@ -3,3 +3,12 @@ RewriteEngine On RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^(.*)$ index.php [QSA,L] # mod_rewrite changes some Shibboleth headers # this restores them: SetEnvIf REDIRECT_Shib-Session-ID (.+) Shib-Session-ID=$1 SetEnvIf REDIRECT_eppn (.+) eppn=$1 SetEnvIf REDIRECT_mail (.+) mail=$1 SetEnvIf REDIRECT_givenName (.+) givenName=$1 SetEnvIf REDIRECT_sn (.+) sn=$1 auth/x509/index.php 0 → 100644 +19 −0 Original line number Diff line number Diff line <?php /* It is necessary to use this index file inside /auth/x509 * because mod_rewrite (used by the Flight framework to * create a front controller) changes some of the SSL headers * and SSL client certificate is not recognized anymore */ chdir(dirname(__FILE__)); include '../../include/init.php'; // Session must be started after classes inclusion in order // to avoid __PHP_Incomplete_Class Object error session_start(); $x509Login = new \RAP\X509Login($locator); $url = $x509Login->login(); header("Location: $url"); die(); classes/login/ShibbolethLogin.php +6 −12 Original line number Diff line number Diff line Loading @@ -10,26 +10,20 @@ class ShibbolethLogin extends LoginHandler { public function login() { $prefix = ''; if (isset($_SERVER['Shib-Session-ID']) || $redirect = isset($_SERVER['REDIRECT_Shib-Session-ID'])) { if (isset($_SERVER['REDIRECT_Shib-Session-ID'])) { $prefix = 'REDIRECT_'; } if (isset($_SERVER['Shib-Session-ID'])) { // Retrieving eduPersonPrincipalName (eppn) $eppn = $_SERVER[$prefix . 'eppn']; $eppn = $_SERVER['eppn']; // Search if the user is already registered into RAP using the eppn. // The persistent id should be a more appropriate identifier, however at IA2 // we need to import all INAF user into RAP, even if they will never register, // and in that case we know only their eppn. return $this->onIdentityDataReceived($eppn, function($identity) use($eppn, $prefix) { $identity->email = $_SERVER[$prefix . 'mail']; $identity->name = $_SERVER[$prefix . 'givenName']; $identity->surname = $_SERVER[$prefix . 'sn']; return $this->onIdentityDataReceived($eppn, function($identity) use($eppn) { $identity->email = $_SERVER['mail']; $identity->name = $_SERVER['givenName']; $identity->surname = $_SERVER['sn']; $identity->eppn = $eppn; }); } else { Loading classes/login/X509Login.php +1 −1 Original line number Diff line number Diff line Loading @@ -14,7 +14,7 @@ class X509Login extends LoginHandler { if (isset($_SERVER['SSL_CLIENT_VERIFY']) && isset($_SERVER['SSL_CLIENT_V_REMAIN']) && $_SERVER['SSL_CLIENT_VERIFY'] === 'SUCCESS' && $_SERVER['SSL_CLIENT_V_REMAIN'] > 0) { $x509Data = RAP\X509Data::parse($_SERVER); $x509Data = X509Data::parse($_SERVER); $this->x509Data = $x509Data; return $this->onIdentityDataReceived($x509Data->serialNumber, function($identity) use ($x509Data) { Loading config-example.json +1 −1 Original line number Diff line number Diff line Loading @@ -31,7 +31,7 @@ "secret": "XXXXXX", "callback": "/auth/social/linkedin/token" }, "X.509": {}, "X509": {}, "LocalIdP": { "url": "https://sso.ia2.inaf.it/Shibboleth.sso/Login?entityID=https://sso.ia2.inaf.it/idp/shibboleth&target=https://sso.ia2.inaf.it/rap-ia2/auth/saml2/aai.php", "logo": "img/ia2-logo-60x60.png", Loading Loading
.htaccess +9 −0 Original line number Diff line number Diff line Loading @@ -3,3 +3,12 @@ RewriteEngine On RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^(.*)$ index.php [QSA,L] # mod_rewrite changes some Shibboleth headers # this restores them: SetEnvIf REDIRECT_Shib-Session-ID (.+) Shib-Session-ID=$1 SetEnvIf REDIRECT_eppn (.+) eppn=$1 SetEnvIf REDIRECT_mail (.+) mail=$1 SetEnvIf REDIRECT_givenName (.+) givenName=$1 SetEnvIf REDIRECT_sn (.+) sn=$1
auth/x509/index.php 0 → 100644 +19 −0 Original line number Diff line number Diff line <?php /* It is necessary to use this index file inside /auth/x509 * because mod_rewrite (used by the Flight framework to * create a front controller) changes some of the SSL headers * and SSL client certificate is not recognized anymore */ chdir(dirname(__FILE__)); include '../../include/init.php'; // Session must be started after classes inclusion in order // to avoid __PHP_Incomplete_Class Object error session_start(); $x509Login = new \RAP\X509Login($locator); $url = $x509Login->login(); header("Location: $url"); die();
classes/login/ShibbolethLogin.php +6 −12 Original line number Diff line number Diff line Loading @@ -10,26 +10,20 @@ class ShibbolethLogin extends LoginHandler { public function login() { $prefix = ''; if (isset($_SERVER['Shib-Session-ID']) || $redirect = isset($_SERVER['REDIRECT_Shib-Session-ID'])) { if (isset($_SERVER['REDIRECT_Shib-Session-ID'])) { $prefix = 'REDIRECT_'; } if (isset($_SERVER['Shib-Session-ID'])) { // Retrieving eduPersonPrincipalName (eppn) $eppn = $_SERVER[$prefix . 'eppn']; $eppn = $_SERVER['eppn']; // Search if the user is already registered into RAP using the eppn. // The persistent id should be a more appropriate identifier, however at IA2 // we need to import all INAF user into RAP, even if they will never register, // and in that case we know only their eppn. return $this->onIdentityDataReceived($eppn, function($identity) use($eppn, $prefix) { $identity->email = $_SERVER[$prefix . 'mail']; $identity->name = $_SERVER[$prefix . 'givenName']; $identity->surname = $_SERVER[$prefix . 'sn']; return $this->onIdentityDataReceived($eppn, function($identity) use($eppn) { $identity->email = $_SERVER['mail']; $identity->name = $_SERVER['givenName']; $identity->surname = $_SERVER['sn']; $identity->eppn = $eppn; }); } else { Loading
classes/login/X509Login.php +1 −1 Original line number Diff line number Diff line Loading @@ -14,7 +14,7 @@ class X509Login extends LoginHandler { if (isset($_SERVER['SSL_CLIENT_VERIFY']) && isset($_SERVER['SSL_CLIENT_V_REMAIN']) && $_SERVER['SSL_CLIENT_VERIFY'] === 'SUCCESS' && $_SERVER['SSL_CLIENT_V_REMAIN'] > 0) { $x509Data = RAP\X509Data::parse($_SERVER); $x509Data = X509Data::parse($_SERVER); $this->x509Data = $x509Data; return $this->onIdentityDataReceived($x509Data->serialNumber, function($identity) use ($x509Data) { Loading
config-example.json +1 −1 Original line number Diff line number Diff line Loading @@ -31,7 +31,7 @@ "secret": "XXXXXX", "callback": "/auth/social/linkedin/token" }, "X.509": {}, "X509": {}, "LocalIdP": { "url": "https://sso.ia2.inaf.it/Shibboleth.sso/Login?entityID=https://sso.ia2.inaf.it/idp/shibboleth&target=https://sso.ia2.inaf.it/rap-ia2/auth/saml2/aai.php", "logo": "img/ia2-logo-60x60.png", Loading
