RackTables-SAML.patch (2,864 bytes)
diff -ru RackTables-0.20.4.orig/wwwroot/inc/auth.php RackTables-0.20.4/wwwroot/inc/auth.php
--- RackTables-0.20.4.orig/wwwroot/inc/auth.php 2013-05-20 12:19:03.000000000 +0000
+++ RackTables-0.20.4/wwwroot/inc/auth.php 2013-05-21 15:14:49.000000000 +0000
@@ -30,7 +30,11 @@
if (!isset ($user_auth_src) or !isset ($require_local_account))
throw new RackTablesError ('secret.php: either user_auth_src or require_local_account are missing', RackTablesError::MISCONFIGURED);
if (isset ($_REQUEST['logout']))
+ {
+ if (isset ($user_auth_src) and 'saml' == $user_auth_src)
+ saml_logout ();
throw new RackTablesError ('', RackTablesError::NOT_AUTHENTICATED); // Reset browser credentials cache.
+ }
// Phase 2. Do some method-specific processing, initialize $remote_username on success.
switch (TRUE)
{
@@ -261,7 +265,7 @@
// a wrapper for SAML auth method
function authenticated_via_saml (&$saml_username = NULL, &$saml_displayname = NULL)
{
- global $SAML_options, $debug_mode;
+ global $SAML_options, $debug_mode, $auto_tags;
if (! file_exists ($SAML_options['simplesamlphp_basedir'] . '/lib/_autoload.php'))
throw new RackTablesError ('Configured for SAML authentication, but simplesaml is not found.', RackTablesError::MISCONFIGURED);
require_once ($SAML_options['simplesamlphp_basedir'] . '/lib/_autoload.php');
@@ -271,9 +275,25 @@
$attributes = $as->getAttributes();
$saml_username = saml_getAttributeValue ($attributes, $SAML_options['usernameAttribute']);
$saml_displayname = saml_getAttributeValue ($attributes, $SAML_options['fullnameAttribute']);
+ if (array_key_exists ('groupListAttribute', $SAML_options))
+ {
+ foreach (saml_getAttributeValues ($attributes, $SAML_options['groupListAttribute']) as $autotag)
+ $auto_tags[] = array ('tag' => '$sgcn_' . $autotag);
+ }
return $as->isAuthenticated();
}
+function saml_logout ()
+{
+ global $SAML_options;
+ if (! file_exists ($SAML_options['simplesamlphp_basedir'] . '/lib/_autoload.php'))
+ throw new RackTablesError ('Configured for SAML authentication, but simplesaml is not found.', RackTablesError::MISCONFIGURED);
+ require_once ($SAML_options['simplesamlphp_basedir'] . '/lib/_autoload.php');
+ $as = new SimpleSAML_Auth_Simple ($SAML_options['sp_profile']);
+ header("Location: ".$as->getLogoutURL('/'));
+ exit;
+}
+
function saml_getAttributeValue ($attributes, $name)
{
if (! isset ($attributes[$name]))
@@ -281,6 +301,13 @@
return is_array ($attributes[$name]) ? $attributes[$name][0] : $attributes[$name];
}
+function saml_getAttributeValues ($attributes, $name)
+{
+ if (! isset ($attributes[$name]))
+ return array();
+ return is_array ($attributes[$name]) ? $attributes[$name] : array($attributes[$name]);
+}
+
// a wrapper for two LDAP auth methods below
function authenticated_via_ldap ($username, $password, &$ldap_displayname)
{