diff --git a/info.textgrid.middleware.tgauth.webauth/secure/PutAttributes.php b/info.textgrid.middleware.tgauth.webauth/secure/PutAttributes.php
deleted file mode 100755
index 3a493661fba0470ae830dec4a263d032e8cea1a5..0000000000000000000000000000000000000000
--- a/info.textgrid.middleware.tgauth.webauth/secure/PutAttributes.php
+++ /dev/null
@@ -1,115 +0,0 @@
-<?php
-// #######################################################
-// Author: Martin Haase / DAASI International GmbH / TextGrid
-// Creation date: 2010-10-19
-// Modification date: 2010-XX
-// Version: 0.1
-// #######################################################
-
-include("../tglib/RBAC.class.php");
-include("../tglib/LDAP.class.php");
-include("../tglib/WebUtils.class.php");
-
-
-$configfile = "/etc/textgrid/tgauth/conf/config_tgwebauth.xml";
-
-$util = new WebUtils;
-
-$authZinstance = $_REQUEST["authZinstance"];
-$remote_user = $_REQUEST["remote_user"];
-
-if ($_REQUEST["loginmode"] == 1) {
- $loginmode = TRUE;
-} else {
- $loginmode = FALSE;
-}
-
-if ( !(isset($authZinstance)) || strlen($authZinstance) <= 0 ) {
- $util->printAuthFailure("No TgAuth Instance provided",
- "Please provide a valid string in the authZinstance variable.",
- null,
- null );
- exit;
-}
-
-$rbac = new RBAC ( $configfile, $authZinstance );
-
-$Sid = $_REQUEST["Sid"];
-
-$attributes = $rbac->getUserAttributes( $Sid );
-// we always need one more argument, as PHP'S SOAP lib simplifies structures
-// s.t. if we only want to modify exactly one attr,
-// (it turns a:1{o:2{name,n,value,v}} into a:2{name,n,value,v})
-$newattributes = array("gnuelpfix");
-$thedisplayname = "anonymous";
-
-foreach ($attributes as $a) {
- if ($util->isBoolean($a)) {
- if (isset ( $_REQUEST[$a->name] ) && $_REQUEST[$a->name] === "on") {
- $na = new StdClass();
- $na->name = $a->name;
- $na->value = "TRUE";
- $newattributes[] = $na;
- } else {
- $na = new StdClass();
- $na->name = $a->name;
- $na->value = "FALSE";
- $newattributes[] = $na;
- }
- } else if (isset ( $_REQUEST[$a->name])
- && strlen($_REQUEST[$a->name]) > 0
- && (!isset ($a->value)
- || ( isset( $a->value)
- && !($_REQUEST[$a->name] === $a->value)))) {
- $na = new StdClass();
- $na->name = $a->name;
- $na->value = $_REQUEST[$a->name];
- $newattributes[] = $na;
- }
- if ($a->name === "displayname" && isset ($a->value)) { // set Display Name
- $thedisplayname = $a->value;
- }
-}
-#$file = fopen ("/tmp/xxxPut.log", "w+");
-#fwrite ($file, "putting these attrs: ". serialize ($newattributes) ."\n");
-#fclose ($file);
-
-
-// write in RBAC
-$res = $rbac->setAttributes($newattributes, $Sid, $loginmode );
-
-// write in LDAP if it is a textgrid.de account and something relevant changed
-// AND if setAttributes returned success, i.e. the SID was valid
-if (stripos($remote_user, "@textgrid.de") > 0 && is_object($res) && $res->result == true) {
- $ldap = new LDAP ( $configfile );
- $ldapres = $ldap->setUserAttributes($newattributes, $remote_user);
- if ($ldapres["success"] == FALSE) {
- echo "Could not modify base data in community LDAP: ";
- echo $ldapres["detail"];
- exit;
- }
-}
-
-if ((is_array($res) && $res['success'] == FALSE) || (is_object($res) && $res->result == FALSE)) {
- echo "something went wrong". serialize($res);
- exit;
-}
-
-if ($loginmode) {
- $util->printAuthSuccess("Authentication Succeeded",
- $thedisplayname,
- array("remote_user" => $remote_user,
- "scstatus" => "set Attributes",
- "Sid" => $Sid,
- "authZinstance" => $authZinstance,
- "identity_provider" => "unknown",
- "identified_user" => array("authnmethod" => "ePPN")
- ),
- $rbac->slcData()
- );
-} else {
- $util->printSetAttributesSuccess($thedisplayname);
-}
-exit;
-
-?>
\ No newline at end of file
diff --git a/info.textgrid.middleware.tgauth.webauth/secure/iso3166_en_code_lists.txt b/info.textgrid.middleware.tgauth.webauth/secure/iso3166_en_code_lists.txt
deleted file mode 100644
index f1bb23437842a7b458e2d6f029020428d6d125e2..0000000000000000000000000000000000000000
--- a/info.textgrid.middleware.tgauth.webauth/secure/iso3166_en_code_lists.txt
+++ /dev/null
@@ -1,248 +0,0 @@
-This list states the country names (official short names in English) in alphabetical order as given in ISO 3166-1 and the corresponding ISO 3166-1-alpha-2 code elements. The list is updated whenever a change to the official code list in ISO 3166-1 is effected by the ISO 3166/MA. It lists 240 official short names and code elements. One line of text contains one entry. A country name and its code element are separated by a semicolon (;).
-
-AFGHANISTAN;AF
-ÅLAND ISLANDS;AX
-ALBANIA;AL
-ALGERIA;DZ
-AMERICAN SAMOA;AS
-ANDORRA;AD
-ANGOLA;AO
-ANGUILLA;AI
-ANTARCTICA;AQ
-ANTIGUA AND BARBUDA;AG
-ARGENTINA;AR
-ARMENIA;AM
-ARUBA;AW
-AUSTRALIA;AU
-AUSTRIA;AT
-AZERBAIJAN;AZ
-BAHAMAS;BS
-BAHRAIN;BH
-BANGLADESH;BD
-BARBADOS;BB
-BELARUS;BY
-BELGIUM;BE
-BELIZE;BZ
-BENIN;BJ
-BERMUDA;BM
-BHUTAN;BT
-BOLIVIA, PLURINATIONAL STATE OF;BO
-BOSNIA AND HERZEGOVINA;BA
-BOTSWANA;BW
-BOUVET ISLAND;BV
-BRAZIL;BR
-BRITISH INDIAN OCEAN TERRITORY;IO
-BRUNEI DARUSSALAM;BN
-BULGARIA;BG
-BURKINA FASO;BF
-BURUNDI;BI
-CAMBODIA;KH
-CAMEROON;CM
-CANADA;CA
-CAPE VERDE;CV
-CAYMAN ISLANDS;KY
-CENTRAL AFRICAN REPUBLIC;CF
-CHAD;TD
-CHILE;CL
-CHINA;CN
-CHRISTMAS ISLAND;CX
-COCOS (KEELING) ISLANDS;CC
-COLOMBIA;CO
-COMOROS;KM
-CONGO;CG
-CONGO, THE DEMOCRATIC REPUBLIC OF THE;CD
-COOK ISLANDS;CK
-COSTA RICA;CR
-CÔTE D'IVOIRE;CI
-CROATIA;HR
-CUBA;CU
-CYPRUS;CY
-CZECH REPUBLIC;CZ
-DENMARK;DK
-DJIBOUTI;DJ
-DOMINICA;DM
-DOMINICAN REPUBLIC;DO
-ECUADOR;EC
-EGYPT;EG
-EL SALVADOR;SV
-EQUATORIAL GUINEA;GQ
-ERITREA;ER
-ESTONIA;EE
-ETHIOPIA;ET
-FALKLAND ISLANDS (MALVINAS);FK
-FAROE ISLANDS;FO
-FIJI;FJ
-FINLAND;FI
-FRANCE;FR
-FRENCH GUIANA;GF
-FRENCH POLYNESIA;PF
-FRENCH SOUTHERN TERRITORIES;TF
-GABON;GA
-GAMBIA;GM
-GEORGIA;GE
-GERMANY;DE
-GHANA;GH
-GIBRALTAR;GI
-GREECE;GR
-GREENLAND;GL
-GRENADA;GD
-GUADELOUPE;GP
-GUAM;GU
-GUATEMALA;GT
-GUERNSEY;GG
-GUINEA;GN
-GUINEA-BISSAU;GW
-GUYANA;GY
-HAITI;HT
-HEARD ISLAND AND MCDONALD ISLANDS;HM
-HOLY SEE (VATICAN CITY STATE);VA
-HONDURAS;HN
-HONG KONG;HK
-HUNGARY;HU
-ICELAND;IS
-INDIA;IN
-INDONESIA;ID
-IRAN, ISLAMIC REPUBLIC OF;IR
-IRAQ;IQ
-IRELAND;IE
-ISLE OF MAN;IM
-ISRAEL;IL
-ITALY;IT
-JAMAICA;JM
-JAPAN;JP
-JERSEY;JE
-JORDAN;JO
-KAZAKHSTAN;KZ
-KENYA;KE
-KIRIBATI;KI
-KOREA, DEMOCRATIC PEOPLE'S REPUBLIC OF;KP
-KOREA, REPUBLIC OF;KR
-KUWAIT;KW
-KYRGYZSTAN;KG
-LAO PEOPLE'S DEMOCRATIC REPUBLIC;LA
-LATVIA;LV
-LEBANON;LB
-LESOTHO;LS
-LIBERIA;LR
-LIBYAN ARAB JAMAHIRIYA;LY
-LIECHTENSTEIN;LI
-LITHUANIA;LT
-LUXEMBOURG;LU
-MACAO;MO
-MACEDONIA, THE FORMER YUGOSLAV REPUBLIC OF;MK
-MADAGASCAR;MG
-MALAWI;MW
-MALAYSIA;MY
-MALDIVES;MV
-MALI;ML
-MALTA;MT
-MARSHALL ISLANDS;MH
-MARTINIQUE;MQ
-MAURITANIA;MR
-MAURITIUS;MU
-MAYOTTE;YT
-MEXICO;MX
-MICRONESIA, FEDERATED STATES OF;FM
-MOLDOVA, REPUBLIC OF;MD
-MONACO;MC
-MONGOLIA;MN
-MONTENEGRO;ME
-MONTSERRAT;MS
-MOROCCO;MA
-MOZAMBIQUE;MZ
-MYANMAR;MM
-NAMIBIA;NA
-NAURU;NR
-NEPAL;NP
-NETHERLANDS;NL
-NETHERLANDS ANTILLES;AN
-NEW CALEDONIA;NC
-NEW ZEALAND;NZ
-NICARAGUA;NI
-NIGER;NE
-NIGERIA;NG
-NIUE;NU
-NORFOLK ISLAND;NF
-NORTHERN MARIANA ISLANDS;MP
-NORWAY;NO
-OMAN;OM
-PAKISTAN;PK
-PALAU;PW
-PALESTINIAN TERRITORY, OCCUPIED;PS
-PANAMA;PA
-PAPUA NEW GUINEA;PG
-PARAGUAY;PY
-PERU;PE
-PHILIPPINES;PH
-PITCAIRN;PN
-POLAND;PL
-PORTUGAL;PT
-PUERTO RICO;PR
-QATAR;QA
-REUNION;RE
-ROMANIA;RO
-RUSSIAN FEDERATION;RU
-RWANDA;RW
-SAINT BARTHÉLEMY;BL
-SAINT HELENA;SH
-SAINT KITTS AND NEVIS;KN
-SAINT LUCIA;LC
-SAINT MARTIN;MF
-SAINT PIERRE AND MIQUELON;PM
-SAINT VINCENT AND THE GRENADINES;VC
-SAMOA;WS
-SAN MARINO;SM
-SAO TOME AND PRINCIPE;ST
-SAUDI ARABIA;SA
-SENEGAL;SN
-SERBIA;RS
-SEYCHELLES;SC
-SIERRA LEONE;SL
-SINGAPORE;SG
-SLOVAKIA;SK
-SLOVENIA;SI
-SOLOMON ISLANDS;SB
-SOMALIA;SO
-SOUTH AFRICA;ZA
-SOUTH GEORGIA AND THE SOUTH SANDWICH ISLANDS;GS
-SPAIN;ES
-SRI LANKA;LK
-SUDAN;SD
-SURINAME;SR
-SVALBARD AND JAN MAYEN;SJ
-SWAZILAND;SZ
-SWEDEN;SE
-SWITZERLAND;CH
-SYRIAN ARAB REPUBLIC;SY
-TAIWAN, PROVINCE OF CHINA;TW
-TAJIKISTAN;TJ
-TANZANIA, UNITED REPUBLIC OF;TZ
-THAILAND;TH
-TIMOR-LESTE;TL
-TOGO;TG
-TOKELAU;TK
-TONGA;TO
-TRINIDAD AND TOBAGO;TT
-TUNISIA;TN
-TURKEY;TR
-TURKMENISTAN;TM
-TURKS AND CAICOS ISLANDS;TC
-TUVALU;TV
-UGANDA;UG
-UKRAINE;UA
-UNITED ARAB EMIRATES;AE
-UNITED KINGDOM;GB
-UNITED STATES;US
-UNITED STATES MINOR OUTLYING ISLANDS;UM
-URUGUAY;UY
-UZBEKISTAN;UZ
-VANUATU;VU
-VENEZUELA;VE
-VIET NAM;VN
-VIRGIN ISLANDS, BRITISH;VG
-VIRGIN ISLANDS, U.S.;VI
-WALLIS AND FUTUNA;WF
-WESTERN SAHARA;EH
-YEMEN;YE
-ZAMBIA;ZM
-ZIMBABWE;ZW
diff --git a/info.textgrid.middleware.tgauth.webauth/tglib/LDAP.class.php b/info.textgrid.middleware.tgauth.webauth/tglib/LDAP.class.php
deleted file mode 100644
index d6d9206fa46b69cc77cb45938aa09fe28d39da61..0000000000000000000000000000000000000000
--- a/info.textgrid.middleware.tgauth.webauth/tglib/LDAP.class.php
+++ /dev/null
@@ -1,176 +0,0 @@
-<?php
-// #######################################################
-// Author: Martin Haase / DAASI International GmbH / TextGrid
-// Creation date: 2010-09-23
-// Modification date: 2010-09-03
-// Version: 0.1
-// based on authenticate.php
-// #######################################################
-
-mb_internal_encoding("UTF-8");
-
-class LDAP {
-
- // Global variables
- protected $UserAttributes = array();
- protected $ldaphost;
- protected $ldapport;
- protected $binddn;
- protected $filter;
- protected $IDattribute;
- protected $LDAPname;
- public $availableAttributes = array("o", "sn", "givenName", "cn", "mail");
- public $AttributeMap = Array ('surname' => 'sn',
-// StefanS will 'o' nicht User-Modifizierbar; daher wird
-// es nur in RBAC und nicht in DARIAH LDAP geschrieben
-// 'organisation' => 'o',
- 'givenname' => 'givenName',
- 'displayname' => 'cn',
- 'mail' => 'mail',
- 'orgunit' => 'ou',
- 'street' => 'street',
- 'plz' => 'postalCode',
- 'city' => 'l',
- 'tel' => 'telephoneNumber',
- 'interest' => 'dariahResearchInterests',
- 'personid' => 'dariahResearcherId'
- );
-
- public function __construct( $configfilepath ) {
- $config = new DOMDocument();
- $config->load($configfilepath);
- $xpath = new DOMXPath($config);
- $xpath->registerNamespace("c", "http://textgrid.info/namespaces/middleware/tgwebauth");
-
- $this->ldaphost = $xpath->query("/c:conf/c:authn[@type='community']/c:key[@name='host']")->item(0)->nodeValue;
- $this->ldapport = $xpath->query("/c:conf/c:authn[@type='community']/c:key[@name='port']")->item(0)->nodeValue;
- $this->binddn = $xpath->query("/c:conf/c:authn[@type='community']/c:key[@name='binddn']")->item(0)->nodeValue;
- $this->basedn = $xpath->query("/c:conf/c:authn[@type='community']/c:key[@name='basedn']")->item(0)->nodeValue;
- $this->filter = $xpath->query("/c:conf/c:authn[@type='community']/c:key[@name='filter']")->item(0)->nodeValue;
- $this->IDattribute = $xpath->query("/c:conf/c:authn[@type='community']/c:key[@name='IDattribute']")->item(0)->nodeValue;
- $this->LDAPname = $xpath->query("/c:conf/c:authn[@type='community']/c:key[@name='name']")->item(0)->nodeValue;
- $this->setAttributesDN = $xpath->query("/c:conf/c:authn[@type='community']/c:key[@name='setAttributesDN']")->item(0)->nodeValue;
- $this->setAttributesPW = $xpath->query("/c:conf/c:authn[@type='community']/c:key[@name='setAttributesPW']")->item(0)->nodeValue;
-
- $this->IDattribute = explode ( ";", $this->IDattribute );
- }
-
- public function authenticate ($login, $password) {
- $ldapconn = ldap_connect( $this->ldaphost, $this->ldapport );
- // ldap_connect always returns a handle, does not connect yet
- // or return array("success" => FALSE, "detail" => "Cannot connect to {$ldaphost}!");
-
- ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
- //ldap_start_tls( $ldapconn );
-
- $binddn = preg_replace ('/\${login}/', $login, $this->binddn);
- $bound = ldap_bind($ldapconn, $binddn , $password);
- if (!$bound) {
- return array("success" => FALSE,
- "detail" => "Authentication failed, reason: " . ldap_error ($ldapconn));
- } else {
- //echo "Could bind as user ${login}!";
- $filter = preg_replace ('/\${login}/', $login, $this->filter);
- $result = ldap_search( $ldapconn, $this->basedn, $filter);
- $entry = ldap_first_entry( $ldapconn , $result );
-
- $this->UserAttributes = ldap_get_attributes ($ldapconn , $entry);
-
- foreach ( $this->IDattribute as $idattr ) {
- if ( isset ( $this->UserAttributes[$idattr] ) ) {
- $TGID = $this->UserAttributes[$idattr][0];
- break;
- }
- }
-
-// $TGID = $this->UserAttributes[$this->IDattribute][0];
-
- return array("success" => TRUE, "TGID" => $TGID, "LDAPname" => $this->LDAPname);
- }
- }
-
- public function getUserAttributes () {
- $rethash = array();
- foreach ($this->availableAttributes as $a) {
- if ( isset($this->UserAttributes[$a])) {
- $vals = array();
- for ($i=0; $i<$this->UserAttributes[$a]['count']; $i++) {
- $vals[] = $this->UserAttributes[$a][$i];
- }
- $rethash[$a] = implode (';', $vals);
- }
- }
- return $rethash;
- }
-
-// Users will be modified via DARIAH SelfService at a later stage
- public function setUserAttributes ($attrHash, $remote_user) {
-
- $arrModify = Array();
- $needsModification = FALSE;
- $sendOutMail = FALSE;
-
- foreach ($attrHash as $a) {
- if (is_object($a) && in_array($a->name, array_keys ($this->AttributeMap))) {
- $arrModify[$this->AttributeMap[$a->name]][] = $a->value;
- $needsModification = TRUE;
- if ($a->name === "mail") {
- $sendOutMail = $a->value;
- }
- }
- }
-
- if (! $needsModification ) {
- return array("success" => TRUE,
- "detail" => "Nothing to do");
- }
-
-
- $ldapconn = ldap_connect( $this->ldaphost, $this->ldapport );
- // ldap_connect always returns a handle, does not connect yet
- // or return array("success" => FALSE, "detail" => "Cannot connect to {$ldaphost}!");
-
- ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
- //ldap_start_tls( $ldapconn );
-
- $bound = ldap_bind($ldapconn, $this->setAttributesDN , $this->setAttributesPW);
- if (!$bound) {
- return array("success" => FALSE,
- "detail" => "Authentication failed, reason: " . ldap_error ($ldapconn));
- } else {
-
- $filter = "(|";
- foreach ( $this->IDattribute as $idattr ) {
- $filter .= "(". $idattr."=".$remote_user.")";
- }
- $filter .= ")";
-
- $result = ldap_search( $ldapconn, $this->basedn, $filter);
- if ($result === FALSE ) {
- return array("success" => FALSE,
- "detail" => "Could not find this user with the filter: ".$filter . ldap_error ($ldapconn));
- }
- $entry = ldap_first_entry( $ldapconn , $result );
- $oldmailsArr = ldap_get_values ($ldapconn, $entry, "mail");
- if ($sendOutMail !== FALSE) {
- $this->sendmailOut($oldmailsArr, $sendOutMail );
- }
-
- $modifyResult = ldap_modify($ldapconn, ldap_get_dn($ldapconn, $entry), $arrModify);
-
- if ($modifyResult == FALSE ) {
- return array("success" => FALSE,
- "detail" => "Could not modify this user:" . ldap_error ($ldapconn));
- }
- return array("success" => TRUE, "detail" => "Alles bestens");
- }
- }
-
- public function sendmailOut($oldmailsArr, $newMail ) {
-
- }
-
-
-}
-
-?>
\ No newline at end of file
diff --git a/info.textgrid.middleware.tgauth.webauth/tglib/RBAC.class.php b/info.textgrid.middleware.tgauth.webauth/tglib/RBAC.class.php
index 2e7b2e4030d780764c5a496f40af6e53b17302cf..d380a85954aa4c268550e9c1f141f6280a531ab9 100644
--- a/info.textgrid.middleware.tgauth.webauth/tglib/RBAC.class.php
+++ b/info.textgrid.middleware.tgauth.webauth/tglib/RBAC.class.php
@@ -27,10 +27,6 @@ class RBAC {
protected $soapReview;
protected $soapAdministration;
- protected $userAttributes;
-
- protected $SLCdata;
-
public function __construct( $configfilepath , $authZinstance ) {
require_once( "soapTypes.inc.php" );
@@ -48,23 +44,7 @@ class RBAC {
$this->sessionCreatorUid = $xpath->query("/c:conf/c:authz[@instance='${authZinstance}']/c:sessioncreator/c:user")->item(0)->nodeValue;
$this->sessionCreatorPw = $xpath->query("/c:conf/c:authz[@instance='${authZinstance}']/c:sessioncreator/c:password")->item(0)->nodeValue;
$this->setnamessecret = $xpath->query("/c:conf/c:authz[@instance='${authZinstance}']/c:setnamessecret")->item(0)->nodeValue;
- $this->ToUversion = $xpath->query("/c:conf/c:authz[@instance='${authZinstance}']/c:termsOfUse/c:version")->item(0)->nodeValue;
- $this->ToUFileName = $xpath->query("/c:conf/c:authz[@instance='${authZinstance}']/c:termsOfUse/c:text")->item(0)->nodeValue;
- $this->ToUtext = file_get_contents ( $this->ToUFileName );
-
- $this->SLCdata = array();
- $slcSupportEnabling = $xpath->query("/c:conf/c:authz[@instance='${authZinstance}']/c:SLCsupport/@enable");
- if ($slcSupportEnabling->length > 0 && $slcSupportEnabling->item(0)->nodeValue === 'true') {
- $this->SLCdata['slcMode'] = TRUE;
- $this->SLCdata['slcEntitlementAttributeName'] = $xpath->query("/c:conf/c:authz[@instance='${authZinstance}']/c:SLCsupport/c:entitlementAttr/@name")->item(0)->nodeValue;
- $this->SLCdata['slcEntitlementAttributeValue'] = $xpath->query("/c:conf/c:authz[@instance='${authZinstance}']/c:SLCsupport/c:entitlementAttr")->item(0)->nodeValue;
- $this->SLCdata['slcPortalDelegationURL'] = $xpath->query("/c:conf/c:authz[@instance='${authZinstance}']/c:SLCsupport/c:portalDelegationURL")->item(0)->nodeValue;
- $this->SLCdata['slcNoDelegationURL'] = $xpath->query("/c:conf/c:authz[@instance='${authZinstance}']/c:SLCsupport/c:noDelegationURL")->item(0)->nodeValue;
- } else {
- $this->SLCdata['slcMode'] = FALSE;
- }
-
// -----------------------------------------------------
// You'll need these services
// -----------------------------------------------------
@@ -76,10 +56,6 @@ class RBAC {
}
- public function slcData() {
- return $this->SLCdata;
- }
-
public function createSession ( $remote_user ) {
$rbachash = array("scstatus" => "", // will collect all messages during authentication
@@ -95,11 +71,6 @@ class RBAC {
"user" => $matches[1],
"scope" => $matches[2] );
- $identified_user['user'] = $this->escapeForDN ($identified_user['user']);
- $identified_user['scope'] = $this->escapeForDN ($identified_user['scope']);
-
- $remote_user = $identified_user['user'] . "@" . $identified_user['scope'];
-
$rbachash["identified_user"] = $identified_user;
$rbachash["remote_user"] = $remote_user; // TG User ID
@@ -168,47 +139,8 @@ class RBAC {
// -----------------------------------------------------
// Check whether user exists already in RBAC
// -----------------------------------------------------
- $userexistreq = new userExistsRequest();
- $userexistreq->auth = $serviceAuthResponse->auth;
- $userexistreq->username = $remote_user;
+ // ---> we do not need this anymore since users are in DARIAH
- try {
- $existresult = $this->soapExtra->userExists($userexistreq);
- if (! $existresult->result) {
-
- // -----------------------------------------------
- // User does not exist, so add 'em
- $adduserrequest = new addUserRequest();
- $adduserrequest->intSid = $serviceAuthResponse->auth;
- $adduserrequest->username = $remote_user;
- $adduserrequest->password = "gnuelpfix"; // this is not relevant and will never be checked
-
- try {
- $addedUser = $this->soapAdministration->addUser($adduserrequest);
- if ($addedUser) {
- $rbachash["scstatus"] .= "Added user information to authorization database; ";
- } else {
- return array("success" => FALSE,
- "rbachash" => $rbachash,
- "detail" => "Could not add your user ID to authorization database." );
- exit;
- }
-
- } catch(SoapFault $f) {
- return array("success" => FALSE,
- "rbachash" => $rbachash,
- "detail" => "SOAP FAULT (AddUser)!: " . $f->faultcode . " / " . $f->faultstring);
- exit;
- }
- } else {
- $rbachash["scstatus"] .= "user exists in authentication database; ";
- }
- } catch (SoapFault $f) {
- return array("success" => FALSE,
- "rbachash" => $rbachash,
- "detail" => "SOAP FAULT (UserExists)!: " . $f->faultcode . " / " . $f->faultstring);
- exit;
- }
// -----------------------------------------------------
// If this was successful you can create the session for remote_user
@@ -296,84 +228,6 @@ class RBAC {
"rbachash" => $rbachash);
}
- // see RFC XYZ, DN Syntax
- function escapeForDN ($string) {
- return preg_replace('/[";+<>,\\\]/', "X", $string);
- }
-
- function getUserAttributes ( $Sid ) {
- $getMyUAR = new StdClass();
- $getMyUAR->auth = $Sid;
-
- try {
- $ua = $this->soapExtra->getMyUserAttributes($getMyUAR);
- $this->userAttributes = $ua->attribute;
- return $ua->attribute;
- } catch (SoapFault $f) {
- return array("success" => FALSE,
- "detail" => "SOAP FAULT (getMyUserAttributes)!: " . serialize ($f) );
- }
-
- }
-
- function enoughUserAttributes ( $Sid ) {
- if (!isset($this->userAttributes)) {
- $this->getUserAttributes( $Sid );
- }
- // $file = fopen ("/tmp/xxxR.log", "w+");
- // fwrite ($file, serialize ($this->userAttributes ) ."\n");
- // fclose ($file);
-
- foreach ($this->userAttributes as $a) {
- if ($a->name == "ToUversion" && $a->value != $this->ToUversion ) {
- return FALSE;
- }
- if ($a->mandatory) {
- if (!isset($a->value)) {
- return FALSE;
- } else {
- if (is_string($a->value) && strlen($a->value) < 1) {
- return FALSE;
- }
- }
- }
- }
-
- return TRUE;
- }
-
- function updateAttributes ( $attrs, $map, $Sid ) {
- $newattributes = array();
- foreach ($map as $name => $value) {
- if (isset($attrs[$value])) {
- $na = new StdClass();
- $na->name = $name;
- $na->value = $attrs[$value];
- $newattributes[] = $na;
- }
- }
- return $this->setAttributes ($newattributes, $Sid, TRUE);
- }
-
- function setAttributes ( $attrs, $Sid, $loginmode ) {
- $setMyUserAttributesRequest = new StdClass();
- $setMyUserAttributesRequest->attribute = $attrs;
- $setMyUserAttributesRequest->auth = $Sid;
- if ($loginmode) {
- $setMyUserAttributesRequest->webAuthSecret = $this->setnamessecret;
- } else {
- $setMyUserAttributesRequest->webAuthSecret = "";
- }
-
- try {
- $res = $this->soapExtra->setMyUserAttributes($setMyUserAttributesRequest);
- return $res;
- } catch (SoapFault $f) {
- return array("success" => FALSE,
- "detail" => "SOAP FAULT (setMyUserAttributes)!: " . $f->faultcode . " / " . $f->faultstring);
- }
- }
-
}
?>
diff --git a/info.textgrid.middleware.tgauth.webauth/tglib/WebUtils.class.php b/info.textgrid.middleware.tgauth.webauth/tglib/WebUtils.class.php
index 615aae3bc266e617d1baab66bad28753bcb13fac..6e8cef0ea586b5c6b72d5abad1c2e49591e51178 100644
--- a/info.textgrid.middleware.tgauth.webauth/tglib/WebUtils.class.php
+++ b/info.textgrid.middleware.tgauth.webauth/tglib/WebUtils.class.php
@@ -25,6 +25,8 @@ class WebUtils {
echo "<meta name=\"remote_principal\" content=\"".$rbachash["remote_user"]."\"/>\n";
echo "<meta name=\"rbac_session_status\" content=\"".$rbachash["scstatus"]."\"/>\n";
echo "<meta name=\"rbac_sessionid\" content=\"".$rbachash["Sid"]."\"/>\n";
+ echo "<meta name=\"Shib-Identity-Provider\" content=\"".$rbachash["identity_provider"]."\"/>\n";
+
if (!$slc["slcMode"]) {
echo "<meta name=\"ePPNplusSID\" content=\"".$rbachash["remote_user"]."|".$rbachash["Sid"]."\"/>\n";
}