Skip to content
Snippets Groups Projects
Commit dabbd506 authored by Martin Haase's avatar Martin Haase
Browse files

Added SLC configurable support to core WebAuth

git-svn-id: https://textgridlab.org/svn/textgrid/trunk/middleware/tgauth@6726 7c539038-3410-0410-b1ec-0f2a7bf1c452
parent 9f24d7ed
No related branches found
No related tags found
No related merge requests found
......@@ -30,6 +30,17 @@ $sessionCreatorUid = $xpath->query("/c:conf/c:authz[@instance='${authZinstance}'
$sessionCreatorPw = $xpath->query("/c:conf/c:authz[@instance='${authZinstance}']/c:sessioncreator/c:password")->item(0)->nodeValue;
$setnamessecret = $xpath->query("/c:conf/c:authz[@instance='${authZinstance}']/c:setnamessecret")->item(0)->nodeValue;
$slcSupportEnabling = $xpath->query("/c:conf/c:authz[@instance='${authZinstance}']/c:SLCsupport/@enable");
if ($slcSupportEnabling->length > 0 && $slcSupportEnabling->item(0)->nodeValue === 'true') {
$slcMode = TRUE;
$slcEntitlementAttributeName = $xpath->query("/c:conf/c:authz[@instance='${authZinstance}']/c:SLCsupport/c:entitlementAttr/@name")->item(0)->nodeValue;
$slcEntitlementAttributeValue = $xpath->query("/c:conf/c:authz[@instance='${authZinstance}']/c:SLCsupport/c:entitlementAttr")->item(0)->nodeValue;
$slcPortalDelegationURL = $xpath->query("/c:conf/c:authz[@instance='${authZinstance}']/c:SLCsupport/c:portalDelegationURL")->item(0)->nodeValue;
$slcNoDelegationURL = $xpath->query("/c:conf/c:authz[@instance='${authZinstance}']/c:SLCsupport/c:noDelegationURL")->item(0)->nodeValue;
} else {
$slcMode = FALSE;
}
// the session creation status will collect all messages
// during the course of authentication
$scstatus = "";
......@@ -295,12 +306,21 @@ echo "</div>";
setNameInRBAC();
if ($slcMode) {
$isSLCScompatible = scanEntitlements();
if ($isSLCScompatible) {
showCertificateButtons();
} else {
showCertificateInfoButton();
}
}
echo "\n</body>\n</html>";
exit;
/////////////////////// Functions ///////////////////////////////////////
function format_error ($heading, $detail) {
global $remote_user, $scstatus, $newSid, $rbacbase, $identity_provider, $identified_user;
......@@ -392,6 +412,49 @@ function escapeForDN ($string)
return preg_replace('/[";+<>,\\\]/', "X", $string);
}
function scanEntitlements () {
global $slcEntitlementAttributeName, $slcEntitlementAttributeValue;
if (isset($_SERVER[$slcEntitlementAttributeName])) {
$entitlements = $_SERVER[$slcEntitlementAttributeName];
$arrEntitlements = explode( ";", $entitlements);
foreach ($arrEntitlements as $ent) {
if ($ent === $slcEntitlementAttributeValue) {
return TRUE;
}
}
}
return FALSE;
}
function showCertificateInfoButton () {
global $slcNoDelegationURL, $remote_user, $newSid;
echo "<br/><br/>Your account does not include certificate support.";
echo "<form method=\"get\" action=\"${slcNoDelegationURL}\">\n";
echo "<input type=\"hidden\" name=\"ePPNplusSID\" value=\"" . $remote_user . "|" .$newSid . "\" />\n";
echo "<input type=\"submit\" value=\"Work without Certificate\"/>\n";
echo "</form>\n";
}
function showCertificateButtons () {
global $slcPortalDelegationURL, $slcNoDelegationURL, $remote_user, $newSid;
echo "<form method=\"get\" action=\"${slcPortalDelegationURL}\">\n";
echo "<input type=\"hidden\" name=\"ePPNplusSID\" value=\"" . $remote_user . "|" .$newSid . "\">\n";
echo "<input type=\"hidden\" name=\"rbacbase\" value=\"" . $rbacbase . "\">\n";
echo "<input type=\"submit\" value=\"Request Certificate\">\n";
echo "</form>\n\n";
echo "<form method=\"get\" action=\"${slcNoDelegationURL}\">\n";
echo "<input type=\"hidden\" name=\"ePPNplusSID\" value=\"" . $remote_user . "|" .$newSid . "\" />\n";
echo "<input type=\"submit\" value=\"Use Existing Certificate\"/>\n";
echo "</form>\n";
}
function setNameInRBAC ()
{
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment