From dabbd50620f5c98572ad11130b98b871af12419a Mon Sep 17 00:00:00 2001
From: Martin Haase <martin.haase@daasi.de>
Date: Tue, 20 Jul 2010 13:13:28 +0000
Subject: [PATCH] Added SLC configurable support to core WebAuth

git-svn-id: https://textgridlab.org/svn/textgrid/trunk/middleware/tgauth@6726 7c539038-3410-0410-b1ec-0f2a7bf1c452
---
 .../secure/TextGrid-WebAuth.php               | 65 ++++++++++++++++++-
 1 file changed, 64 insertions(+), 1 deletion(-)

diff --git a/info.textgrid.middleware.tgauth.webauth/secure/TextGrid-WebAuth.php b/info.textgrid.middleware.tgauth.webauth/secure/TextGrid-WebAuth.php
index 921989c..e71429a 100644
--- a/info.textgrid.middleware.tgauth.webauth/secure/TextGrid-WebAuth.php
+++ b/info.textgrid.middleware.tgauth.webauth/secure/TextGrid-WebAuth.php
@@ -30,6 +30,17 @@ $sessionCreatorUid = $xpath->query("/c:conf/c:authz[@instance='${authZinstance}'
 $sessionCreatorPw = $xpath->query("/c:conf/c:authz[@instance='${authZinstance}']/c:sessioncreator/c:password")->item(0)->nodeValue;
 $setnamessecret = $xpath->query("/c:conf/c:authz[@instance='${authZinstance}']/c:setnamessecret")->item(0)->nodeValue;
 
+$slcSupportEnabling = $xpath->query("/c:conf/c:authz[@instance='${authZinstance}']/c:SLCsupport/@enable");
+if ($slcSupportEnabling->length > 0 && $slcSupportEnabling->item(0)->nodeValue === 'true') {
+   $slcMode = TRUE;
+   $slcEntitlementAttributeName = $xpath->query("/c:conf/c:authz[@instance='${authZinstance}']/c:SLCsupport/c:entitlementAttr/@name")->item(0)->nodeValue;
+   $slcEntitlementAttributeValue = $xpath->query("/c:conf/c:authz[@instance='${authZinstance}']/c:SLCsupport/c:entitlementAttr")->item(0)->nodeValue;
+   $slcPortalDelegationURL = $xpath->query("/c:conf/c:authz[@instance='${authZinstance}']/c:SLCsupport/c:portalDelegationURL")->item(0)->nodeValue;
+   $slcNoDelegationURL = $xpath->query("/c:conf/c:authz[@instance='${authZinstance}']/c:SLCsupport/c:noDelegationURL")->item(0)->nodeValue;
+} else {
+   $slcMode = FALSE;
+}
+
 // the session creation status will collect all messages
 // during the course of authentication
 $scstatus = "";
@@ -295,12 +306,21 @@ echo "</div>";
 
 setNameInRBAC();
 
+if ($slcMode) {
+   $isSLCScompatible = scanEntitlements();
+   if ($isSLCScompatible) {
+      showCertificateButtons();
+   } else {
+      showCertificateInfoButton();
+   }
+}
+
+
 echo "\n</body>\n</html>";
   
 exit;
 
 /////////////////////// Functions ///////////////////////////////////////
-
 function format_error ($heading, $detail) {
 
 global $remote_user, $scstatus, $newSid, $rbacbase, $identity_provider, $identified_user;
@@ -392,6 +412,49 @@ function escapeForDN ($string)
   return preg_replace('/[";+<>,\\\]/', "X", $string);
 }
 
+function scanEntitlements () {
+    global $slcEntitlementAttributeName, $slcEntitlementAttributeValue;
+
+    if (isset($_SERVER[$slcEntitlementAttributeName])) {
+        $entitlements = $_SERVER[$slcEntitlementAttributeName];
+        $arrEntitlements = explode( ";", $entitlements);
+        foreach ($arrEntitlements as $ent) {
+            if ($ent === $slcEntitlementAttributeValue) {
+		 return TRUE;
+            }
+	}
+    }
+    return FALSE;
+}
+
+
+function showCertificateInfoButton () {
+    global $slcNoDelegationURL, $remote_user, $newSid;
+
+    echo "<br/><br/>Your account does not include certificate support.";
+    echo "<form method=\"get\" action=\"${slcNoDelegationURL}\">\n";
+    echo "<input type=\"hidden\" name=\"ePPNplusSID\" value=\"" . $remote_user . "|" .$newSid . "\" />\n";
+    echo "<input type=\"submit\" value=\"Work without Certificate\"/>\n";
+    echo "</form>\n";
+}
+
+function showCertificateButtons () {
+    global $slcPortalDelegationURL, $slcNoDelegationURL, $remote_user, $newSid;
+  
+    echo "<form method=\"get\" action=\"${slcPortalDelegationURL}\">\n";
+    echo "<input type=\"hidden\" name=\"ePPNplusSID\" value=\"" . $remote_user . "|" .$newSid . "\">\n";
+    echo "<input type=\"hidden\" name=\"rbacbase\" value=\"" . $rbacbase . "\">\n";
+    echo "<input type=\"submit\" value=\"Request Certificate\">\n";
+    echo "</form>\n\n";
+
+    echo "<form method=\"get\" action=\"${slcNoDelegationURL}\">\n";
+    echo "<input type=\"hidden\" name=\"ePPNplusSID\" value=\"" . $remote_user . "|" .$newSid . "\" />\n";
+    echo "<input type=\"submit\" value=\"Use Existing Certificate\"/>\n";
+    echo "</form>\n";
+}
+
+
+
 function setNameInRBAC ()
 {
 
-- 
GitLab