Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
lib
unicaen
auth
Commits
1f0c2a2a
Commit
1f0c2a2a
authored
Jan 12, 2021
by
Bertrand Gauthier
Browse files
Merge branch 'release-3.1.0'
parents
9584d558
62babb0a
Pipeline
#8962
passed with stage
in 16 seconds
Changes
62
Pipelines
2
Hide whitespace changes
Inline
Side-by-side
CHANGELOG.md
View file @
1f0c2a2a
...
...
@@ -16,4 +16,16 @@ Première version officielle sous ZF3.
3.
0.12 (05/11/2020)
-------------------
-
Ajout d'une méthode pour pouvoir purger la liste des rôles courante.
\ No newline at end of file
-
Ajout d'une méthode pour pouvoir purger la liste des rôles courante.
3.
1.0
-----
-
Typage des authentifications
-
Pages de connexion différentes selon le type d'authentification : shib ; db ou ldap ; cas.
-
Possibilité d'ordonner les formulaires de connexion proposés (config).
-
Possibilité d'ajouter une description HTML à chaque formulaire de connexion (config).
-
Chaque adapter peut désormais tester s'il est compétent pour traiter la requête d'authentification.
-
Création d'un adapter d'authentification comme les autres pour Shib.
-
Réparation du mécanisme de redirection vers l'URL demandée avant connexion.
-
Correction du bug de rémanence de l'authentification shibboleth simulée.
-
Authentification LDAP : levée d'une exception en cas de survenue d'une erreur LDAP.
Module.php
View file @
1f0c2a2a
...
...
@@ -2,16 +2,10 @@
namespace
UnicaenAuth
;
use
UnicaenAuth\Authentication\Adapter\Cas
as
CasAdapter
;
use
UnicaenAuth\Options\ModuleOptions
;
use
UnicaenAuth\Service\ShibService
;
use
Zend\EventManager\EventInterface
;
use
Zend\ModuleManager\Feature\AutoloaderProviderInterface
;
use
Zend\ModuleManager\Feature\ConfigProviderInterface
;
use
Zend\ModuleManager\Feature\ServiceProviderInterface
;
use
Zend\ModuleManager\ModuleManager
;
use
Zend\ServiceManager\ServiceLocatorInterface
;
use
Zend\View\Helper\Navigation
;
use
ZfcUser\Form\Login
;
use
ZfcUser\Form\LoginFilter
;
...
...
@@ -22,11 +16,6 @@ use ZfcUser\Form\LoginFilter;
*/
class
Module
implements
AutoloaderProviderInterface
,
ConfigProviderInterface
,
ServiceProviderInterface
{
/**
* @var ModuleOptions
*/
private
$options
;
/**
* @return array
* @see ConfigProviderInterface
...
...
@@ -43,9 +32,6 @@ class Module implements AutoloaderProviderInterface, ConfigProviderInterface, Se
public
function
getAutoloaderConfig
()
{
return
[
'Zend\Loader\ClassMapAutoloader'
=>
[
__DIR__
.
'/autoload_classmap.php'
,
],
'Zend\Loader\StandardAutoloader'
=>
[
'namespaces'
=>
[
__NAMESPACE__
=>
__DIR__
.
'/src/'
.
__NAMESPACE__
,
...
...
@@ -64,41 +50,7 @@ class Module implements AutoloaderProviderInterface, ConfigProviderInterface, Se
*/
public
function
onBootstrap
(
EventInterface
$e
)
{
/* @var \Zend\Mvc\MvcEvent $e */
$application
=
$e
->
getApplication
();
/* @var $services \Zend\ServiceManager\ServiceManager */
$services
=
$application
->
getServiceManager
();
/* @var $options ModuleOptions */
$this
->
options
=
$services
->
get
(
'unicaen-auth_module_options'
);
$this
->
reconfigureRoutesForAuth
(
$services
);
}
/**
* @param ServiceLocatorInterface $sl
*/
private
function
reconfigureRoutesForAuth
(
ServiceLocatorInterface
$sl
)
{
/* @var $router \Zend\Router\Http\TreeRouteStack */
$router
=
$sl
->
get
(
'router'
);
// si l'auth CAS est activée, modif de la route de connexion pour zapper le formulaire d'auth maison.
$isCasEnable
=
(
bool
)
$this
->
options
->
getCas
();
if
(
$isCasEnable
&&
php_sapi_name
()
!==
'cli'
)
{
/** @var CasAdapter $casAdapter */
$casAdapter
=
$sl
->
get
(
'UnicaenAuth\Authentication\Adapter\Cas'
);
$casAdapter
->
reconfigureRoutesForCasAuth
(
$router
);
}
// si l'auth Shibboleth est activée, modif de la route de déconnexion pour réaliser la déconnexion Shibboleth.
$shibOptions
=
$this
->
options
->
getShibboleth
();
$isShibEnable
=
array_key_exists
(
'enable'
,
$shibOptions
)
&&
(
bool
)
$shibOptions
[
'enable'
];
if
(
$isShibEnable
&&
php_sapi_name
()
!==
'cli'
)
{
/** @var ShibService $shibService */
$shibService
=
$sl
->
get
(
ShibService
::
class
);
$shibService
->
reconfigureRoutesForShibAuth
(
$router
);
}
}
/**
...
...
autoload_classmap.php
deleted
100644 → 0
View file @
9584d558
<?php
// Generated by ZF2's ./bin/classmap_generator.php
return
array
(
'UnicaenAuth\Module'
=>
__DIR__
.
'/Module.php'
,
'UnicaenAuth\Guard\PrivilegeController'
=>
__DIR__
.
'/src/UnicaenAuth/Guard/PrivilegeController.php'
,
'UnicaenAuth\Options\AuthenticationOptionsInterface'
=>
__DIR__
.
'/src/UnicaenAuth/Options/AuthenticationOptionsInterface.php'
,
'UnicaenAuth\Options\Traits\ModuleOptionsAwareTrait'
=>
__DIR__
.
'/src/UnicaenAuth/Options/Traits/ModuleOptionsAwareTrait.php'
,
'UnicaenAuth\Options\ModuleOptionsFactory'
=>
__DIR__
.
'/src/UnicaenAuth/Options/ModuleOptionsFactory.php'
,
'UnicaenAuth\Options\ModuleOptions'
=>
__DIR__
.
'/src/UnicaenAuth/Options/ModuleOptions.php'
,
'UnicaenAuth\Entity\Db\CategoriePrivilege'
=>
__DIR__
.
'/src/UnicaenAuth/Entity/Db/CategoriePrivilege.php'
,
'UnicaenAuth\Entity\Db\User'
=>
__DIR__
.
'/src/UnicaenAuth/Entity/Db/User.php'
,
'UnicaenAuth\Entity\Db\Privilege'
=>
__DIR__
.
'/src/UnicaenAuth/Entity/Db/Privilege.php'
,
'UnicaenAuth\Entity\Db\Role'
=>
__DIR__
.
'/src/UnicaenAuth/Entity/Db/Role.php'
,
'UnicaenAuth\Entity\Db\AbstractUser'
=>
__DIR__
.
'/src/UnicaenAuth/Entity/Db/AbstractUser.php'
,
'UnicaenAuth\Entity\Ldap\People'
=>
__DIR__
.
'/src/UnicaenAuth/Entity/Ldap/People.php'
,
'UnicaenAuth\Service\LdapUserAwareInterface'
=>
__DIR__
.
'/src/UnicaenAuth/Service/LdapUserAwareInterface.php'
,
'UnicaenAuth\Service\AuthorizeService'
=>
__DIR__
.
'/src/UnicaenAuth/Service/AuthorizeService.php'
,
'UnicaenAuth\Service\DbUserAwareInterface'
=>
__DIR__
.
'/src/UnicaenAuth/Service/DbUserAwareInterface.php'
,
'UnicaenAuth\Service\User'
=>
__DIR__
.
'/src/UnicaenAuth/Service/User.php'
,
'UnicaenAuth\Service\Traits\UserContextServiceAwareTrait'
=>
__DIR__
.
'/src/UnicaenAuth/Service/Traits/UserContextServiceAwareTrait.php'
,
'UnicaenAuth\Service\Traits\RoleServiceAwareTrait'
=>
__DIR__
.
'/src/UnicaenAuth/Service/Traits/RoleServiceAwareTrait.php'
,
'UnicaenAuth\Service\Traits\CategoriePrivilegeServiceAwareTrait'
=>
__DIR__
.
'/src/UnicaenAuth/Service/Traits/CategoriePrivilegeAwareTrait.php'
,
'UnicaenAuth\Service\Traits\PrivilegeServiceAwareTrait'
=>
__DIR__
.
'/src/UnicaenAuth/Service/Traits/PrivilegeServiceAwareTrait.php'
,
'UnicaenAuth\Service\UserAwareInitializer'
=>
__DIR__
.
'/src/UnicaenAuth/Service/UserAwareInitializer.php'
,
'UnicaenAuth\Service\UserContext'
=>
__DIR__
.
'/src/UnicaenAuth/Service/UserContext.php'
,
'UnicaenAuth\Service\PrivilegeService'
=>
__DIR__
.
'/src/UnicaenAuth/Service/PrivilegeService.php'
,
'UnicaenAuth\Service\RoleService'
=>
__DIR__
.
'/src/UnicaenAuth/Service/RoleService.php'
,
'UnicaenAuth\Service\CategoriePrivilegeService'
=>
__DIR__
.
'/src/UnicaenAuth/Service/CategoriePrivilegeService.php'
,
'UnicaenAuth\Service\AbstractService'
=>
__DIR__
.
'/src/UnicaenAuth/Service/AbstractService.php'
,
'UnicaenAuth\Service\AuthorizeServiceFactory'
=>
__DIR__
.
'/src/UnicaenAuth/Service/AuthorizeServiceFactory.php'
,
'UnicaenAuth\Authentication\AuthenticationServiceFactory'
=>
__DIR__
.
'/src/UnicaenAuth/Authentication/AuthenticationServiceFactory.php'
,
'UnicaenAuth\Authentication\Storage\Ldap'
=>
__DIR__
.
'/src/UnicaenAuth/Authentication/Storage/Ldap.php'
,
'UnicaenAuth\Authentication\Storage\Db'
=>
__DIR__
.
'/src/UnicaenAuth/Authentication/Storage/Db.php'
,
'UnicaenAuth\Authentication\Storage\Chain'
=>
__DIR__
.
'/src/UnicaenAuth/Authentication/Storage/Chain.php'
,
'UnicaenAuth\Authentication\Storage\ChainableStorage'
=>
__DIR__
.
'/src/UnicaenAuth/Authentication/Storage/ChainableStorage.php'
,
'UnicaenAuth\Authentication\Storage\ChainServiceFactory'
=>
__DIR__
.
'/src/UnicaenAuth/Authentication/Storage/ChainServiceFactory.php'
,
'UnicaenAuth\Authentication\Storage\ChainEvent'
=>
__DIR__
.
'/src/UnicaenAuth/Authentication/Storage/ChainEvent.php'
,
'UnicaenAuth\Authentication\Adapter\Ldap'
=>
__DIR__
.
'/src/UnicaenAuth/Authentication/Adapter/Ldap.php'
,
'UnicaenAuth\Authentication\Adapter\Db'
=>
__DIR__
.
'/src/UnicaenAuth/Authentication/Adapter/Db.php'
,
'UnicaenAuth\Authentication\Adapter\AbstractFactory'
=>
__DIR__
.
'/src/UnicaenAuth/Authentication/Adapter/AbstractFactory.php'
,
'UnicaenAuth\Authentication\Adapter\Cas'
=>
__DIR__
.
'/src/UnicaenAuth/Authentication/Adapter/Cas.php'
,
'UnicaenAuth\Assertion\AbstractAssertion'
=>
__DIR__
.
'/src/UnicaenAuth/Assertion/AbstractAssertion.php'
,
'UnicaenAuth\Acl\NamedRole'
=>
__DIR__
.
'/src/UnicaenAuth/Acl/NamedRole.php'
,
'UnicaenAuth\View\RedirectionStrategy'
=>
__DIR__
.
'/src/UnicaenAuth/View/RedirectionStrategy.php'
,
'UnicaenAuth\View\Helper\AppConnection'
=>
__DIR__
.
'/src/UnicaenAuth/View/Helper/AppConnection.php'
,
'UnicaenAuth\View\Helper\UserProfileSelectRadioItem'
=>
__DIR__
.
'/src/UnicaenAuth/View/Helper/UserProfileSelectRadioItem.php'
,
'UnicaenAuth\View\Helper\UserProfileFactory'
=>
__DIR__
.
'/src/UnicaenAuth/View/Helper/UserProfileFactory.php'
,
'UnicaenAuth\View\Helper\UserStatus'
=>
__DIR__
.
'/src/UnicaenAuth/View/Helper/UserStatus.php'
,
'UnicaenAuth\View\Helper\UserStatusFactory'
=>
__DIR__
.
'/src/UnicaenAuth/View/Helper/UserStatusFactory.php'
,
'UnicaenAuth\View\Helper\UserAbstract'
=>
__DIR__
.
'/src/UnicaenAuth/View/Helper/UserAbstract.php'
,
'UnicaenAuth\View\Helper\UserProfileSelect'
=>
__DIR__
.
'/src/UnicaenAuth/View/Helper/UserProfileSelect.php'
,
'UnicaenAuth\View\Helper\UserConnectionFactory'
=>
__DIR__
.
'/src/UnicaenAuth/View/Helper/UserConnectionFactory.php'
,
'UnicaenAuth\View\Helper\UserInfoFactory'
=>
__DIR__
.
'/src/UnicaenAuth/View/Helper/UserInfoFactory.php'
,
'UnicaenAuth\View\Helper\UserInfo'
=>
__DIR__
.
'/src/UnicaenAuth/View/Helper/UserInfo.php'
,
'UnicaenAuth\View\Helper\UserCurrentFactory'
=>
__DIR__
.
'/src/UnicaenAuth/View/Helper/UserCurrentFactory.php'
,
'UnicaenAuth\View\Helper\UserProfileSelectRadioItemFactory'
=>
__DIR__
.
'/src/UnicaenAuth/View/Helper/UserProfileSelectRadioItemFactory.php'
,
'UnicaenAuth\View\Helper\UserProfileSelectFactory'
=>
__DIR__
.
'/src/UnicaenAuth/View/Helper/UserProfileSelectFactory.php'
,
'UnicaenAuth\View\Helper\UserProfile'
=>
__DIR__
.
'/src/UnicaenAuth/View/Helper/UserProfile.php'
,
'UnicaenAuth\View\Helper\UserCurrent'
=>
__DIR__
.
'/src/UnicaenAuth/View/Helper/UserCurrent.php'
,
'UnicaenAuth\View\Helper\UserConnection'
=>
__DIR__
.
'/src/UnicaenAuth/View/Helper/UserConnection.php'
,
'UnicaenAuth\Controller\DroitsController'
=>
__DIR__
.
'/src/UnicaenAuth/Controller/DroitsController.php'
,
'UnicaenAuth\Controller\UtilisateurController'
=>
__DIR__
.
'/src/UnicaenAuth/Controller/UtilisateurController.php'
,
'UnicaenAuth\Provider\Role\ConfigServiceFactory'
=>
__DIR__
.
'/src/UnicaenAuth/Provider/Role/ConfigServiceFactory.php'
,
'UnicaenAuth\Provider\Role\Config'
=>
__DIR__
.
'/src/UnicaenAuth/Provider/Role/Config.php'
,
'UnicaenAuth\Provider\Role\UsernameServiceFactory'
=>
__DIR__
.
'/src/UnicaenAuth/Provider/Role/UsernameServiceFactory.php'
,
'UnicaenAuth\Provider\Role\DbRole'
=>
__DIR__
.
'/src/UnicaenAuth/Provider/Role/DbRole.php'
,
'UnicaenAuth\Provider\Role\DbRoleServiceFactory'
=>
__DIR__
.
'/src/UnicaenAuth/Provider/Role/DbRoleServiceFactory.php'
,
'UnicaenAuth\Provider\Role\Username'
=>
__DIR__
.
'/src/UnicaenAuth/Provider/Role/Username.php'
,
'UnicaenAuth\Provider\Privilege\PrivilegeProviderAwareTrait'
=>
__DIR__
.
'/src/UnicaenAuth/Provider/Privilege/PrivilegeProviderAwareTrait.php'
,
'UnicaenAuth\Provider\Privilege\PrivilegeProviderInterface'
=>
__DIR__
.
'/src/UnicaenAuth/Provider/Privilege/PrivilegeProviderInterface.php'
,
'UnicaenAuth\Provider\Privilege\Privileges'
=>
__DIR__
.
'/src/UnicaenAuth/Provider/Privilege/Privileges.php'
,
'UnicaenAuth\Provider\Rule\PrivilegeRuleProvider'
=>
__DIR__
.
'/src/UnicaenAuth/Provider/Rule/PrivilegeRuleProvider.php'
,
'UnicaenAuth\Provider\Identity\DbServiceFactory'
=>
__DIR__
.
'/src/UnicaenAuth/Provider/Identity/DbServiceFactory.php'
,
'UnicaenAuth\Provider\Identity\Basic'
=>
__DIR__
.
'/src/UnicaenAuth/Provider/Identity/Basic.php'
,
'UnicaenAuth\Provider\Identity\Ldap'
=>
__DIR__
.
'/src/UnicaenAuth/Provider/Identity/Ldap.php'
,
'UnicaenAuth\Provider\Identity\Db'
=>
__DIR__
.
'/src/UnicaenAuth/Provider/Identity/Db.php'
,
'UnicaenAuth\Provider\Identity\Chain'
=>
__DIR__
.
'/src/UnicaenAuth/Provider/Identity/Chain.php'
,
'UnicaenAuth\Provider\Identity\ChainableProvider'
=>
__DIR__
.
'/src/UnicaenAuth/Provider/Identity/ChainableProvider.php'
,
'UnicaenAuth\Provider\Identity\LdapServiceFactory'
=>
__DIR__
.
'/src/UnicaenAuth/Provider/Identity/LdapServiceFactory.php'
,
'UnicaenAuth\Provider\Identity\BasicServiceFactory'
=>
__DIR__
.
'/src/UnicaenAuth/Provider/Identity/BasicServiceFactory.php'
,
'UnicaenAuth\Provider\Identity\ChainServiceFactory'
=>
__DIR__
.
'/src/UnicaenAuth/Provider/Identity/ChainServiceFactory.php'
,
'UnicaenAuth\Provider\Identity\ChainEvent'
=>
__DIR__
.
'/src/UnicaenAuth/Provider/Identity/ChainEvent.php'
,
'UnicaenAuth\Event\UserAuthenticatedEvent'
=>
__DIR__
.
'/src/UnicaenAuth/Event/UserAuthenticatedEvent.php'
,
'UnicaenAuth\Event\Listener\AuthenticatedUserSavedAbstractListener'
=>
__DIR__
.
'/src/UnicaenAuth/Event/Listener/AuthenticatedUserSavedAbstractListener.php'
,
'UnicaenAuth\Form\Droits\Traits\RoleFormAwareTrait'
=>
__DIR__
.
'/src/UnicaenAuth/Form/Droits/Traits/RoleFormAwareTrait.php'
,
'UnicaenAuth\Form\Droits\RoleForm'
=>
__DIR__
.
'/src/UnicaenAuth/Form/Droits/RoleForm.php'
,
'RoleFormHydrator'
=>
__DIR__
.
'/src/UnicaenAuth/Form/Droits/RoleForm.php'
,
);
config/module.config.php
View file @
1f0c2a2a
<?php
use
UnicaenAuth\Authentication\Adapter\AdapterChainServiceFactory
;
use
UnicaenAuth\Authentication\Adapter\CasAdapterFactory
;
use
UnicaenAuth\Authentication\Adapter\DbAdapterFactory
;
use
UnicaenAuth\Authentication\Adapter\LdapAdapterFactory
;
use
UnicaenAuth\Authentication\Adapter\ShibAdapterFactory
;
use
UnicaenAuth\Authentication\Storage\DbFactory
;
use
UnicaenAuth\Authentication\Storage\LdapFactory
;
use
UnicaenAuth\Authentication\Storage\ShibFactory
;
use
UnicaenAuth\Controller\AuthControllerFactory
;
use
UnicaenAuth\Controller\DroitsControllerFactory
;
use
UnicaenAuth\Controller\UtilisateurControllerFactory
;
use
UnicaenAuth\Form\CasLoginForm
;
use
UnicaenAuth\Form\CasLoginFormFactory
;
use
UnicaenAuth\Form\Droits\RoleFormFactory
;
use
UnicaenAuth\Form\ShibLoginForm
;
use
UnicaenAuth\Form\ShibLoginFormFactory
;
use
UnicaenAuth\Guard\PrivilegeControllerFactory
;
use
UnicaenAuth\Guard\PrivilegeRouteFactory
;
use
UnicaenAuth\ORM\Event\Listeners\HistoriqueListenerFactory
;
use
UnicaenAuth\Provider\Rule\PrivilegeRuleProviderFactory
;
use
UnicaenAuth\Service\CasService
;
use
UnicaenAuth\Service\CasServiceFactory
;
use
UnicaenAuth\Service\ShibService
;
use
UnicaenAuth\Service\ShibServiceFactory
;
use
UnicaenAuth\Service\UserContextFactory
;
use
UnicaenAuth\Service\UserFactory
;
use
UnicaenAuth\Service\UserMapperFactory
;
use
UnicaenAuth\View\Helper\CasConnectViewHelper
;
use
UnicaenAuth\View\Helper\CasConnectViewHelperFactory
;
use
UnicaenAuth\View\Helper\ConnectViewHelper
;
use
UnicaenAuth\View\Helper\DbConnectViewHelper
;
use
UnicaenAuth\View\Helper\DbConnectViewHelperFactory
;
use
UnicaenAuth\View\Helper\LdapConnectViewHelper
;
use
UnicaenAuth\View\Helper\LdapConnectViewHelperFactory
;
use
UnicaenAuth\View\Helper\LocalConnectViewHelper
;
...
...
@@ -42,25 +58,120 @@ use Zend\Authentication\AuthenticationService;
use
Zend\ServiceManager\Proxy\LazyServiceFactory
;
$settings
=
[
/**
* Configuration de l'authentification
locale
.
* Configuration de l'authentification
via la fédération d'identité (Shibboleth)
.
*/
'
local
'
=>
[
'
shib
'
=>
[
/**
*
Possibilité ou non d
e
s
'a
uthentifier à l'
ai
d
e d
'un compte local
.
*
Ordr
e
d
'a
ffichage du formul
ai
r
e d
e connexion
.
*/
'enabled'
=>
true
,
'order'
=>
1
,
/**
* Activation ou non de ce mode d'authentification.
*/
'enabled'
=>
false
,
/**
* Description facultative de ce mode d'authentification qui apparaîtra sur le formulaire de connexion.
*/
'description'
=>
"Cliquez sur le bouton ci-dessous pour accéder à l'authentification via la fédération d'identité."
,
/**
* URL de déconnexion.
*/
//'logout_url' => '/Shibboleth.sso/Logout?return=', // NB: '?return=' semble obligatoire!
/*
'simulate' => [
'eppn' => 'login@domain.fr',
'supannEmpId' => '00012345',
],
'aliases' => [
'eppn' => 'HTTP_EPPN',
'mail' => 'HTTP_MAIL',
'eduPersonPrincipalName' => 'HTTP_EPPN',
'supannEtuId' => 'HTTP_SUPANNETUID',
'supannEmpId' => 'HTTP_SUPANNEMPID',
'supannCivilite' => 'HTTP_SUPANNCIVILITE',
'displayName' => 'HTTP_DISPLAYNAME',
'sn' => 'HTTP_SN',
'givenName' => 'HTTP_GIVENNAME',
],
/*
'required_attributes' => [
'eppn',
'mail',
'eduPersonPrincipalName',
'supannCivilite',
'displayName',
'sn|surname', // i.e. 'sn' ou 'surname'
'givenName',
'supannEtuId|supannEmpId',
],
*/
],
/**
* Configuration de l'authentification LDAP.
* Configuration de l'authentification LDAP
(compte établissement)
.
*/
'ldap'
=>
[
'order'
=>
2
,
'enabled'
=>
true
,
'description'
=>
"Utilisez ce formulaire pour vous connecter avec votre compte numérique établissement."
,
/**
* Possibilité ou non de s'authentifier via l'annuaire LDAP.
* Type de substitution.
* Permet de "fusionner" les types d'authentification locale (db) et établissement (ldap) et donc leurs
* formulaires de connexion respectifs.
*/
'enabled'
=>
true
,
'type'
=>
'local'
,
],
/**
* Configuration de l'authentification locale (compte propre à l'appli).
*/
'db'
=>
[
'order'
=>
3
,
'enabled'
=>
false
,
/**
* Type de substitution.
* Permet de "grouper" les types d'authentification locale (db) et établissement (ldap) sous un même
* formulaire de connexion.
*/
'type'
=>
'local'
,
/**
* Description facultative de ce mode d'authentification qui apparaîtra sur le formulaire d'authentification.
* NB: si la valeur de 'order' pour le type 'db' est supérieure à celle pour le type 'ldap',
* c'est cette description qui sera visible.
*/
'description'
=>
"Utilisez ce formulaire si vous possédez un compte local propre à l'application."
,
],
/**
* Configuration de l'authentification centralisée (CAS).
*/
'cas'
=>
[
'order'
=>
4
,
'enabled'
=>
false
,
'description'
=>
"Cliquez sur le bouton ci-dessous pour accéder à l'authentification centralisée."
,
/**
* Infos de connexion au serveur CAS.
*/
'connection'
=>
[
'default'
=>
[
'params'
=>
[
'hostname'
=>
'host.domain.fr'
,
'port'
=>
443
,
'version'
=>
"2.0"
,
'uri'
=>
""
,
'debug'
=>
false
,
],
],
]
],
/**
...
...
@@ -129,9 +240,10 @@ return [
* Accepted values: array containing services that implement 'ZfcUser\Authentication\Adapter\ChainableAdapter'
*/
'auth_adapters'
=>
[
300
=>
'UnicaenAuth\Authentication\Adapter\Ldap'
,
// notifié en 1er
200
=>
'UnicaenAuth\Authentication\Adapter\Db'
,
// ensuite (si échec d'authentification Ldap)
100
=>
'UnicaenAuth\Authentication\Adapter\Cas'
,
// ensuite (si échec d'authentification Db)
300
=>
'UnicaenAuth\Authentication\Adapter\Ldap'
,
200
=>
'UnicaenAuth\Authentication\Adapter\Db'
,
100
=>
'UnicaenAuth\Authentication\Adapter\Cas'
,
50
=>
'UnicaenAuth\Authentication\Adapter\Shib'
,
],
// telling ZfcUser to use our own class
...
...
@@ -184,6 +296,9 @@ return [
[
'controller'
=>
'UnicaenApp\Controller\Application'
,
'action'
=>
'refresh-session'
,
'roles'
=>
'guest'
],
[
'controller'
=>
'UnicaenAuth\Controller\Utilisateur'
,
'action'
=>
'selectionner-profil'
,
'roles'
=>
'guest'
],
[
'controller'
=>
'UnicaenAuth\Controller\Auth'
,
'action'
=>
'login'
,
'roles'
=>
'guest'
],
[
'controller'
=>
'UnicaenAuth\Controller\Auth'
,
'action'
=>
'authenticate'
,
'roles'
=>
'guest'
],
[
'controller'
=>
'UnicaenAuth\Controller\Auth'
,
'action'
=>
'logout'
,
'roles'
=>
'guest'
],
[
'controller'
=>
'UnicaenAuth\Controller\Auth'
,
'action'
=>
'shibboleth'
,
'roles'
=>
'guest'
],
[
'controller'
=>
'UnicaenAuth\Controller\Auth'
,
'action'
=>
'requestPasswordReset'
,
'roles'
=>
'guest'
],
[
'controller'
=>
'UnicaenAuth\Controller\Auth'
,
'action'
=>
'changePassword'
,
'roles'
=>
'guest'
],
...
...
@@ -287,21 +402,31 @@ return [
'may_terminate'
=>
true
,
'child_routes'
=>
[
'login'
=>
[
'type'
=>
'
Literal
'
,
'type'
=>
'
Segment
'
,
'options'
=>
[
'route'
=>
'/connexion'
,
'route'
=>
'/connexion
[/:type]
'
,
'defaults'
=>
[
'controller'
=>
'zfcuser'
,
'controller'
=>
'UnicaenAuth\Controller\Auth'
,
// remplace
'zfcuser'
'action'
=>
'login'
,
],
],
],
'authenticate'
=>
array
(
'type'
=>
'Segment'
,
'options'
=>
array
(
'route'
=>
'/authenticate/:type'
,
'defaults'
=>
array
(
'controller'
=>
'UnicaenAuth\Controller\Auth'
,
// remplace 'zfcuser'
'action'
=>
'authenticate'
,
),
),
),
'logout'
=>
[
'type'
=>
'Literal'
,
'options'
=>
[
'route'
=>
'/deconnexion'
,
'defaults'
=>
[
'controller'
=>
'zfcuser'
,
'controller'
=>
'UnicaenAuth\Controller\Auth'
,
// remplace
'zfcuser'
'action'
=>
'logout'
,
],
],
...
...
@@ -462,9 +587,6 @@ return [
'UnicaenAuth\View\RedirectionStrategy'
=>
'UnicaenAuth\View\RedirectionStrategy'
,
'UnicaenAuth\Service\CategoriePrivilege'
=>
'UnicaenAuth\Service\CategoriePrivilegeService'
,
],
'abstract_factories'
=>
[
'UnicaenAuth\Authentication\Adapter\AbstractFactory'
,
],
'factories'
=>
[
'unicaen-auth_module_options'
=>
'UnicaenAuth\Options\ModuleOptionsFactory'
,
'zfcuser_auth_service'
=>
'UnicaenAuth\Authentication\AuthenticationServiceFactory'
,
...
...
@@ -480,10 +602,15 @@ return [
'UnicaenAuth\Service\Privilege'
=>
'UnicaenAuth\Service\PrivilegeServiceFactory'
,
'BjyAuthorize\Service\Authorize'
=>
'UnicaenAuth\Service\AuthorizeServiceFactory'
,
// substituion
'zfcuser_redirect_callback'
=>
'UnicaenAuth\Authentication\RedirectCallbackFactory'
,
// substituion
CasService
::
class
=>
CasServiceFactory
::
class
,
ShibService
::
class
=>
ShibServiceFactory
::
class
,
'UnicaenAuth\Service\UserContext'
=>
UserContextFactory
::
class
,
'zfcuser_user_mapper'
=>
UserMapperFactory
::
class
,
'MouchardCompleterAuth'
=>
'UnicaenAuth\Mouchard\MouchardCompleterAuthFactory'
,
'UnicaenAuth\Authentication\Adapter\Ldap'
=>
LdapAdapterFactory
::
class
,
'UnicaenAuth\Authentication\Adapter\Db'
=>
DbAdapterFactory
::
class
,
'UnicaenAuth\Authentication\Adapter\Cas'
=>
CasAdapterFactory
::
class
,
'UnicaenAuth\Authentication\Adapter\Shib'
=>
ShibAdapterFactory
::
class
,
'UnicaenAuth\Authentication\Storage\Db'
=>
DbFactory
::
class
,
'UnicaenAuth\Authentication\Storage\Ldap'
=>
LdapFactory
::
class
,
'UnicaenAuth\Authentication\Storage\Shib'
=>
ShibFactory
::
class
,
...
...
@@ -492,6 +619,10 @@ return [
'UnicaenAuth\Guard\PrivilegeRoute'
=>
PrivilegeRouteFactory
::
class
,
'UnicaenAuth\Provider\Rule\PrivilegeRuleProvider'
=>
PrivilegeRuleProviderFactory
::
class
,
CasLoginForm
::
class
=>
CasLoginFormFactory
::
class
,
ShibLoginForm
::
class
=>
ShibLoginFormFactory
::
class
,
'ZfcUser\Authentication\Adapter\AdapterChain'
=>
AdapterChainServiceFactory
::
class
,
'UnicaenApp\HistoriqueListener'
=>
HistoriqueListenerFactory
::
class
,
'UnicaenAuth\HistoriqueListener'
=>
HistoriqueListenerFactory
::
class
,
\
UnicaenAuth\Event\EventManager
::
class
=>
\
UnicaenAuth\Event\EventManagerFactory
::
class
...
...
@@ -543,9 +674,12 @@ return [
'userProfileSelect'
=>
UserProfileSelect
::
class
,
'userProfileSelectRadioItem'
=>
UserProfileSelectRadioItem
::
class
,
'userUsurpation'
=>
UserUsurpationHelper
::
class
,
'dbConnect'
=>
DbConnectViewHelper
::
class
,
'localConnect'
=>
LocalConnectViewHelper
::
class
,
'ldapConnect'
=>
LdapConnectViewHelper
::
class
,
'shibConnect'
=>
ShibConnectViewHelper
::
class
,
'casConnect'
=>
CasConnectViewHelper
::
class
,
'connect'
=>
ConnectViewHelper
::
class
,
],
'factories'
=>
[
UserConnection
::
class
=>
UserConnectionFactory
::
class
,
...
...
@@ -556,12 +690,15 @@ return [
UserProfileSelect
::
class
=>
UserProfileSelectFactory
::
class
,
UserProfileSelectRadioItem
::
class
=>
UserProfileSelectRadioItemFactory
::
class
,
UserUsurpationHelper
::
class
=>
UserUsurpationHelperFactory
::
class
,
DbConnectViewHelper
::
class
=>
DbConnectViewHelperFactory
::
class
,
LocalConnectViewHelper
::
class
=>
LocalConnectViewHelperFactory
::
class
,
LdapConnectViewHelper
::
class
=>
LdapConnectViewHelperFactory
::
class
,
ShibConnectViewHelper
::
class
=>
ShibConnectViewHelperFactory
::
class
,
CasConnectViewHelper
::
class
=>
CasConnectViewHelperFactory
::
class
,
],
'invokables'
=>
[
'appConnection'
=>
'UnicaenAuth\View\Helper\AppConnection'
,
ConnectViewHelper
::
class
,
],
],
];
\ No newline at end of file
config/unicaen-auth.global.php.dist
View file @
1f0c2a2a
<?php
/**
* UnicaenAuth Global Configuration
*
* If you have a ./config/autoload/ directory set up for your project, you can
* drop this config file in it and change the values as you wish.
*/
$settings
=
[
/**
* Configuration de l'authentification locale.
*/
'local'
=>
[
/**
* Affichage ou non du formulaire d'authentification avec un compte local.
*/
'enabled'
=>
false
,
],
/**
* Configuration de l'authentification LDAP.
*/
'ldap'
=>
[
/**
* Affichage ou non du formulaire d'authentification via l'annuaire LDAP.
* NB: en réalité cela permet aussi l'authentification avec un compte local.
*/
'enabled'
=>
true
,
],
/**
* Configuration de l'authentification Shibboleth.
*/
'shibboleth'
=>
[
/**
* Affichage ou non du formulaire d'authentification via l'annuaire LDAP.
* NB: en réalité cela permet aussi l'authentification avec un compte local.
*/
'enable'
=>
false
,
/**
* URL de déconnexion.
*/
'logout_url'
=>
'/Shibboleth.sso/Logout?return='
,
// NB: '?return=' semble obligatoire!
],
/**
* Flag indiquant si l'utilisateur authenitifié avec succès via l'annuaire LDAP doit
* être enregistré/mis à jour dans la table des utilisateurs de l'appli.
...
...
config/unicaen-auth.local.php.dist
View file @
1f0c2a2a
<?php
use
UnicaenAuth\Authentication\Adapter\Shib
;
use
UnicaenAuth\Authentication\Adapter\Cas
;
use
UnicaenAuth\Authentication\Adapter\Ldap
;
use
UnicaenAuth\Authentication\Adapter\Db
;
return
[
'unicaen-auth'
=>
[
/**
*
Configuration de l'authentification Shibboleth
.
*
Authentification LDAP (compte établissement)
.
*/
'shibboleth'
=>
[
'enable'
=>
false
,
'simulate'
=>
[
'eppn'
=>
'gauthierb@unicaen.fr'
,
'supannEmpId'
=>
'00021237'
,
],
'aliases'
=>
[
'eppn'
=>
'HTTP_EPPN'
,
'mail'
=>
'HTTP_MAIL'
,
'eduPersonPrincipalName'
=>
'HTTP_EPPN'
,
'supannEtuId'
=>
'HTTP_SUPANNETUID'
,
'supannEmpId'
=>
'HTTP_SUPANNEMPID'
,
'supannCivilite'
=>
'HTTP_SUPANNCIVILITE'
,
'displayName'
=>
'HTTP_DISPLAYNAME'
,
'sn'
=>
'HTTP_SN'
,
'givenName'
=>
'HTTP_GIVENNAME'
,
],
/*
'required_attributes' => [
'eppn',
'mail',
'eduPersonPrincipalName',
'supannCivilite',
'displayName',
'sn|surname', // i.e. 'sn' ou 'surname'
'givenName',
'supannEtuId|supannEmpId',
],
*/
'ldap'
=>
[
/**
* Ordre d'affichage du formulaire de connexion.
*/
'order'
=>
1
,
/**
* Activation ou non de ce mode d'authentification.
*/
'enabled'
=>
true
,
/**
* Type de substitution.
* Permet de "fusionner" les types d'authentification applicative (db) et établissement (ldap) et donc leurs
* formulaires de connexion respectifs.
*/
'type'
=>
'local'
,
/**
* Description facultative de ce mode d'authentification qui apparaîtra sur le formulaire de connexion.
*/
'description'
=>
"Utilisez ce formulaire si vous possédez un compte établissement."
,
],
/**
* Authentification BDD (compte dédié à l'appli).
*/
'db'
=>
[
'order'
=>
2
,
'enabled'
=>
true
,
'type'
=>
'local'
,
/**
* Description facultative de ce mode d'authentification qui apparaîtra sur le formulaire d'authentification.
* (NB: Si l'authentification LDAP est également activée, c'est cette description qui sera utilisée)
*/
'description'
=>
"Utilisez ce formulaire si vous possédez un compte local dédié à cette application."
,
],
/**
* Paramètres de connexion au serveur CAS :
* - pour désactiver l'authentification CAS, le tableau 'cas' doit être vide.
* - pour l'activer, renseigner les paramètres.
* Authentification centralisée (CAS).