Commit cf1ec047 authored by Bertrand Gauthier's avatar Bertrand Gauthier
Browse files

Poursuite du typage des authentifications

  - Chaque adapter peut désormais tester s'il est compétent pour traiter la requête d'authentification.
  - Création d'un adapter d'authentification comme les autres pour Shib.
  - Pages de connexion différentes selon le type d'authentification : shib ; db ou ldap ; cas.
  - Possibilité d'ordonner les formulaires de connexion proposés (config).
  - Possibilité d'ajouter une description HTML à chaque formulaire de connexion (config).
Réparation du mécanisme de redirection vers l'URL demandée avant connexion.
Correction du bug de rémanence de l'authentification shibboleth simulée.
parent 9584d558
Pipeline #8789 passed with stage
in 45 seconds
......@@ -17,3 +17,14 @@ Première version officielle sous ZF3.
3.0.12 (05/11/2020)
-------------------
- Ajout d'une méthode pour pouvoir purger la liste des rôles courante.
3.1.0
-----
- Poursuite du typage des authentifications
- Chaque adapter peut désormais tester s'il est compétent pour traiter la requête d'authentification.
- Création d'un adapter d'authentification comme les autres pour Shib.
- Pages de connexion différentes selon le type d'authentification : shib ; db ou ldap ; cas.
- Possibilité d'ordonner les formulaires de connexion proposés (config).
- Possibilité d'ajouter une description HTML à chaque formulaire de connexion (config).
- Réparation du mécanisme de redirection vers l'URL demandée avant connexion.
- Correction du bug de rémanence de l'authentification shibboleth simulée.
......@@ -2,16 +2,10 @@
namespace UnicaenAuth;
use UnicaenAuth\Authentication\Adapter\Cas as CasAdapter;
use UnicaenAuth\Options\ModuleOptions;
use UnicaenAuth\Service\ShibService;
use Zend\EventManager\EventInterface;
use Zend\ModuleManager\Feature\AutoloaderProviderInterface;
use Zend\ModuleManager\Feature\ConfigProviderInterface;
use Zend\ModuleManager\Feature\ServiceProviderInterface;
use Zend\ModuleManager\ModuleManager;
use Zend\ServiceManager\ServiceLocatorInterface;
use Zend\View\Helper\Navigation;
use ZfcUser\Form\Login;
use ZfcUser\Form\LoginFilter;
......@@ -22,11 +16,6 @@ use ZfcUser\Form\LoginFilter;
*/
class Module implements AutoloaderProviderInterface, ConfigProviderInterface, ServiceProviderInterface
{
/**
* @var ModuleOptions
*/
private $options;
/**
* @return array
* @see ConfigProviderInterface
......@@ -64,41 +53,7 @@ class Module implements AutoloaderProviderInterface, ConfigProviderInterface, Se
*/
public function onBootstrap(EventInterface $e)
{
/* @var \Zend\Mvc\MvcEvent $e */
$application = $e->getApplication();
/* @var $services \Zend\ServiceManager\ServiceManager */
$services = $application->getServiceManager();
/* @var $options ModuleOptions */
$this->options = $services->get('unicaen-auth_module_options');
$this->reconfigureRoutesForAuth($services);
}
/**
* @param ServiceLocatorInterface $sl
*/
private function reconfigureRoutesForAuth(ServiceLocatorInterface $sl)
{
/* @var $router \Zend\Router\Http\TreeRouteStack */
$router = $sl->get('router');
// si l'auth CAS est activée, modif de la route de connexion pour zapper le formulaire d'auth maison.
$isCasEnable = (bool) $this->options->getCas();
if ($isCasEnable && php_sapi_name() !== 'cli') {
/** @var CasAdapter $casAdapter */
$casAdapter = $sl->get('UnicaenAuth\Authentication\Adapter\Cas');
$casAdapter->reconfigureRoutesForCasAuth($router);
}
// si l'auth Shibboleth est activée, modif de la route de déconnexion pour réaliser la déconnexion Shibboleth.
$shibOptions = $this->options->getShibboleth();
$isShibEnable = array_key_exists('enable', $shibOptions) && (bool) $shibOptions['enable'];
if ($isShibEnable && php_sapi_name() !== 'cli') {
/** @var ShibService $shibService */
$shibService = $sl->get(ShibService::class);
$shibService->reconfigureRoutesForShibAuth($router);
}
}
/**
......
<?php
// Generated by ZF2's ./bin/classmap_generator.php
return array(
'UnicaenAuth\Module' => __DIR__ . '/Module.php',
'UnicaenAuth\Guard\PrivilegeController' => __DIR__ . '/src/UnicaenAuth/Guard/PrivilegeController.php',
'UnicaenAuth\Options\AuthenticationOptionsInterface' => __DIR__ . '/src/UnicaenAuth/Options/AuthenticationOptionsInterface.php',
'UnicaenAuth\Options\Traits\ModuleOptionsAwareTrait' => __DIR__ . '/src/UnicaenAuth/Options/Traits/ModuleOptionsAwareTrait.php',
'UnicaenAuth\Options\ModuleOptionsFactory' => __DIR__ . '/src/UnicaenAuth/Options/ModuleOptionsFactory.php',
'UnicaenAuth\Options\ModuleOptions' => __DIR__ . '/src/UnicaenAuth/Options/ModuleOptions.php',
'UnicaenAuth\Entity\Db\CategoriePrivilege' => __DIR__ . '/src/UnicaenAuth/Entity/Db/CategoriePrivilege.php',
'UnicaenAuth\Entity\Db\User' => __DIR__ . '/src/UnicaenAuth/Entity/Db/User.php',
'UnicaenAuth\Entity\Db\Privilege' => __DIR__ . '/src/UnicaenAuth/Entity/Db/Privilege.php',
'UnicaenAuth\Entity\Db\Role' => __DIR__ . '/src/UnicaenAuth/Entity/Db/Role.php',
'UnicaenAuth\Entity\Db\AbstractUser' => __DIR__ . '/src/UnicaenAuth/Entity/Db/AbstractUser.php',
'UnicaenAuth\Entity\Ldap\People' => __DIR__ . '/src/UnicaenAuth/Entity/Ldap/People.php',
'UnicaenAuth\Service\LdapUserAwareInterface' => __DIR__ . '/src/UnicaenAuth/Service/LdapUserAwareInterface.php',
'UnicaenAuth\Service\AuthorizeService' => __DIR__ . '/src/UnicaenAuth/Service/AuthorizeService.php',
'UnicaenAuth\Service\DbUserAwareInterface' => __DIR__ . '/src/UnicaenAuth/Service/DbUserAwareInterface.php',
'UnicaenAuth\Service\User' => __DIR__ . '/src/UnicaenAuth/Service/User.php',
'UnicaenAuth\Service\Traits\UserContextServiceAwareTrait' => __DIR__ . '/src/UnicaenAuth/Service/Traits/UserContextServiceAwareTrait.php',
'UnicaenAuth\Service\Traits\RoleServiceAwareTrait' => __DIR__ . '/src/UnicaenAuth/Service/Traits/RoleServiceAwareTrait.php',
'UnicaenAuth\Service\Traits\CategoriePrivilegeServiceAwareTrait' => __DIR__ . '/src/UnicaenAuth/Service/Traits/CategoriePrivilegeAwareTrait.php',
'UnicaenAuth\Service\Traits\PrivilegeServiceAwareTrait' => __DIR__ . '/src/UnicaenAuth/Service/Traits/PrivilegeServiceAwareTrait.php',
'UnicaenAuth\Service\UserAwareInitializer' => __DIR__ . '/src/UnicaenAuth/Service/UserAwareInitializer.php',
'UnicaenAuth\Service\UserContext' => __DIR__ . '/src/UnicaenAuth/Service/UserContext.php',
'UnicaenAuth\Service\PrivilegeService' => __DIR__ . '/src/UnicaenAuth/Service/PrivilegeService.php',
'UnicaenAuth\Service\RoleService' => __DIR__ . '/src/UnicaenAuth/Service/RoleService.php',
'UnicaenAuth\Service\CategoriePrivilegeService' => __DIR__ . '/src/UnicaenAuth/Service/CategoriePrivilegeService.php',
'UnicaenAuth\Service\AbstractService' => __DIR__ . '/src/UnicaenAuth/Service/AbstractService.php',
'UnicaenAuth\Service\AuthorizeServiceFactory' => __DIR__ . '/src/UnicaenAuth/Service/AuthorizeServiceFactory.php',
'UnicaenAuth\Authentication\AuthenticationServiceFactory' => __DIR__ . '/src/UnicaenAuth/Authentication/AuthenticationServiceFactory.php',
'UnicaenAuth\Authentication\Storage\Ldap' => __DIR__ . '/src/UnicaenAuth/Authentication/Storage/Ldap.php',
'UnicaenAuth\Authentication\Storage\Db' => __DIR__ . '/src/UnicaenAuth/Authentication/Storage/Db.php',
'UnicaenAuth\Authentication\Storage\Chain' => __DIR__ . '/src/UnicaenAuth/Authentication/Storage/Chain.php',
'UnicaenAuth\Authentication\Storage\ChainableStorage' => __DIR__ . '/src/UnicaenAuth/Authentication/Storage/ChainableStorage.php',
'UnicaenAuth\Authentication\Storage\ChainServiceFactory' => __DIR__ . '/src/UnicaenAuth/Authentication/Storage/ChainServiceFactory.php',
'UnicaenAuth\Authentication\Storage\ChainEvent' => __DIR__ . '/src/UnicaenAuth/Authentication/Storage/ChainEvent.php',
'UnicaenAuth\Authentication\Adapter\Ldap' => __DIR__ . '/src/UnicaenAuth/Authentication/Adapter/Ldap.php',
'UnicaenAuth\Authentication\Adapter\Db' => __DIR__ . '/src/UnicaenAuth/Authentication/Adapter/Db.php',
'UnicaenAuth\Authentication\Adapter\AbstractFactory' => __DIR__ . '/src/UnicaenAuth/Authentication/Adapter/AbstractFactory.php',
'UnicaenAuth\Authentication\Adapter\Cas' => __DIR__ . '/src/UnicaenAuth/Authentication/Adapter/Cas.php',
'UnicaenAuth\Assertion\AbstractAssertion' => __DIR__ . '/src/UnicaenAuth/Assertion/AbstractAssertion.php',
'UnicaenAuth\Acl\NamedRole' => __DIR__ . '/src/UnicaenAuth/Acl/NamedRole.php',
'UnicaenAuth\View\RedirectionStrategy' => __DIR__ . '/src/UnicaenAuth/View/RedirectionStrategy.php',
'UnicaenAuth\View\Helper\AppConnection' => __DIR__ . '/src/UnicaenAuth/View/Helper/AppConnection.php',
'UnicaenAuth\View\Helper\UserProfileSelectRadioItem' => __DIR__ . '/src/UnicaenAuth/View/Helper/UserProfileSelectRadioItem.php',
'UnicaenAuth\View\Helper\UserProfileFactory' => __DIR__ . '/src/UnicaenAuth/View/Helper/UserProfileFactory.php',
'UnicaenAuth\View\Helper\UserStatus' => __DIR__ . '/src/UnicaenAuth/View/Helper/UserStatus.php',
'UnicaenAuth\View\Helper\UserStatusFactory' => __DIR__ . '/src/UnicaenAuth/View/Helper/UserStatusFactory.php',
'UnicaenAuth\View\Helper\UserAbstract' => __DIR__ . '/src/UnicaenAuth/View/Helper/UserAbstract.php',
'UnicaenAuth\View\Helper\UserProfileSelect' => __DIR__ . '/src/UnicaenAuth/View/Helper/UserProfileSelect.php',
'UnicaenAuth\View\Helper\UserConnectionFactory' => __DIR__ . '/src/UnicaenAuth/View/Helper/UserConnectionFactory.php',
'UnicaenAuth\View\Helper\UserInfoFactory' => __DIR__ . '/src/UnicaenAuth/View/Helper/UserInfoFactory.php',
'UnicaenAuth\View\Helper\UserInfo' => __DIR__ . '/src/UnicaenAuth/View/Helper/UserInfo.php',
'UnicaenAuth\View\Helper\UserCurrentFactory' => __DIR__ . '/src/UnicaenAuth/View/Helper/UserCurrentFactory.php',
'UnicaenAuth\View\Helper\UserProfileSelectRadioItemFactory' => __DIR__ . '/src/UnicaenAuth/View/Helper/UserProfileSelectRadioItemFactory.php',
'UnicaenAuth\View\Helper\UserProfileSelectFactory' => __DIR__ . '/src/UnicaenAuth/View/Helper/UserProfileSelectFactory.php',
'UnicaenAuth\View\Helper\UserProfile' => __DIR__ . '/src/UnicaenAuth/View/Helper/UserProfile.php',
'UnicaenAuth\View\Helper\UserCurrent' => __DIR__ . '/src/UnicaenAuth/View/Helper/UserCurrent.php',
'UnicaenAuth\View\Helper\UserConnection' => __DIR__ . '/src/UnicaenAuth/View/Helper/UserConnection.php',
'UnicaenAuth\Controller\DroitsController' => __DIR__ . '/src/UnicaenAuth/Controller/DroitsController.php',
'UnicaenAuth\Controller\UtilisateurController' => __DIR__ . '/src/UnicaenAuth/Controller/UtilisateurController.php',
'UnicaenAuth\Provider\Role\ConfigServiceFactory' => __DIR__ . '/src/UnicaenAuth/Provider/Role/ConfigServiceFactory.php',
'UnicaenAuth\Provider\Role\Config' => __DIR__ . '/src/UnicaenAuth/Provider/Role/Config.php',
'UnicaenAuth\Provider\Role\UsernameServiceFactory' => __DIR__ . '/src/UnicaenAuth/Provider/Role/UsernameServiceFactory.php',
'UnicaenAuth\Provider\Role\DbRole' => __DIR__ . '/src/UnicaenAuth/Provider/Role/DbRole.php',
'UnicaenAuth\Provider\Role\DbRoleServiceFactory' => __DIR__ . '/src/UnicaenAuth/Provider/Role/DbRoleServiceFactory.php',
'UnicaenAuth\Provider\Role\Username' => __DIR__ . '/src/UnicaenAuth/Provider/Role/Username.php',
'UnicaenAuth\Provider\Privilege\PrivilegeProviderAwareTrait' => __DIR__ . '/src/UnicaenAuth/Provider/Privilege/PrivilegeProviderAwareTrait.php',
'UnicaenAuth\Provider\Privilege\PrivilegeProviderInterface' => __DIR__ . '/src/UnicaenAuth/Provider/Privilege/PrivilegeProviderInterface.php',
'UnicaenAuth\Provider\Privilege\Privileges' => __DIR__ . '/src/UnicaenAuth/Provider/Privilege/Privileges.php',
'UnicaenAuth\Provider\Rule\PrivilegeRuleProvider' => __DIR__ . '/src/UnicaenAuth/Provider/Rule/PrivilegeRuleProvider.php',
'UnicaenAuth\Provider\Identity\DbServiceFactory' => __DIR__ . '/src/UnicaenAuth/Provider/Identity/DbServiceFactory.php',
'UnicaenAuth\Provider\Identity\Basic' => __DIR__ . '/src/UnicaenAuth/Provider/Identity/Basic.php',
'UnicaenAuth\Provider\Identity\Ldap' => __DIR__ . '/src/UnicaenAuth/Provider/Identity/Ldap.php',
'UnicaenAuth\Provider\Identity\Db' => __DIR__ . '/src/UnicaenAuth/Provider/Identity/Db.php',
'UnicaenAuth\Provider\Identity\Chain' => __DIR__ . '/src/UnicaenAuth/Provider/Identity/Chain.php',
'UnicaenAuth\Provider\Identity\ChainableProvider' => __DIR__ . '/src/UnicaenAuth/Provider/Identity/ChainableProvider.php',
'UnicaenAuth\Provider\Identity\LdapServiceFactory' => __DIR__ . '/src/UnicaenAuth/Provider/Identity/LdapServiceFactory.php',
'UnicaenAuth\Provider\Identity\BasicServiceFactory' => __DIR__ . '/src/UnicaenAuth/Provider/Identity/BasicServiceFactory.php',
'UnicaenAuth\Provider\Identity\ChainServiceFactory' => __DIR__ . '/src/UnicaenAuth/Provider/Identity/ChainServiceFactory.php',
'UnicaenAuth\Provider\Identity\ChainEvent' => __DIR__ . '/src/UnicaenAuth/Provider/Identity/ChainEvent.php',
'UnicaenAuth\Event\UserAuthenticatedEvent' => __DIR__ . '/src/UnicaenAuth/Event/UserAuthenticatedEvent.php',
'UnicaenAuth\Event\Listener\AuthenticatedUserSavedAbstractListener' => __DIR__ . '/src/UnicaenAuth/Event/Listener/AuthenticatedUserSavedAbstractListener.php',
'UnicaenAuth\Form\Droits\Traits\RoleFormAwareTrait' => __DIR__ . '/src/UnicaenAuth/Form/Droits/Traits/RoleFormAwareTrait.php',
'UnicaenAuth\Form\Droits\RoleForm' => __DIR__ . '/src/UnicaenAuth/Form/Droits/RoleForm.php',
'RoleFormHydrator' => __DIR__ . '/src/UnicaenAuth/Form/Droits/RoleForm.php',
);
<?php
use UnicaenAuth\Authentication\Adapter\AdapterChainServiceFactory;
use UnicaenAuth\Authentication\Adapter\CasAdapterFactory;
use UnicaenAuth\Authentication\Adapter\DbAdapterFactory;
use UnicaenAuth\Authentication\Adapter\LdapAdapterFactory;
use UnicaenAuth\Authentication\Adapter\ShibAdapterFactory;
use UnicaenAuth\Authentication\Storage\DbFactory;
use UnicaenAuth\Authentication\Storage\LdapFactory;
use UnicaenAuth\Authentication\Storage\ShibFactory;
use UnicaenAuth\Controller\AuthControllerFactory;
use UnicaenAuth\Controller\DroitsControllerFactory;
use UnicaenAuth\Controller\UtilisateurControllerFactory;
use UnicaenAuth\Form\CasLoginForm;
use UnicaenAuth\Form\CasLoginFormFactory;
use UnicaenAuth\Form\Droits\RoleFormFactory;
use UnicaenAuth\Form\ShibLoginForm;
use UnicaenAuth\Form\ShibLoginFormFactory;
use UnicaenAuth\Guard\PrivilegeControllerFactory;
use UnicaenAuth\Guard\PrivilegeRouteFactory;
use UnicaenAuth\ORM\Event\Listeners\HistoriqueListenerFactory;
use UnicaenAuth\Provider\Rule\PrivilegeRuleProviderFactory;
use UnicaenAuth\Service\CasService;
use UnicaenAuth\Service\CasServiceFactory;
use UnicaenAuth\Service\ShibService;
use UnicaenAuth\Service\ShibServiceFactory;
use UnicaenAuth\Service\UserContextFactory;
use UnicaenAuth\Service\UserFactory;
use UnicaenAuth\Service\UserMapperFactory;
use UnicaenAuth\View\Helper\CasConnectViewHelper;
use UnicaenAuth\View\Helper\CasConnectViewHelperFactory;
use UnicaenAuth\View\Helper\ConnectViewHelper;
use UnicaenAuth\View\Helper\DbConnectViewHelper;
use UnicaenAuth\View\Helper\DbConnectViewHelperFactory;
use UnicaenAuth\View\Helper\LdapConnectViewHelper;
use UnicaenAuth\View\Helper\LdapConnectViewHelperFactory;
use UnicaenAuth\View\Helper\LocalConnectViewHelper;
......@@ -42,25 +58,120 @@ use Zend\Authentication\AuthenticationService;
use Zend\ServiceManager\Proxy\LazyServiceFactory;
$settings = [
/**
* Configuration de l'authentification via la fédération d'identité (Shibboleth).
*/
'shib' => [
/**
* Ordre d'affichage du formulaire de connexion.
*/
'order' => 1,
/**
* Configuration de l'authentification locale.
* Activation ou non de ce mode d'authentification.
*/
'local' => [
'enabled' => false,
/**
* Possibilité ou non de s'authentifier à l'aide d'un compte local.
* Description facultative de ce mode d'authentification qui apparaîtra sur le formulaire de connexion.
*/
'description' => "Cliquez sur le bouton ci-dessous pour accéder à l'authentification via la fédération d'identité.",
/**
* URL de déconnexion.
*/
//'logout_url' => '/Shibboleth.sso/Logout?return=', // NB: '?return=' semble obligatoire!
/*
'simulate' => [
'eppn' => 'login@domain.fr',
'supannEmpId' => '00012345',
],
'aliases' => [
'eppn' => 'HTTP_EPPN',
'mail' => 'HTTP_MAIL',
'eduPersonPrincipalName' => 'HTTP_EPPN',
'supannEtuId' => 'HTTP_SUPANNETUID',
'supannEmpId' => 'HTTP_SUPANNEMPID',
'supannCivilite' => 'HTTP_SUPANNCIVILITE',
'displayName' => 'HTTP_DISPLAYNAME',
'sn' => 'HTTP_SN',
'givenName' => 'HTTP_GIVENNAME',
],
/*
'required_attributes' => [
'eppn',
'mail',
'eduPersonPrincipalName',
'supannCivilite',
'displayName',
'sn|surname', // i.e. 'sn' ou 'surname'
'givenName',
'supannEtuId|supannEmpId',
],
*/
'enabled' => true,
],
/**
* Configuration de l'authentification LDAP.
* Configuration de l'authentification LDAP (compte établissement).
*/
'ldap' => [
'order' => 2,
'enabled' => true,
'description' => "Utilisez ce formulaire pour vous connecter avec votre compte numérique établissement.",
/**
* Possibilité ou non de s'authentifier via l'annuaire LDAP.
* Type de substitution.
* Permet de "fusionner" les types d'authentification locale (db) et établissement (ldap) et donc leurs
* formulaires de connexion respectifs.
*/
'enabled' => true,
'type' => 'local',
],
/**
* Configuration de l'authentification locale (compte propre à l'appli).
*/
'db' => [
'order' => 3,
'enabled' => false,
/**
* Type de substitution.
* Permet de "grouper" les types d'authentification locale (db) et établissement (ldap) sous un même
* formulaire de connexion.
*/
'type' => 'local',
/**
* Description facultative de ce mode d'authentification qui apparaîtra sur le formulaire d'authentification.
* NB: si la valeur de 'order' pour le type 'db' est supérieure à celle pour le type 'ldap',
* c'est cette description qui sera visible.
*/
'description' => "Utilisez ce formulaire si vous possédez un compte local propre à l'application.",
],
/**
* Configuration de l'authentification centralisée (CAS).
*/
'cas' => [
'order' => 4,
'enabled' => false,
'description' => "Cliquez sur le bouton ci-dessous pour accéder à l'authentification centralisée.",
/**
* Infos de connexion au serveur CAS.
*/
'connection' => [
'default' => [
'params' => [
'hostname' => 'host.domain.fr',
'port' => 443,
'version' => "2.0",
'uri' => "",
'debug' => false,
],
],
]
],
/**
......@@ -129,9 +240,10 @@ return [
* Accepted values: array containing services that implement 'ZfcUser\Authentication\Adapter\ChainableAdapter'
*/
'auth_adapters' => [
300 => 'UnicaenAuth\Authentication\Adapter\Ldap', // notifié en 1er
200 => 'UnicaenAuth\Authentication\Adapter\Db', // ensuite (si échec d'authentification Ldap)
100 => 'UnicaenAuth\Authentication\Adapter\Cas', // ensuite (si échec d'authentification Db)
300 => 'UnicaenAuth\Authentication\Adapter\Ldap',
200 => 'UnicaenAuth\Authentication\Adapter\Db',
100 => 'UnicaenAuth\Authentication\Adapter\Cas',
50 => 'UnicaenAuth\Authentication\Adapter\Shib',
],
// telling ZfcUser to use our own class
......@@ -184,6 +296,9 @@ return [
['controller' => 'UnicaenApp\Controller\Application', 'action' => 'refresh-session', 'roles' => 'guest'],
['controller' => 'UnicaenAuth\Controller\Utilisateur', 'action' => 'selectionner-profil', 'roles' => 'guest'],
['controller' => 'UnicaenAuth\Controller\Auth', 'action' => 'login', 'roles' => 'guest'],
['controller' => 'UnicaenAuth\Controller\Auth', 'action' => 'authenticate', 'roles' => 'guest'],
['controller' => 'UnicaenAuth\Controller\Auth', 'action' => 'logout', 'roles' => 'guest'],
['controller' => 'UnicaenAuth\Controller\Auth', 'action' => 'shibboleth', 'roles' => 'guest'],
['controller' => 'UnicaenAuth\Controller\Auth', 'action' => 'requestPasswordReset', 'roles' => 'guest'],
['controller' => 'UnicaenAuth\Controller\Auth', 'action' => 'changePassword', 'roles' => 'guest'],
......@@ -287,21 +402,31 @@ return [
'may_terminate' => true,
'child_routes' => [
'login' => [
'type' => 'Literal',
'type' => 'Segment',
'options' => [
'route' => '/connexion',
'route' => '/connexion[/:type]',
'defaults' => [
'controller' => 'zfcuser',
'controller' => 'UnicaenAuth\Controller\Auth', // remplace 'zfcuser'
'action' => 'login',
],
],
],
'authenticate' => array(
'type' => 'Segment',
'options' => array(
'route' => '/authenticate/:type',
'defaults' => array(
'controller' => 'UnicaenAuth\Controller\Auth', // remplace 'zfcuser'
'action' => 'authenticate',
),
),
),
'logout' => [
'type' => 'Literal',
'options' => [
'route' => '/deconnexion',
'defaults' => [
'controller' => 'zfcuser',
'controller' => 'UnicaenAuth\Controller\Auth', // remplace 'zfcuser'
'action' => 'logout',
],
],
......@@ -462,9 +587,6 @@ return [
'UnicaenAuth\View\RedirectionStrategy' => 'UnicaenAuth\View\RedirectionStrategy',
'UnicaenAuth\Service\CategoriePrivilege' => 'UnicaenAuth\Service\CategoriePrivilegeService',
],
'abstract_factories' => [
'UnicaenAuth\Authentication\Adapter\AbstractFactory',
],
'factories' => [
'unicaen-auth_module_options' => 'UnicaenAuth\Options\ModuleOptionsFactory',
'zfcuser_auth_service' => 'UnicaenAuth\Authentication\AuthenticationServiceFactory',
......@@ -480,10 +602,15 @@ return [
'UnicaenAuth\Service\Privilege' => 'UnicaenAuth\Service\PrivilegeServiceFactory',
'BjyAuthorize\Service\Authorize' => 'UnicaenAuth\Service\AuthorizeServiceFactory', // substituion
'zfcuser_redirect_callback' => 'UnicaenAuth\Authentication\RedirectCallbackFactory', // substituion
CasService::class => CasServiceFactory::class,
ShibService::class => ShibServiceFactory::class,
'UnicaenAuth\Service\UserContext' => UserContextFactory::class,
'zfcuser_user_mapper' => UserMapperFactory::class,
'MouchardCompleterAuth' => 'UnicaenAuth\Mouchard\MouchardCompleterAuthFactory',
'UnicaenAuth\Authentication\Adapter\Ldap' => LdapAdapterFactory::class,
'UnicaenAuth\Authentication\Adapter\Db' => DbAdapterFactory::class,
'UnicaenAuth\Authentication\Adapter\Cas' => CasAdapterFactory::class,
'UnicaenAuth\Authentication\Adapter\Shib' => ShibAdapterFactory::class,
'UnicaenAuth\Authentication\Storage\Db' => DbFactory::class,
'UnicaenAuth\Authentication\Storage\Ldap' => LdapFactory::class,
'UnicaenAuth\Authentication\Storage\Shib' => ShibFactory::class,
......@@ -492,6 +619,10 @@ return [
'UnicaenAuth\Guard\PrivilegeRoute' => PrivilegeRouteFactory::class,
'UnicaenAuth\Provider\Rule\PrivilegeRuleProvider' => PrivilegeRuleProviderFactory::class,
CasLoginForm::class => CasLoginFormFactory::class,
ShibLoginForm::class => ShibLoginFormFactory::class,
'ZfcUser\Authentication\Adapter\AdapterChain' => AdapterChainServiceFactory::class,
'UnicaenApp\HistoriqueListener' => HistoriqueListenerFactory::class,
'UnicaenAuth\HistoriqueListener' => HistoriqueListenerFactory::class,
\UnicaenAuth\Event\EventManager::class => \UnicaenAuth\Event\EventManagerFactory::class
......@@ -543,9 +674,12 @@ return [
'userProfileSelect' => UserProfileSelect::class,
'userProfileSelectRadioItem' => UserProfileSelectRadioItem::class,
'userUsurpation' => UserUsurpationHelper::class,
'dbConnect' => DbConnectViewHelper::class,
'localConnect' => LocalConnectViewHelper::class,
'ldapConnect' => LdapConnectViewHelper::class,
'shibConnect' => ShibConnectViewHelper::class,
'casConnect' => CasConnectViewHelper::class,
'connect' => ConnectViewHelper::class,
],
'factories' => [
UserConnection::class => UserConnectionFactory::class,
......@@ -556,12 +690,15 @@ return [
UserProfileSelect::class => UserProfileSelectFactory::class,
UserProfileSelectRadioItem::class => UserProfileSelectRadioItemFactory::class,
UserUsurpationHelper::class => UserUsurpationHelperFactory::class,
DbConnectViewHelper::class => DbConnectViewHelperFactory::class,
LocalConnectViewHelper::class => LocalConnectViewHelperFactory::class,
LdapConnectViewHelper::class => LdapConnectViewHelperFactory::class,
ShibConnectViewHelper::class => ShibConnectViewHelperFactory::class,
CasConnectViewHelper::class => CasConnectViewHelperFactory::class,
],
'invokables' => [
'appConnection' => 'UnicaenAuth\View\Helper\AppConnection',
ConnectViewHelper::class,
],
],
];
\ No newline at end of file
<?php
/**
* UnicaenAuth Global Configuration
*
* If you have a ./config/autoload/ directory set up for your project, you can
* drop this config file in it and change the values as you wish.
*/
$settings = [
/**
* Configuration de l'authentification locale.
*/
'local' => [
/**
* Affichage ou non du formulaire d'authentification avec un compte local.
*/
'enabled' => false,
],
/**
* Configuration de l'authentification LDAP.
*/
'ldap' => [
/**
* Affichage ou non du formulaire d'authentification via l'annuaire LDAP.
* NB: en réalité cela permet aussi l'authentification avec un compte local.
*/
'enabled' => true,
],
/**
* Configuration de l'authentification Shibboleth.
*/
'shibboleth' => [
/**
* Affichage ou non du formulaire d'authentification via l'annuaire LDAP.
* NB: en réalité cela permet aussi l'authentification avec un compte local.
*/
'enable' => false,
/**
* URL de déconnexion.
*/
'logout_url' => '/Shibboleth.sso/Logout?return=', // NB: '?return=' semble obligatoire!
],
/**
* Flag indiquant si l'utilisateur authenitifié avec succès via l'annuaire LDAP doit
* être enregistré/mis à jour dans la table des utilisateurs de l'appli.
......
<?php
use UnicaenAuth\Authentication\Adapter\Shib;
use UnicaenAuth\Authentication\Adapter\Cas;
use UnicaenAuth\Authentication\Adapter\Ldap;
use UnicaenAuth\Authentication\Adapter\Db;
return [
'unicaen-auth' => [
/**
* Configuration de l'authentification via la fédération d'identité (Shibboleth).
*/
'shib' => [
/**
* Ordre d'affichage du formulaire de connexion.
*/
'order' => 1,
/**
* Configuration de l'authentification Shibboleth.
* Activation ou non de ce mode d'authentification.
*/
'enabled' => true,
/**
* Description facultative de ce mode d'authentification qui apparaîtra sur le formulaire de connexion.
*/
'description' =>
"Cliquez sur le bouton ci-dessous pour accéder à l'authentification via la fédération d'identité. " .
"<strong>NB: Vous devrez utiliser votre compte " .
"&laquo; <a href='http://vie-etudiante.unicaen.fr/vie-numerique/etupass/'>etupass</a> &raquo; " .
"pour vous authentifier...</strong>",
/**
* URL de déconnexion.
*/
'logout_url' => '/Shibboleth.sso/Logout?return=', // NB: '?return=' semble obligatoire!
/**
* Simulation d'authentification d'un utilisateur.
*/
'shibboleth' => [
'enable' => false,
'simulate' => [
'eppn' => 'gauthierb@unicaen.fr',
'supannEmpId' => '00021237',
],
/**
* Alias éventuels des clés renseignées par Shibboleth dans la variable superglobale $_SERVER
* une fois l'authentification réussie.
*/
'aliases' => [
'eppn' => 'HTTP_EPPN',
'mail' => 'HTTP_MAIL',
......@@ -24,6 +59,10 @@ return [
'givenName' => 'HTTP_GIVENNAME',
],
/*
/**
* Clés dont la présence sera requise par l'application dans la variable superglobale $_SERVER
* une fois l'authentification réussie.
*/
'required_attributes' => [
'eppn',
'mail',
......@@ -38,16 +77,49 @@ return [
],
/**
* Paramètres de connexion au serveur CAS :
* - pour désactiver l'authentification CAS, le tableau 'cas' doit être vide.
* - pour l'activer, renseigner les paramètres.
* Configuration de l'authentification LDAP (compte établissement).
*/
'ldap' => [
'order' => 2,
'enabled' => true,
/**
* Type de substitution.
* Permet de "fusionner" les types d'authentification locale (db) et établissement (ldap) et donc leurs
* formulaires de connexion respectifs.
*/
'type' => 'local',
],
/**
* Configuration de l'authentification locale (compte propre à l'appli).
*/
'db' => [
'order' => 3,
'enabled' => true,
'type' => 'local',
/**
* Description facultative de ce mode d'authentification qui apparaîtra sur le formulaire d'authentification.
* (NB: Si l'authentification LDAP est également activée, c'est cette description qui sera utilisée)
*/
'description' => "Utilisez ce formulaire si vous possédez un compte local propre à l'application.",
],
/**
* Configuration de l'authentification centralisée (CAS).