Commit f505c836 authored by Bertrand Gauthier's avatar Bertrand Gauthier
Browse files

Auth shibboleth: ajout possibilité de spécifier des alias d'attributs (ex:...

Auth shibboleth: ajout possibilité de spécifier des alias d'attributs (ex: 'HTTP_EPPN' pour 'eppn') ; abandon de l'attribut 'REMOTE_USER' pas toujours présent, au profit de 'eppn'
parent b73dc8a1
......@@ -60,8 +60,7 @@ EOS;
if ($this->authenticatedUser === null) {
// gestion de l'usurpation éventuelle
$this->handleUsurpation();
if (empty($_SERVER['REMOTE_USER'])) {
if (! $this->getServerArrayVariable('eppn')) {
return null;
}
......@@ -95,6 +94,21 @@ EOS;
return $options['simulate'];
}
/**
* @param string $attributeName
* @return string
*/
public function getShibbolethAliasFor($attributeName)
{
$options = $this->options->getShibboleth();
if (! array_key_exists('aliases', $options) || ! is_array($options['aliases']) || ! isset($options['aliases'][$attributeName])) {
return null;
}
return $options['aliases'][$attributeName];
}
/**
* Retourne true si la simulation d'un utilisateur authentifié via Shibboleth est en cours.
*
......@@ -235,12 +249,12 @@ EOS;
*/
public function simulateAuthenticatedUser(ShibUser $shibUser, $keyForId = 'supannEmpId')
{
$_SERVER['REMOTE_USER'] = $shibUser->getEppn();
$_SERVER[$keyForId] = $shibUser->getId();
$_SERVER['displayName'] = $shibUser->getDisplayName();
$_SERVER['mail'] = $shibUser->getEmail();
$_SERVER['sn'] = $shibUser->getNom();
$_SERVER['givenName'] = $shibUser->getPrenom();
$this->setServerArrayVariable('eppn', $shibUser->getEppn());
$this->setServerArrayVariable($keyForId, $shibUser->getId());
$this->setServerArrayVariable('displayName', $shibUser->getDisplayName());
$this->setServerArrayVariable('mail', $shibUser->getEmail());
$this->setServerArrayVariable('sn', $shibUser->getNom());
$this->setServerArrayVariable('givenName', $shibUser->getPrenom());
}
/**
......@@ -248,41 +262,41 @@ EOS;
*/
private function createShibUserFromServerArrayData()
{
$eppn = $_SERVER['REMOTE_USER'];
$eppn = $this->getServerArrayVariable('eppn');
if (isset($_SERVER['supannEtuId'])) {
$id = $_SERVER['supannEtuId'];
} elseif (isset($_SERVER['supannEmpId'])) {
$id = $_SERVER['supannEmpId'];
if ($value = $this->getServerArrayVariable('supannEtuId')) {
$id = $value;
} elseif ($value = $this->getServerArrayVariable('supannEmpId')) {
$id = $value;
} else {
throw new RuntimeException('Un au moins des attributs Shibboleth suivants doit exister dans $_SERVER : supannEtuId, supannEmpId.');
}
$mail = null;
if (isset($_SERVER['mail'])) {
$mail = $_SERVER['mail'];
if ($value = $this->getServerArrayVariable('mail')) {
$mail = $value;
}
$displayName = null;
if (isset($_SERVER['displayName'])) {
$displayName = $_SERVER['displayName'];
if ($value = $this->getServerArrayVariable('displayName')) {
$displayName = $value;
}
$surname = null;
if (isset($_SERVER['sn'])) {
$surname = $_SERVER['sn'];
} elseif (isset($_SERVER['surname'])) {
$surname = $_SERVER['surname'];
if ($value = $this->getServerArrayVariable('sn')) {
$surname = $value;
} elseif ($value = $this->getServerArrayVariable('surname')) {
$surname = $value;
}
$givenName = null;
if (isset($_SERVER['givenName'])) {
$givenName = $_SERVER['givenName'];
if ($value = $this->getServerArrayVariable('givenName')) {
$givenName = $value;
}
$civilite = null;
if (isset($_SERVER['supannCivilite'])) {
$civilite = $_SERVER['supannCivilite'];
if ($value = $this->getServerArrayVariable('supannCivilite')) {
$civilite = $value;
}
$shibUser = new ShibUser();
......@@ -373,4 +387,30 @@ EOS;
],
]);
}
/**
* @param string $name
* @param string $value
*/
private function setServerArrayVariable($name, $value)
{
$key = $this->getShibbolethAliasFor($name) ?: $name;
$_SERVER[$key] = $value;
}
/**
* @param $name
* @return string
*/
private function getServerArrayVariable($name)
{
$key = $this->getShibbolethAliasFor($name) ?: $name;
if (! array_key_exists($key, $_SERVER)) {
return null;
}
return $_SERVER[$key];
}
}
\ No newline at end of file
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment