Commit f505c836 authored by Bertrand Gauthier's avatar Bertrand Gauthier
Browse files

Auth shibboleth: ajout possibilité de spécifier des alias d'attributs (ex:...

Auth shibboleth: ajout possibilité de spécifier des alias d'attributs (ex: 'HTTP_EPPN' pour 'eppn') ; abandon de l'attribut 'REMOTE_USER' pas toujours présent, au profit de 'eppn'
parent b73dc8a1
...@@ -60,8 +60,7 @@ EOS; ...@@ -60,8 +60,7 @@ EOS;
if ($this->authenticatedUser === null) { if ($this->authenticatedUser === null) {
// gestion de l'usurpation éventuelle // gestion de l'usurpation éventuelle
$this->handleUsurpation(); $this->handleUsurpation();
if (! $this->getServerArrayVariable('eppn')) {
if (empty($_SERVER['REMOTE_USER'])) {
return null; return null;
} }
...@@ -95,6 +94,21 @@ EOS; ...@@ -95,6 +94,21 @@ EOS;
return $options['simulate']; return $options['simulate'];
} }
/**
* @param string $attributeName
* @return string
*/
public function getShibbolethAliasFor($attributeName)
{
$options = $this->options->getShibboleth();
if (! array_key_exists('aliases', $options) || ! is_array($options['aliases']) || ! isset($options['aliases'][$attributeName])) {
return null;
}
return $options['aliases'][$attributeName];
}
/** /**
* Retourne true si la simulation d'un utilisateur authentifié via Shibboleth est en cours. * Retourne true si la simulation d'un utilisateur authentifié via Shibboleth est en cours.
* *
...@@ -235,12 +249,12 @@ EOS; ...@@ -235,12 +249,12 @@ EOS;
*/ */
public function simulateAuthenticatedUser(ShibUser $shibUser, $keyForId = 'supannEmpId') public function simulateAuthenticatedUser(ShibUser $shibUser, $keyForId = 'supannEmpId')
{ {
$_SERVER['REMOTE_USER'] = $shibUser->getEppn(); $this->setServerArrayVariable('eppn', $shibUser->getEppn());
$_SERVER[$keyForId] = $shibUser->getId(); $this->setServerArrayVariable($keyForId, $shibUser->getId());
$_SERVER['displayName'] = $shibUser->getDisplayName(); $this->setServerArrayVariable('displayName', $shibUser->getDisplayName());
$_SERVER['mail'] = $shibUser->getEmail(); $this->setServerArrayVariable('mail', $shibUser->getEmail());
$_SERVER['sn'] = $shibUser->getNom(); $this->setServerArrayVariable('sn', $shibUser->getNom());
$_SERVER['givenName'] = $shibUser->getPrenom(); $this->setServerArrayVariable('givenName', $shibUser->getPrenom());
} }
/** /**
...@@ -248,41 +262,41 @@ EOS; ...@@ -248,41 +262,41 @@ EOS;
*/ */
private function createShibUserFromServerArrayData() private function createShibUserFromServerArrayData()
{ {
$eppn = $_SERVER['REMOTE_USER']; $eppn = $this->getServerArrayVariable('eppn');
if (isset($_SERVER['supannEtuId'])) { if ($value = $this->getServerArrayVariable('supannEtuId')) {
$id = $_SERVER['supannEtuId']; $id = $value;
} elseif (isset($_SERVER['supannEmpId'])) { } elseif ($value = $this->getServerArrayVariable('supannEmpId')) {
$id = $_SERVER['supannEmpId']; $id = $value;
} else { } else {
throw new RuntimeException('Un au moins des attributs Shibboleth suivants doit exister dans $_SERVER : supannEtuId, supannEmpId.'); throw new RuntimeException('Un au moins des attributs Shibboleth suivants doit exister dans $_SERVER : supannEtuId, supannEmpId.');
} }
$mail = null; $mail = null;
if (isset($_SERVER['mail'])) { if ($value = $this->getServerArrayVariable('mail')) {
$mail = $_SERVER['mail']; $mail = $value;
} }
$displayName = null; $displayName = null;
if (isset($_SERVER['displayName'])) { if ($value = $this->getServerArrayVariable('displayName')) {
$displayName = $_SERVER['displayName']; $displayName = $value;
} }
$surname = null; $surname = null;
if (isset($_SERVER['sn'])) { if ($value = $this->getServerArrayVariable('sn')) {
$surname = $_SERVER['sn']; $surname = $value;
} elseif (isset($_SERVER['surname'])) { } elseif ($value = $this->getServerArrayVariable('surname')) {
$surname = $_SERVER['surname']; $surname = $value;
} }
$givenName = null; $givenName = null;
if (isset($_SERVER['givenName'])) { if ($value = $this->getServerArrayVariable('givenName')) {
$givenName = $_SERVER['givenName']; $givenName = $value;
} }
$civilite = null; $civilite = null;
if (isset($_SERVER['supannCivilite'])) { if ($value = $this->getServerArrayVariable('supannCivilite')) {
$civilite = $_SERVER['supannCivilite']; $civilite = $value;
} }
$shibUser = new ShibUser(); $shibUser = new ShibUser();
...@@ -373,4 +387,30 @@ EOS; ...@@ -373,4 +387,30 @@ EOS;
], ],
]); ]);
} }
/**
* @param string $name
* @param string $value
*/
private function setServerArrayVariable($name, $value)
{
$key = $this->getShibbolethAliasFor($name) ?: $name;
$_SERVER[$key] = $value;
}
/**
* @param $name
* @return string
*/
private function getServerArrayVariable($name)
{
$key = $this->getShibbolethAliasFor($name) ?: $name;
if (! array_key_exists($key, $_SERVER)) {
return null;
}
return $_SERVER[$key];
}
} }
\ No newline at end of file
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment