Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support simplesaml's internal session naming #757

Merged
merged 4 commits into from
Jan 21, 2019
Merged

Support simplesaml's internal session naming #757

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
1aad29b
Update to support simplesaml session naming
plessbd Dec 21, 2018
34a731f
update logout to work 'correctly'
plessbd Dec 21, 2018
f9f3151
Code review updates
plessbd Jan 17, 2019
3d60e86
Merge branch 'xdmod8.1' into samlupdates
plessbd Jan 18, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
30 changes: 21 additions & 9 deletions classes/Authentication/SAML/XDSamlAuthentication.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,18 +18,18 @@ class XDSamlAuthentication
protected $_as = null;

/**
* Enumerated potential auth sources
* The selected auth source name (used for logout)
*
* @var array
* @var string
*/
protected $_sources = null;

protected $authSourceName = null;
/**
* Whether or not SAML is configured. Defaults to false.
* Enumerated potential auth sources
*
* @var boolean
* @var array
*/
protected $_isConfigured = false;
protected $_sources = null;

const BASE_ADMIN_EMAIL = <<<EML

Expand Down Expand Up @@ -70,8 +70,10 @@ public function __construct()
$authSource = null;
}
if (!is_null($authSource) && array_search($authSource, $this->_sources) !== false) {
$this->authSourceName = $authSource;
$this->_as = new \SimpleSAML\Auth\Simple($authSource);
} else {
$this->authSourceName = $this->_sources[0];
$this->_as = new \SimpleSAML\Auth\Simple($this->_sources[0]);
}
}
Expand All @@ -84,10 +86,17 @@ public function __construct()
*/
public function isSamlConfigured()
plessbd marked this conversation as resolved.
Show resolved Hide resolved
{
$this->_isConfigured = count($this->_sources) > 0 ? true : false;
return $this->_isConfigured;
return !empty($this->_sources);
}

/**
* Logs out of the saml session
*/
public function logout(){
if ($this->isSamlConfigured()) {
\SimpleSAML_Session::getSessionFromRequest()->doLogout($this->authSourceName);
}
}
/**
* Attempts to find a valid XDMoD user associated with the attributes we receive from SAML
*
Expand All @@ -97,7 +106,10 @@ public function isSamlConfigured()
public function getXdmodAccount()
{
$samlAttrs = $this->_as->getAttributes();

/*
* SimpleSAMLphp uses its own session, this sets it back.
*/
\SimpleSAML_Session::getSessionFromRequest()->cleanup();
if ($this->_as->isAuthenticated()) {
$userName = $samlAttrs['username'][0];

Expand Down
10 changes: 10 additions & 0 deletions classes/XDSessionManager.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -133,6 +133,16 @@ public static function logoutUser($token = "")
// authentication (via tokens) trip the first Exception as the
// result of invoking resolveUserFromToken($token)
session_destroy();

try {
$auth = new Authentication\SAML\XDSamlAuthentication();
$auth->logout();
} catch (InvalidArgumentException $ex) {
// This will catch when apache or nginx have been set up
// to to have an alternate saml configuration directory
// that does not exist, so we ignore it as saml isnt set
// up and we dont have to do anything with it
}
}

/**
Expand Down
4 changes: 1 addition & 3 deletions docs/simpleSAMLphp.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -47,10 +47,8 @@ You will need to modify the `config.php` file and make sure you modify the `meta
),
...
```
two other keys that might need to be set if you are having errors
If you are having errors you might need to check the trusted domains setting
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How does the admin know if they need to check the settings? Please enumerate the conditions when they might need to and might not need to check them.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If you are having errors

We had at least one person that had to change the trusted domains setting, I never figured out exactly what their setup was that made them have to do this. But since I had run into it once, I put it in there.

```php
...
'session.phpsession.cookiename' => null,
...
'trusted.url.domains' => array('f.q.dn.of.xdmod'),
...
Expand Down
9 changes: 6 additions & 3 deletions html/gui/general/login.php
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
<?php
require_once __DIR__ . '/../../../configuration/linker.php';

@session_start();
$formal_name = isset($_REQUEST['xd_user_formal_name']) ? $_REQUEST['xd_user_formal_name'] : "";
$samlError = false;
$auth = null;
Expand All @@ -9,7 +9,10 @@
try {
$auth = new Authentication\SAML\XDSamlAuthentication();
} catch (InvalidArgumentException $ex) {
// This will catch when a configuration directory does not exist if it is set in the environment level
// This will catch when apache or nginx have been set up
// to to have an alternate saml configuration directory
// that does not exist, so we ignore it as saml isnt set
// up and we dont have to do anything with it
}
try {
if ($auth && $auth->isSamlConfigured()) {
Expand Down Expand Up @@ -50,7 +53,7 @@
function loadPortal() {
setTimeout(function(){
parent.location.href = '/index.php' + document.location.hash;
}, 3000);
}, 1500);
}

function contactAdmin() {
Expand Down
1 change: 0 additions & 1 deletion open_xdmod/modules/xdmod/integration_tests/scripts/samlSetup.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -136,7 +136,6 @@ sed -i -- 's%#</Directory>%</Directory>%' /etc/httpd/conf.d/xdmod.conf

cp "$VENDOR_DIR/simplesamlphp/simplesamlphp/config-templates/config.php" "$VENDOR_DIR/simplesamlphp/simplesamlphp/config/config.php"
sed -i -- "s/'trusted.url.domains' => array(),/'trusted.url.domains' => array('localhost:8080'),/" "$VENDOR_DIR/simplesamlphp/simplesamlphp/config/config.php"
sed -i -- "s/'session.phpsession.cookiename' => 'SimpleSAML',/'session.phpsession.cookiename' => null,/" "$VENDOR_DIR/simplesamlphp/simplesamlphp/config/config.php"

cat > "$VENDOR_DIR/simplesamlphp/simplesamlphp/config/authsources.php" <<EOF
<?php
Expand Down