Commit 004c45ea authored by Piers Harding's avatar Piers Harding Committed by Robert Lyon

Bug 1579285: Make ssphp a managed dependency

* Add SimpleSAMLphp as a managed dependency
of auth/saml using make to pull to auth/saml/extlib

behatnotneeded

Change-Id: I38c1eb4b44f9698ceef0ab99b019c9a3403ff45a
parent 984de894
......@@ -24,6 +24,8 @@ help:
@echo "Run 'make' to do "build" Mahara (currently only CSS)"
@echo "Run 'make initcomposer' to install Composer and phpunit"
@echo "Run 'make phpunit' to execute phpunit tests"
@echo "Run 'make ssphp' to install SimpleSAMLphp"
@echo "Run 'make cleanssphp' to remove SimpleSAMLphp"
@echo "Run 'make imageoptim' to losslessly optimise all images"
@echo "Run 'make minaccept' to run the quick pre-commit tests"
@echo "Run 'make checksignoff' to check that your commits are all Signed-off-by"
......@@ -37,16 +39,34 @@ imageoptim:
composer := $(shell ls external/composer.phar 2>/dev/null)
initcomposer:
installcomposer:
ifdef composer
@echo "Updating Composer..."
@php external/composer.phar --working-dir=external update
@echo "Composer allready installed..."
else
@echo "Installing Composer..."
@curl -sS https://getcomposer.org/installer | php -- --install-dir=external
@php external/composer.phar --working-dir=external install
endif
initcomposer: installcomposer
@echo "Updating external dependencies with Composer..."
@php external/composer.phar --working-dir=external update
simplesamlphp := $(shell ls -d htdocs/auth/saml/extlib/simplesamlphp 2>/dev/null)
cleanssphp:
@echo "Cleaning out SimpleSAMLphp..."
rm -rf htdocs/auth/saml/extlib/simplesamlphp
ssphp: installcomposer
ifdef simplesamlphp
@echo "SimpleSAMLphp already exists - doing nothing"
else
@echo "Pulling SimpleSAMLphp from download ..."
@curl -sS https://simplesamlphp.org/res/downloads/simplesamlphp-1.14.3.tar.gz | tar --transform s/simplesamlphp-1.14.3/simplesamlphp/ -C htdocs/auth/saml/extlib -xzf -
@php external/composer.phar --working-dir=htdocs/auth/saml/extlib/simplesamlphp update
endif
vendorphpunit := $(shell external/vendor/bin/phpunit --version 2>/dev/null)
phpunit:
......
<?php
/**
*
* @package mahara
* @subpackage auth-saml
* @author Piers Harding <piers@catalyst.net.nz>
* @author Catalyst IT Ltd
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL version 3 or later
* @copyright For copyright information on Mahara, please see the README file distributed with this software.
*
*/
defined('INTERNAL') || die();
$cert = AuthSaml::get_certificate_path() . 'server.crt';
$key = AuthSaml::get_certificate_path() . 'server.pem';
global $idp_entityid;
$spentityid = get_config_plugin('auth', 'saml', 'spentityid');
if (empty($spentityid)) {
$spentityid = $_SERVER['HTTP_HOST'].'/mahara';
}
$config = array(
// This is a authentication source which handles admin authentication.
'admin' => array(
// The default is to use core:AdminPassword, but it can be replaced with
// any authentication source.
'core:AdminPassword',
),
// An authentication source which can authenticate against both SAML 2.0
// and Shibboleth 1.3 IdPs.
'default-sp' => array(
'saml:SP',
// The entity ID of this SP.
// Can be NULL/unset, in which case an entity ID is generated based on the metadata URL.
'entityID' => $spentityid,
// The entity ID of the IdP this should SP should contact.
// Can be NULL/unset, in which case the user will be shown a list of available IdPs.
// XXX hard code this so that no IdP disco happens
'idp' => $idp_entityid,
// The URL to the discovery service.
// Can be NULL/unset, in which case a builtin discovery service will be used.
'discoURL' => NULL,
'encryption.blacklisted-algorithms' => array(),
'privatekey' => $key,
'privatekey_pass' => get_config('sitename'),
'certificate' => $cert,
'NameIDPolicy' => NULL,
'redirect.sign' => TRUE,
'redirect.validate' => TRUE,
),
);
This diff is collapsed.
<?php
/**
*
* @package mahara
* @subpackage auth-saml
* @author Piers Harding <piers@catalyst.net.nz>
* @author Catalyst IT Ltd
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL version 3 or later
* @copyright For copyright information on Mahara, please see the README file distributed with this software.
*
*/
defined('INTERNAL') || die();
spl_autoload_register(
function($classname) {
$classpath = explode('_', $classname);
if ($classpath[0] != 'SimpleSAML') {
$classpath = explode('\\', $classname);
if ($classpath[0] != 'SimpleSAML') {
return;
}
}
$filepath = get_config('docroot') . 'auth/saml/extlib/simplesamlphp/lib/' . implode('/', $classpath) . '.php';
if (file_exists($filepath)) {
require_once($filepath);
}
}
);
spl_autoload_register(
function($classname) {
$classpath = explode('_', $classname);
if ($classpath[0] != 'sspmod') {
$classpath = explode('\\', $classname);
if ($classpath[0] != 'sspmod') {
return;
}
}
array_shift($classpath);
$module = array_shift($classpath);
$filepath = get_config('docroot') . 'auth/saml/extlib/simplesamlphp/modules/$module/lib/' . implode('/', $classpath) . '.php';
if (file_exists($filepath)) {
require_once($filepath);
}
}
);
This diff is collapsed.
......@@ -11,22 +11,33 @@
defined('INTERNAL') || die();
//$string['defaultidpidentity'] = 'Default IdP identity service';
$string['certificate'] = 'SAML SP Signing and Encryption Certificate';
$string['manage_certificate'] = 'This is the certificate generated as part of the SAML SP <a href="%s">Metadata</a>.';
$string['nullprivatecert'] = "Could not generate or save the private key";
$string['nullpubliccert'] = "Could not generate or save the public certificate";
$string['defaultinstitution'] = 'Default institution';
$string['description'] = 'Authenticate against a SAML 2.0 IdP service';
$string['disco'] = 'IdP Discovery';
$string['errorbadinstitution'] = 'Institution for connecting user not resolved';
$string['errorbadssphp'] = 'Invalid SimpleSAMLphp session handler - must not be phpsession';
$string['errorbadssphplib'] = 'Invalid SimpleSAMLphp library configuration';
$string['errorbadssphpmetadata'] = 'Invalid SimpleSAMLphp configuration - no IdP metadata configured';
$string['errorbadssphpspentityid'] = 'Invalid Service Provider EntityId';
$string['errorretryexceeded'] = 'Maximum number of retries exceeded (%s) - there must be a problem with the identity service';
$string['errnosamluser'] = 'No user found';
$string['errorssphpsetup'] = 'SAML not set up correctly. Need to first run "make ssphp" from the commandline';
$string['errorbadlib'] = 'SimpleSAMLPHP lib directory %s is not correct.';
$string['errorbadconfig'] = 'SimpleSAMLPHP config directory %s is incorrect.';
$string['errorbadcombo'] = 'You can only choose user auto-creation if you have not selected remoteuser.';
$string['errorbadmetadata'] = 'Badly formed SAML metadata. Ensure XML contains one valid IdP.';
$string['errorduplicateidp'] = 'IdP (%s) already in use by another institution (%s). Ensure XML contains one valid and unique IdP.';
$string['errorbadinstitutioncombo'] = 'There is already an existing authentication instance with this institution attribute and institution value combination.';
$string['errormissinguserattributes1'] = 'You seem to be authenticated, but we did not receive the required user attributes. Please check that your Identity Provider releases the first name, surname, and email fields for SSO to %s or inform the administrator.';
$string['errorregistrationenabledwithautocreate'] = 'An institution has registration enabled. For security reasons this excludes user auto-creation.';
$string['errorremoteuser'] = 'Matching on remoteuser is mandatory if usersuniquebyusername is turned off.';
$string['IdPSelection'] = 'IdP Selection';
$string['noidpsfound'] = 'No IdPs found';
$string['institutionattribute'] = 'Institution attribute (contains "%s")';
$string['institutionidp'] = 'Institution IdP SAML Metadata';
$string['institutionvalue'] = 'Institution value to check against attribute';
$string['link'] = 'Link accounts';
$string['linkaccounts'] = 'Do you want to link remote account %s with local account %s?';
......@@ -36,9 +47,13 @@ $string['logintolinkdesc'] = '<p><b>You are currently connected with remote user
$string['institutionregex'] = 'Do partial string match with institution shortname';
$string['login'] = 'SSO';
$string['notusable'] = 'Please install the SimpleSAMLPHP SP libraries';
$string['reallyreallysure'] = "You are trying to save the SP metadata for Mahara - this cannot be undone and existing institution configured SAML logins will not work until you have reshared your new metadata with all IdPs";
$string['reset'] = 'Reset Metadata';
$string['resetmetadata'] = 'Reset the certificates for Maharas metadata - caution this cannot be undone and you will have to reshare your metadata with the IdP';
$string['samlfieldforemail'] = 'SSO field for email';
$string['samlfieldforfirstname'] = 'SSO field for first name';
$string['samlfieldforsurname'] = 'SSO field for surname';
$string['spentityid'] = "Service Provider EntityId";
$string['title'] = 'SAML';
$string['updateuserinfoonlogin'] = 'Update user details on login';
$string['userattribute'] = 'User attribute';
......@@ -46,3 +61,4 @@ $string['simplesamlphplib'] = 'SimpleSAMLPHP lib directory';
$string['simplesamlphpconfig'] = 'SimpleSAMLPHP config directory';
$string['weautocreateusers'] = 'We auto-create users';
$string['remoteuser'] = 'Match username attribute to remote username';
$string['selectidp'] = 'Please select the Identity Provider that you wish to login with.';
<!-- @license http://www.gnu.org/copyleft/gpl.html GNU GPL version 3 or later -->
<!-- @copyright For copyright information on Mahara, please see the README file distributed with this software. -->
<h3>Simple SAML PHP configuration path</h3>
<p>The fully qualified path to the configuration directory to be used for this Service Provider's (SP) Simple SAML PHP.
For example: If the full path to the config.php is /some_path_to/simplesamlphp_1_3/config/config.php
then this value should be /some_path_to/simplesamlphp_1_3/config/.</p>
<!-- @license http://www.gnu.org/copyleft/gpl.html GNU GPL version 3 or later -->
<!-- @copyright For copyright information on Mahara, please see the README file distributed with this software. -->
<h3>Simple SAML PHP library path</h3>
<p>The fully qualified path to the library directory of Simple SAML PHP.
For example: If the full path to the bootstrap autoload.php is /some_path_to/simplesamlphp_1_3/lib/_autoload.php
then this value should be /some_path_to/simplesamlphp_1_3/.</p>
<h3>Service Provider entityId</h3>
<p>This is the unique Id that identifies the Mahara instance to the Identity Provider eg: example.org/mahara</p>
This diff is collapsed.
<?php
/**
*
* @package mahara
* @subpackage auth-saml
* @author Piers Harding <piers@catalyst.net.nz>
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL version 3 or later
* @copyright For copyright information on Mahara, please see the README file distributed with this software.
*
* This file incorporates work covered by the following copyright and
* permission notice:
*
* Moodle - Modular Object-Oriented Dynamic Learning Environment
* http://moodle.com
*
* Copyright (C) 2001-3001 Martin Dougiamas http://dougiamas.com
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details:
*
* http://www.gnu.org/copyleft/gpl.html
*/
define('INTERNAL', 1);
define('PUBLIC', 1);
global $CFG, $USER, $SESSION;
require(dirname(dirname(dirname(dirname(__FILE__)))) . '/init.php');
require_once(get_config('docroot') . 'auth/saml/lib.php');
require_once(get_config('libroot') . 'institution.php');
// check that the plugin is active
if (get_field('auth_installed', 'active', 'name', 'saml') != 1) {
redirect();
}
if (!file_exists(get_config('docroot') . 'auth/saml/extlib/simplesamlphp/vendor/autoload.php')) {
throw new AuthInstanceException(get_string('errorbadssphplib', 'auth.saml'));
}
require_once(get_config('docroot') . 'auth/saml/extlib/simplesamlphp/vendor/autoload.php');
require_once(get_config('docroot') . 'auth/saml/extlib/_autoload.php');
SimpleSAML_Configuration::init(get_config('docroot') . 'auth/saml/config');
require('../extlib/simplesamlphp/modules/saml/www/disco.php');
This diff is collapsed.
<?php
/**
*
* @package mahara
* @subpackage auth-saml
* @author Piers Harding <piers@catalyst.net.nz>
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL version 3 or later
* @copyright For copyright information on Mahara, please see the README file distributed with this software.
*
* This file incorporates work covered by the following copyright and
* permission notice:
*
* Moodle - Modular Object-Oriented Dynamic Learning Environment
* http://moodle.com
*
* Copyright (C) 2001-3001 Martin Dougiamas http://dougiamas.com
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details:
*
* http://www.gnu.org/copyleft/gpl.html
*/
define('INTERNAL', 1);
define('PUBLIC', 1);
global $CFG, $USER, $SESSION;
require(dirname(dirname(dirname(dirname(__FILE__)))) . '/init.php');
require_once(get_config('docroot') . 'auth/saml/lib.php');
require_once(get_config('libroot') . 'institution.php');
// check that the plugin is active
if (get_field('auth_installed', 'active', 'name', 'saml') != 1) {
redirect();
}
if (!file_exists(get_config('docroot') . 'auth/saml/extlib/simplesamlphp/vendor/autoload.php')) {
throw new AuthInstanceException(get_string('errorbadssphplib', 'auth.saml'));
}
require_once(get_config('docroot') . 'auth/saml/extlib/simplesamlphp/vendor/autoload.php');
require_once(get_config('docroot') . 'auth/saml/extlib/_autoload.php');
SimpleSAML_Configuration::init(get_config('docroot') . 'auth/saml/config');
require('../extlib/simplesamlphp/modules/saml/www/sp/saml1-acs.php');
<?php
/**
*
* @package mahara
* @subpackage auth-saml
* @author Piers Harding <piers@catalyst.net.nz>
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL version 3 or later
* @copyright For copyright information on Mahara, please see the README file distributed with this software.
*
* This file incorporates work covered by the following copyright and
* permission notice:
*
* Moodle - Modular Object-Oriented Dynamic Learning Environment
* http://moodle.com
*
* Copyright (C) 2001-3001 Martin Dougiamas http://dougiamas.com
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details:
*
* http://www.gnu.org/copyleft/gpl.html
*/
define('INTERNAL', 1);
define('PUBLIC', 1);
global $CFG, $USER, $SESSION;
require(dirname(dirname(dirname(dirname(__FILE__)))) . '/init.php');
require_once(get_config('docroot') . 'auth/saml/lib.php');
require_once(get_config('libroot') . 'institution.php');
// check that the plugin is active
if (get_field('auth_installed', 'active', 'name', 'saml') != 1) {
redirect();
}
if (!file_exists(get_config('docroot') . 'auth/saml/extlib/simplesamlphp/vendor/autoload.php')) {
throw new AuthInstanceException(get_string('errorbadssphplib', 'auth.saml'));
}
require_once(get_config('docroot') . 'auth/saml/extlib/simplesamlphp/vendor/autoload.php');
require_once(get_config('docroot') . 'auth/saml/extlib/_autoload.php');
SimpleSAML_Configuration::init(get_config('docroot') . 'auth/saml/config');
require('../extlib/simplesamlphp/modules/saml/www/sp/saml2-acs.php');
<?php
/**
*
* @package mahara
* @subpackage auth-saml
* @author Piers Harding <piers@catalyst.net.nz>
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL version 3 or later
* @copyright For copyright information on Mahara, please see the README file distributed with this software.
*
* This file incorporates work covered by the following copyright and
* permission notice:
*
* Moodle - Modular Object-Oriented Dynamic Learning Environment
* http://moodle.com
*
* Copyright (C) 2001-3001 Martin Dougiamas http://dougiamas.com
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details:
*
* http://www.gnu.org/copyleft/gpl.html
*/
define('INTERNAL', 1);
define('PUBLIC', 1);
global $CFG, $USER, $SESSION;
require(dirname(dirname(dirname(dirname(__FILE__)))) . '/init.php');
require_once(get_config('docroot') . 'auth/saml/lib.php');
require_once(get_config('libroot') . 'institution.php');
// check that the plugin is active
if (get_field('auth_installed', 'active', 'name', 'saml') != 1) {
redirect();
}
if (!file_exists(get_config('docroot') . 'auth/saml/extlib/simplesamlphp/vendor/autoload.php')) {
throw new AuthInstanceException(get_string('errorbadssphplib', 'auth.saml'));
}
require_once(get_config('docroot') . 'auth/saml/extlib/simplesamlphp/vendor/autoload.php');
require_once(get_config('docroot') . 'auth/saml/extlib/_autoload.php');
SimpleSAML_Configuration::init(get_config('docroot') . 'auth/saml/config');
require('../extlib/simplesamlphp/modules/saml/www/sp/saml2-logout.php');
......@@ -11,8 +11,8 @@
defined('INTERNAL') || die();
$config = new StdClass;
$config->version = 2009072000;
$config->release = '1.1.0';
$config->version = 2016062900;
$config->release = '1.2.0';
$config->name = 'saml';
$config->requires_config = 1;
$config->requires_parent = 0;
{include file="header.tpl"}
{if $idps}
<p class="lead">{str tag=selectidp section=auth.saml}</p>
{/if}
<div id="idps" class="section panel panel-default">
<h2 class="panel-heading" id="idpsheading">{str tag="IdPSelection" section=auth.saml}</h2>
{if $idps}
<div class="table-responsive">
<table id="searchidps" class="table table-striped listing">
<thead>
<tr>
{foreach from=$columns key=f item=c}
<th>
{$c.name}
{if $c.help}
{$c.helplink|safe}
{/if}
{if $c.headhtml}<div style="font-weight: normal;">{$c.headhtml|safe}</div>{/if}
</th>
{/foreach}
</tr>
</thead>
<tbody>
{$idps|safe}
</tbody>
</table>
</div>
{else}
<div class="panel-body">
<p class="no-idps">{str tag="noidpsfound" section=auth.saml}</p>
</div>
{/if}
</div>
{include file="footer.tpl"}
<a href="{$WWWROOT}auth/saml/index.php?idpentityid={$r.idpentityid}" title="{$r.description}">{$r.description}</a>
\ No newline at end of file
{foreach from=$results.data item=r}
<tr class="{cycle values='r0,r1'}">
{foreach from=$cols key=f item=c}
{strip}
{if !$c.mergelast}
<td{if $c.class} class="{$c.class}"{/if}>
{/if}
{if !$c.template}
{$r[$f]}
{else}
{include file=$c.template r=$r f=$f}
{/if}
{if !$c.mergefirst}
</td>
{/if}
{/strip}
{/foreach}
</tr>
{/foreach}
\ No newline at end of file
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment