mirror of
https://github.com/Combodo/iTop.git
synced 2026-02-13 07:24:13 +01:00
CAS integration: added support of JA-SIG Central Authentication Service (CAS) with log-off support, using phpCAS API.
SVN:trunk[1280]
This commit is contained in:
Denis Flaven
@@ -144,7 +144,7 @@ class iTopWebPage extends NiceWebPage
|
||||
// that the tabs aren't changed on click, and any custom event name can be
|
||||
// specified. Note that if you define a callback for the 'select' event, it
|
||||
// will be executed for the selected tab whenever the hash changes.
|
||||
tabs.tabs({ event: 'change' });
|
||||
tabs.tabs({ event: 'change'});
|
||||
}
|
||||
catch(err)
|
||||
{
|
||||
@@ -665,7 +665,7 @@ EOF
|
||||
$sLogOffMenu = "<span id=\"logOffBtn\"><ul><li><img src=\"../images/onOffBtn.png\"><ul>";
|
||||
$sLogOffMenu .= "<li><span>$sLogonMessage</span></li>\n";
|
||||
|
||||
if (utils::CanLogOff() && UserRights::CanLogOff())
|
||||
if (utils::CanLogOff())
|
||||
{
|
||||
//$sLogOffMenu .= "<li><a href=\"../pages/UI.php?loginop=logoff\">".Dict::S('UI:LogOffMenu')."</a></li>\n";
|
||||
$sLogOffMenu .= "<li><a href=\"../pages/logoff.php\">".Dict::S('UI:LogOffMenu')."</a></li>\n";
|
||||
|
||||
@@ -27,8 +27,9 @@ require_once(APPROOT."/application/nicewebpage.class.inc.php");
|
||||
/**
|
||||
* Web page used for displaying the login form
|
||||
*/
|
||||
|
||||
class LoginWebPage extends NiceWebPage
|
||||
{
|
||||
{
|
||||
public function __construct()
|
||||
{
|
||||
parent::__construct("iTop Login");
|
||||
@@ -93,36 +94,7 @@ EOF
|
||||
switch($sLoginType)
|
||||
{
|
||||
case 'cas':
|
||||
$sCASIncludePath = MetaModel::GetConfig()->Get('cas_include_path');
|
||||
include_once($sCASIncludePath.'/CAS.php');
|
||||
|
||||
$bCASDebug = MetaModel::GetConfig()->Get('cas_debug');
|
||||
if ($bCASDebug)
|
||||
{
|
||||
phpCAS::setDebug(APPROOT.'/error.log');
|
||||
}
|
||||
|
||||
// Initialize phpCAS
|
||||
$sCASVersion = MetaModel::GetConfig()->Get('cas_version');
|
||||
$sCASHost = MetaModel::GetConfig()->Get('cas_host');
|
||||
$iCASPort = MetaModel::GetConfig()->Get('cas_port');
|
||||
$sCASContext = MetaModel::GetConfig()->Get('cas_context');
|
||||
phpCAS::client(CAS_VERSION_2_0, $sCASHost, $iCASPort, $sCASContext);
|
||||
|
||||
$sCASCACertPath = MetaModel::GetConfig()->Get('cas_server_ca_cert_path');
|
||||
if (empty($sCASCACertPath))
|
||||
{
|
||||
// If no certificate authority is provided, do not attempt to validate
|
||||
// the server's certificate
|
||||
// THIS SETTING IS NOT RECOMMENDED FOR PRODUCTION.
|
||||
// VALIDATING THE CAS SERVER IS CRUCIAL TO THE SECURITY OF THE CAS PROTOCOL!
|
||||
phpCAS::setNoCasServerValidation();
|
||||
}
|
||||
else
|
||||
{
|
||||
phpCAS::setCasServerCACert($sCASCACertPath);
|
||||
}
|
||||
|
||||
utils::InitCASClient();
|
||||
// force CAS authentication
|
||||
phpCAS::forceAuthentication(); // Will redirect the user and exit since the user is not yet authenticated
|
||||
break;
|
||||
@@ -277,36 +249,7 @@ EOF
|
||||
switch($sLoginType)
|
||||
{
|
||||
case 'cas':
|
||||
$sCASIncludePath = MetaModel::GetConfig()->Get('cas_include_path');
|
||||
include_once($sCASIncludePath.'/CAS.php');
|
||||
|
||||
$bCASDebug = MetaModel::GetConfig()->Get('cas_debug');
|
||||
if ($bCASDebug)
|
||||
{
|
||||
phpCAS::setDebug(APPROOT.'/error.log');
|
||||
}
|
||||
|
||||
// Initialize phpCAS
|
||||
$sCASVersion = MetaModel::GetConfig()->Get('cas_version');
|
||||
$sCASHost = MetaModel::GetConfig()->Get('cas_host');
|
||||
$iCASPort = MetaModel::GetConfig()->Get('cas_port');
|
||||
$sCASContext = MetaModel::GetConfig()->Get('cas_context');
|
||||
phpCAS::client(CAS_VERSION_2_0, $sCASHost, $iCASPort, $sCASContext);
|
||||
|
||||
$sCASCACertPath = MetaModel::GetConfig()->Get('cas_server_ca_cert_path');
|
||||
if (empty($sCASCACertPath))
|
||||
{
|
||||
// If no certificate authority is provided, do not attempt to validate
|
||||
// the server's certificate
|
||||
// THIS SETTING IS NOT RECOMMENDED FOR PRODUCTION.
|
||||
// VALIDATING THE CAS SERVER IS CRUCIAL TO THE SECURITY OF THE CAS PROTOCOL!
|
||||
phpCAS::setNoCasServerValidation();
|
||||
}
|
||||
else
|
||||
{
|
||||
phpCAS::setCasServerCACert($sCASCACertPath);
|
||||
}
|
||||
|
||||
utils::InitCASClient();
|
||||
// check CAS authentication
|
||||
if (phpCAS::isAuthenticated())
|
||||
{
|
||||
|
||||
@@ -41,6 +41,7 @@ class utils
|
||||
{
|
||||
private static $m_sConfigFile = ITOP_CONFIG_FILE;
|
||||
private static $m_oConfig = null;
|
||||
private static $m_bCASClient = false;
|
||||
|
||||
// Parameters loaded from a file, parameters of the page/command line still have precedence
|
||||
private static $m_aParamsFromFile = null;
|
||||
@@ -416,7 +417,65 @@ class utils
|
||||
*/
|
||||
static function CanLogOff()
|
||||
{
|
||||
return (isset($_SESSION['login_mode']) && $_SESSION['login_mode'] == 'form');
|
||||
$bResult = false;
|
||||
if(isset($_SESSION['login_mode']))
|
||||
{
|
||||
$sLoginMode = $_SESSION['login_mode'];
|
||||
switch($sLoginMode)
|
||||
{
|
||||
case 'external':
|
||||
$bResult = false;
|
||||
break;
|
||||
|
||||
case 'form':
|
||||
case 'basic':
|
||||
case 'url':
|
||||
case 'cas':
|
||||
default:
|
||||
$bResult = true;
|
||||
|
||||
}
|
||||
}
|
||||
return $bResult;
|
||||
}
|
||||
|
||||
/**
|
||||
* Initializes the CAS client
|
||||
*/
|
||||
static function InitCASClient()
|
||||
{
|
||||
$sCASIncludePath = MetaModel::GetConfig()->Get('cas_include_path');
|
||||
include_once($sCASIncludePath.'/CAS.php');
|
||||
|
||||
$bCASDebug = MetaModel::GetConfig()->Get('cas_debug');
|
||||
if ($bCASDebug)
|
||||
{
|
||||
phpCAS::setDebug(APPROOT.'/error.log');
|
||||
}
|
||||
|
||||
if (!self::$m_bCASClient)
|
||||
{
|
||||
// Initialize phpCAS
|
||||
$sCASVersion = MetaModel::GetConfig()->Get('cas_version');
|
||||
$sCASHost = MetaModel::GetConfig()->Get('cas_host');
|
||||
$iCASPort = MetaModel::GetConfig()->Get('cas_port');
|
||||
$sCASContext = MetaModel::GetConfig()->Get('cas_context');
|
||||
phpCAS::client($sCASVersion, $sCASHost, $iCASPort, $sCASContext, false /* session already started */);
|
||||
self::$m_bCASClient = true;
|
||||
$sCASCACertPath = MetaModel::GetConfig()->Get('cas_server_ca_cert_path');
|
||||
if (empty($sCASCACertPath))
|
||||
{
|
||||
// If no certificate authority is provided, do not attempt to validate
|
||||
// the server's certificate
|
||||
// THIS SETTING IS NOT RECOMMENDED FOR PRODUCTION.
|
||||
// VALIDATING THE CAS SERVER IS CRUCIAL TO THE SECURITY OF THE CAS PROTOCOL!
|
||||
phpCAS::setNoCasServerValidation();
|
||||
}
|
||||
else
|
||||
{
|
||||
phpCAS::setCasServerCACert($sCASCACertPath);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
?>
|
||||
|
||||
@@ -405,18 +405,6 @@ class UserRights
|
||||
}
|
||||
}
|
||||
|
||||
public static function CanLogOff()
|
||||
{
|
||||
if (!is_null(self::$m_oUser))
|
||||
{
|
||||
return self::$m_oUser->CanLogOff();
|
||||
}
|
||||
else
|
||||
{
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
public static function ChangePassword($sOldPassword, $sNewPassword, $sName = '')
|
||||
{
|
||||
if (empty($sName))
|
||||
|
||||
@@ -79,12 +79,6 @@ class UserExternal extends User
|
||||
return false;
|
||||
}
|
||||
|
||||
public function CanLogOff()
|
||||
{
|
||||
// External authentication: iTop has no way to force a log off
|
||||
return false;
|
||||
}
|
||||
|
||||
public function ChangePassword($sOldPassword, $sNewPassword)
|
||||
{
|
||||
return false;
|
||||
|
||||
@@ -158,12 +158,6 @@ class UserLDAP extends UserInternal
|
||||
return false;
|
||||
}
|
||||
|
||||
public function CanLogOff()
|
||||
{
|
||||
// Internal authentication allows everybody to log off
|
||||
return true;
|
||||
}
|
||||
|
||||
public function ChangePassword($sOldPassword, $sNewPassword)
|
||||
{
|
||||
return false;
|
||||
|
||||
@@ -77,12 +77,6 @@ class UserLocal extends UserInternal
|
||||
return true;
|
||||
}
|
||||
|
||||
public function CanLogOff()
|
||||
{
|
||||
// Internal authentication allows everybody to log off
|
||||
return true;
|
||||
}
|
||||
|
||||
public function ChangePassword($sOldPassword, $sNewPassword)
|
||||
{
|
||||
$oPassword = $this->Get('password'); // ormPassword object
|
||||
|
||||
@@ -27,21 +27,31 @@ $operation = utils::ReadParam('operation', '');
|
||||
require_once(APPROOT.'/application/loginwebpage.class.inc.php');
|
||||
session_name(MetaModel::GetConfig()->Get('session_name'));
|
||||
session_start();
|
||||
$bPortal = utils::ReadParam('portal', false);
|
||||
$sUrl = utils::GetAbsoluteUrlAppRoot('pages/logoff.php');
|
||||
if ($bPortal)
|
||||
{
|
||||
$sUrl .= 'portal/';
|
||||
}
|
||||
else
|
||||
{
|
||||
$sUrl .= 'pages/UI.php';
|
||||
}
|
||||
$sLoginMode = isset($_SESSION['login_mode']) ? $_SESSION['login_mode'] : '';
|
||||
LoginWebPage::ResetSession();
|
||||
switch($sLoginMode)
|
||||
{
|
||||
case 'cas':
|
||||
utils::InitCASClient();
|
||||
phpCAS::logoutWithUrl($sUrl); // Redirects to the CAS logout page
|
||||
break;
|
||||
}
|
||||
$oPage = new LoginWebPage();
|
||||
$sVersionShort = Dict::Format('UI:iTopVersion:Short', ITOP_VERSION);
|
||||
$oPage->add("<div id=\"login-logo\"><a href=\"http://www.combodo.com/itop\"><img title=\"$sVersionShort\" src=\"../images/itop-logo-external.png\"></a></div>\n");
|
||||
$oPage->add("<div id=\"login\">\n");
|
||||
$oPage->add("<h1>".Dict::S('UI:LogOff:ThankYou')."</h1>\n");
|
||||
$bPortal = utils::ReadParam('portal', false);
|
||||
if ($bPortal)
|
||||
{
|
||||
$sUrl = '../portal/';
|
||||
}
|
||||
else
|
||||
{
|
||||
$sUrl = '../pages/UI.php';
|
||||
}
|
||||
|
||||
$oPage->add("<p><a href=\"$sUrl\">".Dict::S('UI:LogOff:ClickHereToLoginAgain')."</a></p>");
|
||||
$oPage->add("</div>\n");
|
||||
$oPage->output();
|
||||
|
||||
Reference in New Issue
Block a user