View source
<?php
function shib_auth_help($path, $arg) {
$output = '';
switch ($path) {
case 'admin/help#shib_auth':
$output = '<p>' . t("The Shibboleth authentication module let you utilize the advantages of the Single Sign On (SSO) methods.") . '</p>';
break;
}
return $output;
}
function shib_auth_init() {
global $user;
$unameVar = variable_get('shib_auth_username_variable', 'REMOTE_USER');
$umailVar = variable_get('shib_auth_username_email', 'HTTP_SHIB_MAIL');
if (!$user->uid && $_SERVER['HTTP_SHIB_IDENTITY_PROVIDER']) {
if ($_SERVER[$unameVar] && $_SERVER[$umailVar]) {
user_external_login_register($_SERVER[$unameVar], "shib_auth");
}
else {
drupal_set_message(t("Username or e-mail address is missing. Maybe the Shibboleth configuration is not perfect."), "error");
}
}
if ($user->uid && $_SERVER['HTTP_SHIB_IDENTITY_PROVIDER']) {
$account = user_save($user, array(
'mail' => $_SERVER[$umailVar],
));
if (!$account) {
drupal_set_message(t("Error saving user account."), 'error');
return;
}
$user = $account;
}
}
function shib_auth_user($op, &$edit, &$account, $category = NULL) {
global $base_url, $user;
if ($op == "logout") {
$handlerURL = variable_get('shib_auth_handler_url', '/Shibboleth.sso');
$handlerProtocol = variable_get('shib_auth_handler_protocol', 'https');
if (ereg("^http[s]{0,1}://", $handlerURL)) {
$logoutHandler = $handlerURL . "/Logout";
}
else {
if (!ereg("^/", $handlerURL)) {
$handlerURL = "/" . $handlerURL;
}
$logoutHandler = $handlerProtocol . "://" . $_SERVER['HTTP_HOST'] . $handlerURL . "/Logout";
}
drupal_goto("{$logoutHandler}?return={$base_url}");
}
}
function shib_auth_perm() {
return array(
'administer shibboleth authentication',
);
}
function generate_login_text() {
global $base_url, $user;
if (!$user->uid) {
$handlerURL = variable_get('shib_auth_handler_url', '/Shibboleth.sso');
$handlerProtocol = variable_get('shib_auth_handler_protocol', 'https');
$wayfURI = variable_get('shib_auth_wayf_uri', '/WAYF/HREF');
if (!ereg("^/", $wayfURI)) {
$wayfURI = "/" . $wayfURI;
}
$handler = '';
$block_content = '';
if (ereg("^http[s]{0,1}://", $handlerURL)) {
$handler = $handlerURL . $wayfURI;
}
else {
if (!ereg("^/", $handlerURL)) {
$handlerURL = "/" . $handlerURL;
}
$handler = $handlerProtocol . "://" . $_SERVER['HTTP_HOST'] . $handlerURL . $wayfURI;
}
$actualLocation = (isset($_SERVER['HTTPS']) ? 'https' : 'http') . '://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
$block_content .= "<p><b><a href=\"{$handler}?target={$actualLocation}\">" . t('Click here to login via Shibboleth!') . "</a></b></p>";
return $block_content;
}
}
function shib_auth_block($op = 'list', $delta = 0, $edit = array()) {
switch ($op) {
case "list":
$blocks[0] = array(
'info' => t('Shibboleth authentication'),
'status' => TRUE,
'visibility' => 1,
'weight' => 0,
'region' => 'left',
);
return $blocks;
case "view":
default:
switch ($delta) {
case 0:
$block = array(
'subject' => t('Shibboleth login'),
'content' => generate_login_text(),
);
break;
}
return $block;
}
}
function shib_auth_admin() {
$form = array();
$form['shib_handler_settings'] = array(
'#type' => 'fieldset',
'#title' => t('Shibboleth handler settings'),
'#weight' => 0,
'#collapsible' => FALSE,
);
$form['shib_attribute_settings'] = array(
'#type' => 'fieldset',
'#title' => t('Attribute settings'),
'#weight' => 0,
'#collapsible' => FALSE,
);
$form['shib_handler_settings']['shib_auth_handler_url'] = array(
'#type' => 'textfield',
'#title' => t('The Shibboleth handler\'s URL:'),
'#default_value' => variable_get('shib_auth_handler_url', '/Shibboleth.sso'),
'#description' => t('The URL can be absolute or relative to the server base url: http://www.example.com/Shibboleth.sso; /Shibboleth.sso'),
);
$form['shib_handler_settings']['shib_auth_handler_protocol'] = array(
'#type' => 'select',
'#title' => t('The Shibboleth handler\'s protocol:'),
'#default_value' => variable_get('shib_auth_handler_protocol', 'https'),
'#options' => array(
'http' => t('HTTP'),
'https' => t('HTTPS'),
),
'#description' => t('This option will be effective just if the handler URL is a relative path.'),
);
$form['shib_handler_settings']['shib_auth_wayf_uri'] = array(
'#type' => 'textfield',
'#title' => t('The WAYF\'s location:'),
'#default_value' => variable_get('shib_auth_wayf_uri', '/WAYF/HREF'),
);
$form['shib_attribute_settings']['shib_auth_username_variable'] = array(
'#type' => 'textfield',
'#title' => t('Server variable whick stores the username:'),
'#default_value' => variable_get('shib_auth_username_variable', 'REMOTE_USER'),
);
$form['shib_attribute_settings']['shib_auth_username_email'] = array(
'#type' => 'textfield',
'#title' => t('Server variable whick stores the e-mail address:'),
'#default_value' => variable_get('shib_auth_username_email', 'HTTP_SHIB_MAIL'),
);
return system_settings_form($form);
}
function shib_auth_menu() {
$items = array();
$items['admin/user/shib_auth'] = array(
'title' => t('Shibboleth settings'),
'description' => t('Control the various settings of the shibboleth authentication module'),
'page callback' => 'drupal_get_form',
'page arguments' => array(
'shib_auth_admin',
),
'access arguments' => array(
'administer shibboleth authentication',
),
'type' => MENU_NORMAL_ITEM,
);
return $items;
}
function shib_auth_form_alter(&$form, &$form_state, $form_id) {
if ($form_id == 'user_login') {
$form['shibboleth'] = array(
'#type' => 'hidden',
'#weight' => -1,
'#prefix' => generate_login_text(),
'#suffix' => '',
);
}
}