Adding demo server when using SSO see BT#4158

14 years ago · c62c51c70a
parent baf424b2a5
commit c62c51c70a
2 changed files with 115 additions and 16 deletions
--- a/main/auth/sso/sso_server_test.php
+++ b/main/auth/sso/sso_server_test.php
@ -0,0 +1,89 @@
+<?php
+/* 
+  SSO sample
+  
+  This is the "server" of my institution/university authentification "code"
+  
+  1. Active all the SSO option in your Chamilo installation: main/admin/settings.php?category=Security
+  2. Make sure this script is located in the index page of the server you fill in the  "Domain of the Single Sign On server" Chamilo setting
+     For example this script must be located in example.com/index.php if you set the "Domain of the Single Sign On server" = example.com
+  3. Create a user in chamilo and in your external system with login = "joe" and password = "doe"  
+  4. Remember this is just a sample! Check the chamilo drupal extension for more information: 
+     http://drupal.org/node/817682
+  5. See the main/auth/sso.class.php library for more details
+*/
+
+
+//This page will be loaded when entering to the Chamilo site if the SSO option was set in step 1.
+
+//Getting the chamilo server
+$my_chamilo_server = filter_xss($_SERVER['HTTP_HOST']);
+
+//Correct user values - we asume that this user exists in both systems
+$correct_user = 'john';
+$correct_pass = 'doe';
+
+$account = array();
+
+if (isset($_SESSION['my_server_user_session'])) {
+    //validate if the user is already logged in my external system in order to redirect to chamilo
+}
+
+//Login process
+        
+if (isset($_POST['user']) && isset($_POST['password'])) {
+    if ($_POST['user'] == $correct_user && $_POST['password'] == $correct_pass) {
+    
+        // You have to add here your server validations
+        
+        $account['name'] = 'john';
+        $account['pass'] = 'doe';
+        
+        $master_auth_uri = $my_chamilo_server . '?q=user';
+
+        // Creating an array cookie that will be sent to Chamilo
+        $sso = array(
+            'username'          => $account['name'],
+            'secret'            => sha1($account['pass']),
+            'master_domain'     => $my_chamilo_server,
+            'master_auth_uri'   => $master_auth_uri,
+            'lifetime'          => time() + 3600,
+            'target'            => filter_xss($_GET['sso_target']),
+        );
+
+        $cookie = base64_encode(serialize($sso));
+        $url = chamilo_sso_protocol() . $master_auth_uri;
+        $params = 'sso_referer='. urlencode($url) .'&sso_cookie='. urlencode($cookie);
+        $final_url = filter_xss($_GET['sso_referer']) .'?'. $params;
+        
+        //If your user exists redirect to chamilo and set the account in a session to check it later        
+        $_SESSION['my_server_user_session'] = $account;
+        
+        //Redirect to chamilo
+        header('Location: '.$final_url);
+    } else {
+        echo '<h2>Wrong parameters</h2>';
+    }
+}
+
+if (isset($_POST['logout'])) {
+    //echo do something to logout
+}
+
+function filter_xss($val) {
+    //do some cleaning
+    return $val;
+}
+
+function chamilo_sso_protocol() {
+    //get the sso_protocol from chamilo using webservices
+    return 'http://';
+}
+?>
+<html>
+    <form method="post">
+        User <input name="user" value="<?php echo $correct_user; ?>">
+        Pass <input name="password" value="<?php echo $correct_pass; ?>">
+        <input type="submit" value="Login">
+    </form>
+</html>
--- a/main/webservices/test.php
+++ b/main/webservices/test.php
@ -1,17 +1,23 @@
 <?php
-die(); //remove to enable - incomplete script anyway
+exit;
+
+require_once '../inc/global.inc.php';
 require_once '../inc/lib/nusoap/nusoap.php';
 require_once '../inc/conf/configuration.php';
+
 ?>
 <html>
 <body>
 <div class="results">
 <?php
-$server = $_configuration['root_web'].'main/webservices/';
-$serversys = $_configuration['root_sys'].'main/webservices/';
+$server = api_get_path(WEB_CODE_PATH).'webservices/';
+$serversys = api_get_path(SYS_CODE_PATH).'webservices/';
 //$script = 'registration.soap.php';
-$script = $_POST['script'];
+$script = isset($_POST['script']) ? $_POST['script'] : false;
+$function = isset($_POST['function']) ? $_POST['function'] : false;
+
 $contact= $server.$script.'?wsdl';
+
 $client = new nusoap_client($contact);
 $err = $client->getError();
 if ($err) {
@ -20,34 +26,38 @@ if ($err) {
    // At this point, you know the call that follows will fail
 }
 $response = array();
-if (!empty($_POST['function'])) {
-  $response = $client->call($_POST['function']);
-  echo '<pre>#';
-  print_r($response);
-  echo '#</pre>';
+if (!empty($function)) {
+    $response = $client->call($function);
+    echo '<pre>';
+    print_r($response);
+    echo '#</pre>';
+} else {
+    echo "empty function $function";
 }
+
 $list = scandir($serversys);
 $scripts = array();
 foreach ($list as $item) {
-  if (substr($item,0,1) == '.') { continue; }
-  if (substr($item,-8)=='soap.php') {
-    $scripts[] = $item;
-  }
+    if (substr($item,0,1) == '.') { continue; }
+    if (substr($item,-8)=='soap.php') {
+        $scripts[] = $item;
+    }
 }
 ?>
 </div>
+    
 <form method="POST" action="">
 <label for="script">Script</label>
 <select name="script">
 <?php 
 foreach ($scripts as $script) {
-  echo '<option value="'.$script.'">'.$script.'</script>';
+    echo '<option value="'.$script.'">'.$script.'</script>';
 }
 ?>
 </select><br />
 <label for="function">Function</label>
-<input type="text" name="function" value="<?php echo $_POST['function'];?>"></input><br />
+<input type="text" name="function" value="<?php echo $function;?>"></input><br />
 <label for="param[0]">Param 0</label>
-<input type="text" name="param[0]" value="<?php echo $_POST['param'][0];?>"></input><br />
+<input type="text" name="param[0]" ></input><br />
 <input type="submit" name="submit" value="Send"/>
 </form>