-
Notifications
You must be signed in to change notification settings - Fork 1
/
openam_authentication.php
71 lines (60 loc) · 2.19 KB
/
openam_authentication.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
<?php
/**
* OpenAM Authentication
*
* Use OpenAM cookie (by default iPlanetDirectory) as password. Your IMAP server must be configured
* to support token authentication, for example by using https://github.com/OpenCSI/pam_openam
*
* Configuration:
* // redirect the client to this URL after logout. This page is then responsible to clear HTTP auth
* $rcmail_config['logout_url'] = 'https://sso.opencsi.com/openam/UI/Logout';
*
* @version @package_version@
* @license GNU GPLv3+
* @author Bruno Bonfils
* @author Thomas Bruederli
*/
class openam_authentication extends rcube_plugin
{
public $task = 'login|logout';
public $cookieName = 'iPlanetDirectoryPro';
public $userName = 'HTTP_USER_EMAIL'; /* Add HTTP_ as prefix of the variable you defined in OpenAM */
function init()
{
write_log('userlogins', 'OpenAM authentication module called');
$this->add_hook('startup', array($this, 'startup'));
$this->add_hook('authenticate', array($this, 'authenticate'));
$this->add_hook('logout_after', array($this, 'logout'));
}
function startup($args)
{
// change action to login
if (empty($args['action']) && empty($_SESSION['user_id'])
&& !empty($_SERVER[$this->userName]) && !empty($_COOKIE[$this->cookieName]))
$args['action'] = 'login';
return $args;
}
function authenticate($args)
{
write_log('userlogins', sprintf('Trying to authenticate %s with token %s', $_SERVER[$this->userName], $_COOKIE[$this->cookieName]));
// Allow entering other user data in login form,
// e.g. after log out (#1487953)
if (!empty($args['user'])) {
return $args;
}
if (!empty($_SERVER[$this->userName]) && !empty($_COOKIE[$this->cookieName])) {
$args['user'] = $_SERVER[$this->userName];
$args['pass'] = $_COOKIE[$this->cookieName];
}
$args['cookiecheck'] = false;
$args['valid'] = true;
return $args;
}
function logout($args)
{
// redirect to configured URL in order to clear HTTP auth credentials
if (!empty($_SERVER[$this->userName]) && $args['user'] == $_SERVER[$this->userName] && ($url = rcmail::get_instance()->config->get('logout_url'))) {
header("Location: $url", true, 307);
}
}
}