auto create groupe sso

This commit is contained in:
afornerot 2020-09-30 14:56:00 +02:00
parent 923c6c0b42
commit 6f77194ae5
3 changed files with 87 additions and 3 deletions

View File

@ -84,6 +84,9 @@
<variable type='string' name='ninegate_mode_auth' description="Mode Authentification" mandatory='True'><value>CAS</value></variable> <variable type='string' name='ninegate_mode_auth' description="Mode Authentification" mandatory='True'><value>CAS</value></variable>
<variable type='string' name='ninegate_api_key' description="Clé d'accès API" mandatory='True'><value>APIKeyNinegate</value></variable> <variable type='string' name='ninegate_api_key' description="Clé d'accès API" mandatory='True'><value>APIKeyNinegate</value></variable>
<variable type='oui/non' name='ninegate_ssosynchrogroup' description="Générer automatiquement les groupes en fonction d'un attribut SSO"><value>oui</value></variable>
<variable type='string' name='ninegate_ssoreqgroup' description="Attribut SSO associé à la notion de groupe" mandatory='True'><value>user_groups</value></variable>
<variable type='oui/non' name='ninegate_syncldap' description="Synchroniser Ninegate vers votre Annuaire CadolesLDAP"><value>non</value></variable> <variable type='oui/non' name='ninegate_syncldap' description="Synchroniser Ninegate vers votre Annuaire CadolesLDAP"><value>non</value></variable>
<variable type='string' name='ninegate_ldaptemplate' description="Modèle d'annuaire"><value>scribe</value></variable> <variable type='string' name='ninegate_ldaptemplate' description="Modèle d'annuaire"><value>scribe</value></variable>
<variable type='oui/non' name='ninegate_scribegroup' description="Considérer les classes/options comme des groupes de travail"><value>oui</value></variable> <variable type='oui/non' name='ninegate_scribegroup' description="Considérer les classes/options comme des groupes de travail"><value>oui</value></variable>
@ -92,7 +95,6 @@
<variable type='oui/non' name='ninegate_openldapsynchrogroup' description="Générer automatiquement les groupes en fonction de votre annuaire"><value>oui</value></variable> <variable type='oui/non' name='ninegate_openldapsynchrogroup' description="Générer automatiquement les groupes en fonction de votre annuaire"><value>oui</value></variable>
<variable type='string' name='ninegate_openldapreqgroup' description="Générer automatiquement les groupes en fonction de votre annuaire" mandatory='True'><value>(objectClass=posixGroup)</value></variable> <variable type='string' name='ninegate_openldapreqgroup' description="Générer automatiquement les groupes en fonction de votre annuaire" mandatory='True'><value>(objectClass=posixGroup)</value></variable>
<variable type='string' name='ninegate_pwdadmin' description="Mot de passe du compte admin durant l'instance (idem valeur Cadoles ldap)" mandatory='True'><value></value></variable> <variable type='string' name='ninegate_pwdadmin' description="Mot de passe du compte admin durant l'instance (idem valeur Cadoles ldap)" mandatory='True'><value></value></variable>
<variable type='string' name='ninegate_organization' description="Nom de l'organisation principale (idem valeur Cadoles ldap)" mandatory='True'><value></value></variable> <variable type='string' name='ninegate_organization' description="Nom de l'organisation principale (idem valeur Cadoles ldap)" mandatory='True'><value></value></variable>
<variable type='string' name='ninegate_niveau01branche' description="Nom de la branche de Niveau 01 (idem valeur Cadoles ldap)" mandatory='True'><value>niveau01</value></variable> <variable type='string' name='ninegate_niveau01branche' description="Nom de la branche de Niveau 01 (idem valeur Cadoles ldap)" mandatory='True'><value>niveau01</value></variable>
@ -427,6 +429,8 @@
<target type='variable'>ninegate_mode_auth</target> <target type='variable'>ninegate_mode_auth</target>
<target type='variable'>ninegate_api_key</target> <target type='variable'>ninegate_api_key</target>
<target type='variable'>ninegate_ssosynchrogroup</target>
<target type='variable'>ninegate_ssoreqgroup</target>
<target type='variable'>ninegate_syncldap</target> <target type='variable'>ninegate_syncldap</target>
<target type='variable'>ninegate_ldaptemplate</target> <target type='variable'>ninegate_ldaptemplate</target>
@ -514,6 +518,14 @@
<target type='variable'>ninegate_test_conf_cadolesldap</target> <target type='variable'>ninegate_test_conf_cadolesldap</target>
</condition> </condition>
<condition name='hidden_if_in' source='ninegate_masteridentity'>
<param>SQL</param>
<param>LDAP</param>
<target type='variable'>ninegate_ssosynchrogroup</target>
<target type='variable'>ninegate_ssoreqgroup</target>
</condition>
<condition name='hidden_if_in' source='ninegate_syncldap'> <condition name='hidden_if_in' source='ninegate_syncldap'>
<param>non</param> <param>non</param>
@ -572,7 +584,12 @@
<param name='mismatch'>non</param> <param name='mismatch'>non</param>
</auto> </auto>
<!-- AFFICHAGE EN FONCTION DE SSO SYNCHRO GROUPE -->
<condition name='hidden_if_in' source='ninegate_ssosynchrogroup'>
<param>non</param>
<target type='variable'>ninegate_ssoreqgroup</target>
</condition>
<!-- AFFICHAGE EN FONCTION DE CADOLESLDAP --> <!-- AFFICHAGE EN FONCTION DE CADOLESLDAP -->
<fill name='calc_val' target='ninegate_pwdadmin'> <fill name='calc_val' target='ninegate_pwdadmin'>
@ -620,7 +637,7 @@
<target type='variable'>ninegate_openldapreqgroup</target> <target type='variable'>ninegate_openldapreqgroup</target>
</condition> </condition>
<!-- AFFICHAGE EN FONCTION DU MODULE PORTAL --> <!-- AFFICHAGE EN FONCTION DU LDAP SYNCHRO GROUP -->
<condition name='hidden_if_in' source='ninegate_openldapsynchrogroup'> <condition name='hidden_if_in' source='ninegate_openldapsynchrogroup'>
<param>non</param> <param>non</param>

View File

@ -11,6 +11,7 @@ use Symfony\Component\EventDispatcher\EventDispatcher;
use Symfony\Component\Routing\Generator\UrlGeneratorInterface; use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
use Cadoles\CoreBundle\Entity\User; use Cadoles\CoreBundle\Entity\User;
use Cadoles\CoreBundle\Entity\Group;
class SecurityController extends Controller class SecurityController extends Controller
{ {
@ -99,9 +100,15 @@ class SecurityController extends Controller
$user->setAuthlevel("simple"); $user->setAuthlevel("simple");
$user->setRole("ROLE_USER"); $user->setRole("ROLE_USER");
if(in_array($username,$this->getParameter("ldap_usersadmin")))
$user->setRole("ROLE_ADMIN");
$em->persist($user); $em->persist($user);
$em->flush(); $em->flush();
// Génération auto des groupes
$this->submitGroup($attributes);
// On calcule les groupes de l'utilisateur // On calcule les groupes de l'utilisateur
$user=$em->getRepository('CadolesCoreBundle:Group')->calculateGroup($user,$attributes); $user=$em->getRepository('CadolesCoreBundle:Group')->calculateGroup($user,$attributes);
@ -122,6 +129,11 @@ class SecurityController extends Controller
$user->setFirstname($firstname); $user->setFirstname($firstname);
$user->setEmail($email); $user->setEmail($email);
if(!$sameniveau01) $user->setNiveau02(null); if(!$sameniveau01) $user->setNiveau02(null);
if(in_array($username,$this->getParameter("ldap_usersadmin")))
$user->setRole("ROLE_ADMIN");
// Génération auto des groupes
$this->submitGroup($attributes);
// On calcule les groupes de l'utilisateur // On calcule les groupes de l'utilisateur
$user=$em->getRepository('CadolesCoreBundle:Group')->calculateGroup($user,$attributes); $user=$em->getRepository('CadolesCoreBundle:Group')->calculateGroup($user,$attributes);
@ -195,7 +207,14 @@ class SecurityController extends Controller
// Récupération Attribut // Récupération Attribut
$attributes = \phpCAS::getAttributes(); $attributes = \phpCAS::getAttributes();
$user = $em->getRepository('CadolesCoreBundle:User')->findOneBy(array("username"=>$username)); $user = $em->getRepository('CadolesCoreBundle:User')->findOneBy(array("username"=>$username));
// On calcule le niveau01 de l'utilisateur
$niveau01=$em->getRepository('CadolesCoreBundle:Niveau01')->calculateNiveau01($attributes); $niveau01=$em->getRepository('CadolesCoreBundle:Niveau01')->calculateNiveau01($attributes);
// Génération auto des groupes
$groups=$this->submitGroup($attributes);
// On calcule les groupes de l'utilisateur
$user=$em->getRepository('CadolesCoreBundle:Group')->calculateGroup($user,$attributes); $user=$em->getRepository('CadolesCoreBundle:Group')->calculateGroup($user,$attributes);
return $this->render('CadolesCASBundle:Test:test.html.twig',[ return $this->render('CadolesCASBundle:Test:test.html.twig',[
@ -209,4 +228,44 @@ class SecurityController extends Controller
]); ]);
} }
private function submitGroup($attributes) {
$em = $this->getDoctrine()->getManager();
if(!$this->getParameter('ssosynchrogroup'))
return null;
$user_attr_cas_group=$this->getParameter('user_attr_cas_group');
// Si l'utilisateur possège l'attribut groupe dans ses attributs
if(array_key_exists($user_attr_cas_group,$attributes)) {
if(!is_array($attributes[$user_attr_cas_group])) {
$attributes[$user_attr_cas_group]=[$attributes[$user_attr_cas_group]];
}
foreach($attributes[$user_attr_cas_group] as $ssogroup) {
// Recherche du groupe
$group=$em->getRepository("CadolesCoreBundle:Group")->findOneBy(["label"=>$ssogroup]);
if(!$group) {
$group=new Group();
$group->setLabel($ssogroup);
$group->setFgcancreatepage(false);
$group->setFgcancreateblog(false);
$group->setFgcancreatecalendar(false);
$group->setFgcancreateproject(false);
$group->setFgcanshare(false);
$group->setFgopen(false);
$group->setFgall(false);
}
$group->setAttributes('{"'.$user_attr_cas_group.'":"'.$ssogroup.'"}');
$group->setFgtemplate(false);
$em->persist($group);
$em->flush();
}
}
}
} }

View File

@ -487,7 +487,15 @@ parameters:
user_attr_saml_mail: mail user_attr_saml_mail: mail
user_attr_saml_lastname: sn user_attr_saml_lastname: sn
user_attr_saml_firstname: givenName user_attr_saml_firstname: givenName
%if %%getVar("ninegate_ssosynchrogroup", 'non') == "oui"
ssosynchrogroup: true
user_attr_cas_group: %%ninegate_ssoreqgroup
%else
ssosynchrogroup: fase
user_attr_cas_group:
%end if
%if %%is_defined("ninegate_smtpport") %if %%is_defined("ninegate_smtpport")
mailer_port: '%%ninegate_smtpport' mailer_port: '%%ninegate_smtpport'
mailer_encryption: %%ninegate_smtpencryption mailer_encryption: %%ninegate_smtpencryption