groupe SSO de type DN
This commit is contained in:
parent
c7c10ded30
commit
fc094ab57e
|
@ -22,17 +22,17 @@ class SecurityController extends Controller
|
||||||
|
|
||||||
public function loginAction(Request $request)
|
public function loginAction(Request $request)
|
||||||
{
|
{
|
||||||
// Récupération de la cible de navigation
|
// Récupération de la cible de navigation
|
||||||
$redirect = $request->get("redirect");
|
$redirect = $request->get("redirect");
|
||||||
|
|
||||||
// Masteridentity
|
// Masteridentity
|
||||||
$masteridentity=$this->getParameter("masteridentity");
|
$masteridentity=$this->getParameter("masteridentity");
|
||||||
|
|
||||||
// Init Client CAS
|
// Init Client CAS
|
||||||
\phpCAS::setDebug("/var/log/phpcas/phpCAS-ninegate.log");
|
\phpCAS::setDebug("/var/log/phpcas/phpCAS-ninegate.log");
|
||||||
@\phpCAS::client(CAS_VERSION_2_0, $this->getParameter('cas_host'), $this->getParameter('cas_port'), is_null($this->getParameter('cas_path')) ? '' : $this->getParameter('cas_path'), false);
|
\phpCAS::client(CAS_VERSION_2_0, $this->getParameter('cas_host'), $this->getParameter('cas_port'), is_null($this->getParameter('cas_path')) ? '' : $this->getParameter('cas_path'), false);
|
||||||
\phpCAS::setNoCasServerValidation();
|
\phpCAS::setNoCasServerValidation();
|
||||||
|
|
||||||
|
|
||||||
// Authentification
|
// Authentification
|
||||||
\phpCAS::forceAuthentication();
|
\phpCAS::forceAuthentication();
|
||||||
|
@ -52,13 +52,13 @@ class SecurityController extends Controller
|
||||||
$em = $this->getDoctrine()->getManager();
|
$em = $this->getDoctrine()->getManager();
|
||||||
if(isset($attributes[$this->getParameter('user_attr_cas_username')]))
|
if(isset($attributes[$this->getParameter('user_attr_cas_username')]))
|
||||||
$username = $attributes[$this->getParameter('user_attr_cas_username')];
|
$username = $attributes[$this->getParameter('user_attr_cas_username')];
|
||||||
|
|
||||||
if(isset($attributes[$this->getParameter('user_attr_cas_mail')]))
|
if(isset($attributes[$this->getParameter('user_attr_cas_mail')]))
|
||||||
$email = $attributes[$this->getParameter('user_attr_cas_mail')];
|
$email = $attributes[$this->getParameter('user_attr_cas_mail')];
|
||||||
|
|
||||||
if(isset($attributes[$this->getParameter('user_attr_cas_lastname')]))
|
if(isset($attributes[$this->getParameter('user_attr_cas_lastname')]))
|
||||||
$lastname = $attributes[$this->getParameter('user_attr_cas_lastname')];
|
$lastname = $attributes[$this->getParameter('user_attr_cas_lastname')];
|
||||||
|
|
||||||
if(isset($attributes[$this->getParameter('user_attr_cas_firstname')]))
|
if(isset($attributes[$this->getParameter('user_attr_cas_firstname')]))
|
||||||
$firstname = $attributes[$this->getParameter('user_attr_cas_firstname')];
|
$firstname = $attributes[$this->getParameter('user_attr_cas_firstname')];
|
||||||
|
|
||||||
|
@ -96,7 +96,7 @@ class SecurityController extends Controller
|
||||||
|
|
||||||
$user->setPassword("CASPWD-".$username);
|
$user->setPassword("CASPWD-".$username);
|
||||||
$user->setSalt("CASPWD-".$username);
|
$user->setSalt("CASPWD-".$username);
|
||||||
|
|
||||||
$user->setNiveau01($niveau01);
|
$user->setNiveau01($niveau01);
|
||||||
$user->setSiren($niveau01->getSiren());
|
$user->setSiren($niveau01->getSiren());
|
||||||
$user->setSiret("");
|
$user->setSiret("");
|
||||||
|
@ -105,8 +105,8 @@ class SecurityController extends Controller
|
||||||
$user->setVisible(true);
|
$user->setVisible(true);
|
||||||
$user->setAuthlevel("simple");
|
$user->setAuthlevel("simple");
|
||||||
$user->setRole("ROLE_USER");
|
$user->setRole("ROLE_USER");
|
||||||
|
|
||||||
if(in_array($username,$this->getParameter("ldap_usersadmin")))
|
if(in_array($username,$this->getParameter("ldap_usersadmin")))
|
||||||
$user->setRole("ROLE_ADMIN");
|
$user->setRole("ROLE_ADMIN");
|
||||||
|
|
||||||
$em->persist($user);
|
$em->persist($user);
|
||||||
|
@ -116,7 +116,7 @@ class SecurityController extends Controller
|
||||||
$this->submitGroup($attributes);
|
$this->submitGroup($attributes);
|
||||||
|
|
||||||
// On calcule les groupes de l'utilisateur
|
// On calcule les groupes de l'utilisateur
|
||||||
$user=$em->getRepository('CadolesCoreBundle:Group')->calculateGroup($user,$attributes);
|
$user=$em->getRepository('CadolesCoreBundle:Group')->calculateGroup($user,$attributes);
|
||||||
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -138,7 +138,7 @@ class SecurityController extends Controller
|
||||||
$user->setNiveau01($niveau01);
|
$user->setNiveau01($niveau01);
|
||||||
$user->setNiveau02(null);
|
$user->setNiveau02(null);
|
||||||
}
|
}
|
||||||
if(in_array($username,$this->getParameter("ldap_usersadmin")))
|
if(in_array($username,$this->getParameter("ldap_usersadmin")))
|
||||||
$user->setRole("ROLE_ADMIN");
|
$user->setRole("ROLE_ADMIN");
|
||||||
|
|
||||||
// Génération auto des groupes
|
// Génération auto des groupes
|
||||||
|
@ -166,7 +166,7 @@ class SecurityController extends Controller
|
||||||
}
|
}
|
||||||
$ssoitems=$attributes[$user_attr_cas_item];
|
$ssoitems=$attributes[$user_attr_cas_item];
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
$this->get('session')->set('ssoitems', $ssoitems);
|
$this->get('session')->set('ssoitems', $ssoitems);
|
||||||
|
|
||||||
// Autoconnexion
|
// Autoconnexion
|
||||||
|
@ -194,7 +194,7 @@ class SecurityController extends Controller
|
||||||
public function logoutAction() {
|
public function logoutAction() {
|
||||||
// Init Client CAS
|
// Init Client CAS
|
||||||
\phpCAS::setDebug(false);
|
\phpCAS::setDebug(false);
|
||||||
@\phpCAS::client(CAS_VERSION_2_0, $this->getParameter('cas_host'), $this->getParameter('cas_port'), is_null($this->getParameter('cas_path')) ? '' : $this->getParameter('cas_path'), true);
|
\phpCAS::client(CAS_VERSION_2_0, $this->getParameter('cas_host'), $this->getParameter('cas_port'), is_null($this->getParameter('cas_path')) ? '' : $this->getParameter('cas_path'), true);
|
||||||
\phpCAS::setNoCasServerValidation();
|
\phpCAS::setNoCasServerValidation();
|
||||||
|
|
||||||
|
|
||||||
|
@ -208,9 +208,9 @@ class SecurityController extends Controller
|
||||||
|
|
||||||
// Init Client CAS
|
// Init Client CAS
|
||||||
\phpCAS::setDebug("/var/log/phpcas/phpCAS-ninegate.log");
|
\phpCAS::setDebug("/var/log/phpcas/phpCAS-ninegate.log");
|
||||||
@\phpCAS::client(CAS_VERSION_2_0, $this->getParameter('cas_host'), $this->getParameter('cas_port'), is_null($this->getParameter('cas_path')) ? '' : $this->getParameter('cas_path'), false);
|
\phpCAS::client(CAS_VERSION_2_0, $this->getParameter('cas_host'), $this->getParameter('cas_port'), is_null($this->getParameter('cas_path')) ? '' : $this->getParameter('cas_path'), false);
|
||||||
\phpCAS::setNoCasServerValidation();
|
\phpCAS::setNoCasServerValidation();
|
||||||
|
|
||||||
|
|
||||||
// Authentification
|
// Authentification
|
||||||
\phpCAS::forceAuthentication();
|
\phpCAS::forceAuthentication();
|
||||||
|
@ -221,12 +221,12 @@ class SecurityController extends Controller
|
||||||
// Récupération Attribut
|
// Récupération Attribut
|
||||||
$attributes = \phpCAS::getAttributes();
|
$attributes = \phpCAS::getAttributes();
|
||||||
$user = $em->getRepository('CadolesCoreBundle:User')->findOneBy(array("username"=>$username));
|
$user = $em->getRepository('CadolesCoreBundle:User')->findOneBy(array("username"=>$username));
|
||||||
|
|
||||||
// On calcule le niveau01 de l'utilisateur
|
// On calcule le niveau01 de l'utilisateur
|
||||||
$niveau01=$em->getRepository('CadolesCoreBundle:Niveau01')->calculateNiveau01($attributes);
|
$niveau01=$em->getRepository('CadolesCoreBundle:Niveau01')->calculateNiveau01($attributes);
|
||||||
|
|
||||||
// Génération auto des groupes
|
// Génération auto des groupes
|
||||||
$groups=$this->submitGroup($attributes);
|
$groups=$this->submitGroup($attributes);
|
||||||
|
|
||||||
// On calcule les groupes de l'utilisateur
|
// On calcule les groupes de l'utilisateur
|
||||||
$user=$em->getRepository('CadolesCoreBundle:Group')->calculateGroup($user,$attributes);
|
$user=$em->getRepository('CadolesCoreBundle:Group')->calculateGroup($user,$attributes);
|
||||||
|
@ -234,12 +234,12 @@ class SecurityController extends Controller
|
||||||
return $this->render('CadolesCASBundle:Test:test.html.twig',[
|
return $this->render('CadolesCASBundle:Test:test.html.twig',[
|
||||||
'useheader' => true,
|
'useheader' => true,
|
||||||
'usemenu' => false,
|
'usemenu' => false,
|
||||||
'usesidebar' => false,
|
'usesidebar' => false,
|
||||||
'attributes' => $attributes,
|
'attributes' => $attributes,
|
||||||
'user' => $user,
|
'user' => $user,
|
||||||
'username' => $username,
|
'username' => $username,
|
||||||
'niveau01' => $niveau01,
|
'niveau01' => $niveau01,
|
||||||
]);
|
]);
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -258,26 +258,38 @@ class SecurityController extends Controller
|
||||||
}
|
}
|
||||||
|
|
||||||
foreach($attributes[$user_attr_cas_group] as $ssogroup) {
|
foreach($attributes[$user_attr_cas_group] as $ssogroup) {
|
||||||
|
$basedn=$this->getParameter('ldap_basedn');
|
||||||
|
$name=$ssogroup;
|
||||||
|
if($basedn!="") {
|
||||||
|
// Si présence du basedn dans le nom du groupe = nous sommes en présence d'un DN = on récupere donc comme nom que son cn
|
||||||
|
if(stripos($name,$basedn)!==false) {
|
||||||
|
$tbname=explode(",",$name);
|
||||||
|
$tbname=explode("=",$tbname[0]);
|
||||||
|
$name=$tbname[1];
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
// Recherche du groupe
|
// Recherche du groupe
|
||||||
$group=$em->getRepository("CadolesCoreBundle:Group")->findOneBy(["label"=>$ssogroup]);
|
$group=$em->getRepository("CadolesCoreBundle:Group")->findOneBy(["label"=>$name]);
|
||||||
if(!$group) {
|
if(!$group) {
|
||||||
$group=new Group();
|
$group=new Group();
|
||||||
$group->setLabel($ssogroup);
|
$group->setLabel($name);
|
||||||
$group->setFgcancreatepage(false);
|
$group->setFgcancreatepage(false);
|
||||||
$group->setFgcancreateblog(false);
|
$group->setFgcancreateblog(false);
|
||||||
$group->setFgcancreatecalendar(false);
|
$group->setFgcancreatecalendar(false);
|
||||||
$group->setFgcancreateproject(false);
|
$group->setFgcancreateproject(false);
|
||||||
$group->setFgcanshare(false);
|
$group->setFgcanshare(false);
|
||||||
$group->setFgopen(false);
|
$group->setFgopen(false);
|
||||||
$group->setFgall(false);
|
$group->setFgall(false);
|
||||||
}
|
}
|
||||||
|
|
||||||
$group->setAttributes('{"'.$user_attr_cas_group.'":"'.$ssogroup.'"}');
|
$group->setAttributes('{"'.$user_attr_cas_group.'":"'.$ssogroup.'"}');
|
||||||
$group->setFgtemplate(false);
|
$group->setFgtemplate(false);
|
||||||
|
|
||||||
$em->persist($group);
|
$em->persist($group);
|
||||||
$em->flush();
|
$em->flush();
|
||||||
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue