Compare commits
2 Commits
21295df381
...
6f77194ae5
| Author | SHA1 | Date | |
|---|---|---|---|
| 6f77194ae5 | |||
| 923c6c0b42 |
@ -84,6 +84,9 @@
|
||||
<variable type='string' name='ninegate_mode_auth' description="Mode Authentification" mandatory='True'><value>CAS</value></variable>
|
||||
<variable type='string' name='ninegate_api_key' description="Clé d'accès API" mandatory='True'><value>APIKeyNinegate</value></variable>
|
||||
|
||||
<variable type='oui/non' name='ninegate_ssosynchrogroup' description="Générer automatiquement les groupes en fonction d'un attribut SSO"><value>oui</value></variable>
|
||||
<variable type='string' name='ninegate_ssoreqgroup' description="Attribut SSO associé à la notion de groupe" mandatory='True'><value>user_groups</value></variable>
|
||||
|
||||
<variable type='oui/non' name='ninegate_syncldap' description="Synchroniser Ninegate vers votre Annuaire CadolesLDAP"><value>non</value></variable>
|
||||
<variable type='string' name='ninegate_ldaptemplate' description="Modèle d'annuaire"><value>scribe</value></variable>
|
||||
<variable type='oui/non' name='ninegate_scribegroup' description="Considérer les classes/options comme des groupes de travail"><value>oui</value></variable>
|
||||
@ -92,7 +95,6 @@
|
||||
<variable type='oui/non' name='ninegate_openldapsynchrogroup' description="Générer automatiquement les groupes en fonction de votre annuaire"><value>oui</value></variable>
|
||||
<variable type='string' name='ninegate_openldapreqgroup' description="Générer automatiquement les groupes en fonction de votre annuaire" mandatory='True'><value>(objectClass=posixGroup)</value></variable>
|
||||
|
||||
|
||||
<variable type='string' name='ninegate_pwdadmin' description="Mot de passe du compte admin durant l'instance (idem valeur Cadoles ldap)" mandatory='True'><value></value></variable>
|
||||
<variable type='string' name='ninegate_organization' description="Nom de l'organisation principale (idem valeur Cadoles ldap)" mandatory='True'><value></value></variable>
|
||||
<variable type='string' name='ninegate_niveau01branche' description="Nom de la branche de Niveau 01 (idem valeur Cadoles ldap)" mandatory='True'><value>niveau01</value></variable>
|
||||
@ -427,6 +429,8 @@
|
||||
<target type='variable'>ninegate_mode_auth</target>
|
||||
<target type='variable'>ninegate_api_key</target>
|
||||
|
||||
<target type='variable'>ninegate_ssosynchrogroup</target>
|
||||
<target type='variable'>ninegate_ssoreqgroup</target>
|
||||
|
||||
<target type='variable'>ninegate_syncldap</target>
|
||||
<target type='variable'>ninegate_ldaptemplate</target>
|
||||
@ -514,6 +518,14 @@
|
||||
<target type='variable'>ninegate_test_conf_cadolesldap</target>
|
||||
</condition>
|
||||
|
||||
<condition name='hidden_if_in' source='ninegate_masteridentity'>
|
||||
<param>SQL</param>
|
||||
<param>LDAP</param>
|
||||
|
||||
<target type='variable'>ninegate_ssosynchrogroup</target>
|
||||
<target type='variable'>ninegate_ssoreqgroup</target>
|
||||
</condition>
|
||||
|
||||
<condition name='hidden_if_in' source='ninegate_syncldap'>
|
||||
<param>non</param>
|
||||
|
||||
@ -572,7 +584,12 @@
|
||||
<param name='mismatch'>non</param>
|
||||
</auto>
|
||||
|
||||
<!-- AFFICHAGE EN FONCTION DE SSO SYNCHRO GROUPE -->
|
||||
<condition name='hidden_if_in' source='ninegate_ssosynchrogroup'>
|
||||
<param>non</param>
|
||||
|
||||
<target type='variable'>ninegate_ssoreqgroup</target>
|
||||
</condition>
|
||||
|
||||
<!-- AFFICHAGE EN FONCTION DE CADOLESLDAP -->
|
||||
<fill name='calc_val' target='ninegate_pwdadmin'>
|
||||
@ -620,7 +637,7 @@
|
||||
<target type='variable'>ninegate_openldapreqgroup</target>
|
||||
</condition>
|
||||
|
||||
<!-- AFFICHAGE EN FONCTION DU MODULE PORTAL -->
|
||||
<!-- AFFICHAGE EN FONCTION DU LDAP SYNCHRO GROUP -->
|
||||
<condition name='hidden_if_in' source='ninegate_openldapsynchrogroup'>
|
||||
<param>non</param>
|
||||
|
||||
|
||||
@ -11,6 +11,7 @@ use Symfony\Component\EventDispatcher\EventDispatcher;
|
||||
use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
|
||||
|
||||
use Cadoles\CoreBundle\Entity\User;
|
||||
use Cadoles\CoreBundle\Entity\Group;
|
||||
|
||||
class SecurityController extends Controller
|
||||
{
|
||||
@ -28,7 +29,7 @@ class SecurityController extends Controller
|
||||
$masteridentity=$this->getParameter("masteridentity");
|
||||
|
||||
// Init Client CAS
|
||||
\phpCAS::setDebug(false);
|
||||
\phpCAS::setDebug("/var/log/phpcas/phpCAS-ninegate.log");
|
||||
\phpCAS::client(CAS_VERSION_2_0, $this->getParameter('cas_host'), $this->getParameter('cas_port'), is_null($this->getParameter('cas_path')) ? '' : $this->getParameter('cas_path'), false);
|
||||
\phpCAS::setNoCasServerValidation();
|
||||
|
||||
@ -42,12 +43,6 @@ class SecurityController extends Controller
|
||||
// Récupération Attribut
|
||||
$attributes = \phpCAS::getAttributes();
|
||||
|
||||
// Suppression des Attributs en tableaux
|
||||
foreach ($attributes as $key => $value) {
|
||||
if(is_array($value))
|
||||
unset($attributes[$key]);
|
||||
}
|
||||
|
||||
// Rechercher l'utilisateur
|
||||
$em = $this->getDoctrine()->getManager();
|
||||
if(isset($attributes[$this->getParameter('user_attr_cas_username')]))
|
||||
@ -62,6 +57,7 @@ class SecurityController extends Controller
|
||||
if(isset($attributes[$this->getParameter('user_attr_cas_firstname')]))
|
||||
$firstname = $attributes[$this->getParameter('user_attr_cas_firstname')];
|
||||
|
||||
|
||||
$user = $em->getRepository('CadolesCoreBundle:User')->findOneBy(array("username"=>$username));
|
||||
$exists = $user ? true : false;
|
||||
|
||||
@ -104,11 +100,18 @@ class SecurityController extends Controller
|
||||
$user->setAuthlevel("simple");
|
||||
$user->setRole("ROLE_USER");
|
||||
|
||||
if(in_array($username,$this->getParameter("ldap_usersadmin")))
|
||||
$user->setRole("ROLE_ADMIN");
|
||||
|
||||
$em->persist($user);
|
||||
$em->flush();
|
||||
|
||||
// Génération auto des groupes
|
||||
$this->submitGroup($attributes);
|
||||
|
||||
// On calcule les groupes de l'utilisateur
|
||||
$groups=$em->getRepository('CadolesCoreBundle:Group')->calculateGroup($user,$attributes);
|
||||
$user=$em->getRepository('CadolesCoreBundle:Group')->calculateGroup($user,$attributes);
|
||||
|
||||
}
|
||||
}
|
||||
else {
|
||||
@ -122,13 +125,19 @@ class SecurityController extends Controller
|
||||
// On s'assure que le niveau 02 appartient bien au niveau 01 calculé
|
||||
$sameniveau01=(!is_null($user->getNiveau02())&&$niveau01==$user->getNiveau02()->getNiveau01());
|
||||
|
||||
// On calcule les groupes de l'utilisateur
|
||||
$user=$groups=$em->getRepository('CadolesCoreBundle:Group')->calculateGroup($user,$attributes);
|
||||
|
||||
$user->setLastname($lastname);
|
||||
$user->setFirstname($firstname);
|
||||
$user->setEmail($email);
|
||||
if(!$sameniveau01) $user->setNiveau02(null);
|
||||
if(in_array($username,$this->getParameter("ldap_usersadmin")))
|
||||
$user->setRole("ROLE_ADMIN");
|
||||
|
||||
// Génération auto des groupes
|
||||
$this->submitGroup($attributes);
|
||||
|
||||
// On calcule les groupes de l'utilisateur
|
||||
$user=$em->getRepository('CadolesCoreBundle:Group')->calculateGroup($user,$attributes);
|
||||
|
||||
|
||||
$em->persist($user);
|
||||
$em->flush();
|
||||
@ -179,4 +188,84 @@ class SecurityController extends Controller
|
||||
$url=$this->generateUrl('cadoles_core_home', array(), UrlGeneratorInterface::ABSOLUTE_URL);
|
||||
\phpCAS::logout(array("service"=>$url));
|
||||
}
|
||||
|
||||
public function testAction() {
|
||||
$em = $this->getDoctrine()->getManager();
|
||||
|
||||
// Init Client CAS
|
||||
\phpCAS::setDebug("/var/log/phpcas/phpCAS-ninegate.log");
|
||||
\phpCAS::client(CAS_VERSION_2_0, $this->getParameter('cas_host'), $this->getParameter('cas_port'), is_null($this->getParameter('cas_path')) ? '' : $this->getParameter('cas_path'), false);
|
||||
\phpCAS::setNoCasServerValidation();
|
||||
|
||||
|
||||
// Authentification
|
||||
\phpCAS::forceAuthentication();
|
||||
|
||||
// Récupération UID
|
||||
$username = \phpCAS::getUser();
|
||||
|
||||
// Récupération Attribut
|
||||
$attributes = \phpCAS::getAttributes();
|
||||
$user = $em->getRepository('CadolesCoreBundle:User')->findOneBy(array("username"=>$username));
|
||||
|
||||
// On calcule le niveau01 de l'utilisateur
|
||||
$niveau01=$em->getRepository('CadolesCoreBundle:Niveau01')->calculateNiveau01($attributes);
|
||||
|
||||
// Génération auto des groupes
|
||||
$groups=$this->submitGroup($attributes);
|
||||
|
||||
// On calcule les groupes de l'utilisateur
|
||||
$user=$em->getRepository('CadolesCoreBundle:Group')->calculateGroup($user,$attributes);
|
||||
|
||||
return $this->render('CadolesCASBundle:Test:test.html.twig',[
|
||||
'useheader' => true,
|
||||
'usemenu' => false,
|
||||
'usesidebar' => false,
|
||||
'attributes' => $attributes,
|
||||
'user' => $user,
|
||||
'username' => $username,
|
||||
'niveau01' => $niveau01,
|
||||
]);
|
||||
|
||||
}
|
||||
|
||||
private function submitGroup($attributes) {
|
||||
$em = $this->getDoctrine()->getManager();
|
||||
|
||||
if(!$this->getParameter('ssosynchrogroup'))
|
||||
return null;
|
||||
|
||||
$user_attr_cas_group=$this->getParameter('user_attr_cas_group');
|
||||
|
||||
// Si l'utilisateur possège l'attribut groupe dans ses attributs
|
||||
if(array_key_exists($user_attr_cas_group,$attributes)) {
|
||||
if(!is_array($attributes[$user_attr_cas_group])) {
|
||||
$attributes[$user_attr_cas_group]=[$attributes[$user_attr_cas_group]];
|
||||
}
|
||||
|
||||
foreach($attributes[$user_attr_cas_group] as $ssogroup) {
|
||||
// Recherche du groupe
|
||||
$group=$em->getRepository("CadolesCoreBundle:Group")->findOneBy(["label"=>$ssogroup]);
|
||||
if(!$group) {
|
||||
$group=new Group();
|
||||
$group->setLabel($ssogroup);
|
||||
$group->setFgcancreatepage(false);
|
||||
$group->setFgcancreateblog(false);
|
||||
$group->setFgcancreatecalendar(false);
|
||||
$group->setFgcancreateproject(false);
|
||||
$group->setFgcanshare(false);
|
||||
$group->setFgopen(false);
|
||||
$group->setFgall(false);
|
||||
}
|
||||
|
||||
$group->setAttributes('{"'.$user_attr_cas_group.'":"'.$ssogroup.'"}');
|
||||
$group->setFgtemplate(false);
|
||||
|
||||
$em->persist($group);
|
||||
$em->flush();
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
@ -6,3 +6,7 @@ cas_sp.logout:
|
||||
path: /logout
|
||||
defaults: { _controller: CadolesCASBundle:Security:logout }
|
||||
|
||||
cas_sp.test:
|
||||
path: /test
|
||||
defaults: { _controller: CadolesCASBundle:Security:test }
|
||||
|
||||
|
||||
@ -0,0 +1,35 @@
|
||||
{% extends '@CadolesCore/base.html.twig' %}
|
||||
|
||||
{% block pagewrapper %}
|
||||
<h1>TEST SSO</h1>
|
||||
|
||||
<h2>Atttribut SSO</h2>
|
||||
{% for key, attribute in attributes %}
|
||||
{% if attribute is iterable %}
|
||||
{% for value in attribute %}
|
||||
<strong>{{ key }}</strong> = {{ value }}<br>
|
||||
{% endfor %}
|
||||
{% else %}
|
||||
<strong>{{ key }}</strong> = {{ attribute }}<br>
|
||||
{% endif %}
|
||||
{% endfor %}
|
||||
|
||||
|
||||
<h2>Correspondance Utilisateur Ninegate</h2>
|
||||
<strong>username</strong> = {{ user.username }}<br>
|
||||
<strong>firstname</strong> = {{ user.firstname }}<br>
|
||||
<strong>lastname</strong> = {{ user.lastname }}<br>
|
||||
<strong>email</strong> = {{ user.email }}<br>
|
||||
|
||||
<h2>Appartient au Niveau 01</h2>
|
||||
<strong>{{ niveau01.label }}</strong> = {{ niveau01.attributes }}
|
||||
|
||||
<h2>Appartient aux Groupes</h2>
|
||||
{% for usergroup in user.groups %}
|
||||
{% if not usergroup.group.attributes is empty %}
|
||||
<strong>{{usergroup.group.label}}</strong> = {{usergroup.group.attributes}}<br>
|
||||
{% endif %}
|
||||
{% endfor %}
|
||||
|
||||
<br><br><br><br><br><br><br>
|
||||
{% endblock %}
|
||||
@ -151,6 +151,20 @@ class InitDataCommand extends ContainerAwareCommand
|
||||
}
|
||||
}
|
||||
|
||||
// On s'assure si masteridentity est à SSO qu'au minimum un niveau01 possède un attribut
|
||||
if($masteridentity=="SSO") {
|
||||
$niveau01=$em->createQueryBuilder()->select('n')->from('CadolesCoreBundle:Niveau01','n')->where('n.attributes IS NOT NULL')->getQuery()->getResult();
|
||||
if(!$niveau01) {
|
||||
// Si ce n'est pas le cas on positionne un attribut ultra large sur le niveau01 de base
|
||||
$niveau01=$group=$em->getRepository('CadolesCoreBundle:Niveau01')->find(-100);
|
||||
$niveau01->setAttributes('{"username":"*"}');
|
||||
|
||||
$em->persist($niveau01);
|
||||
$em->flush();
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
$output->writeln('');
|
||||
}
|
||||
|
||||
|
||||
@ -21,15 +21,15 @@ class GroupRepository extends \Doctrine\ORM\EntityRepository
|
||||
|
||||
foreach($attgroup as $key => $value) {
|
||||
if(array_key_exists($key,$attruser)) {
|
||||
if(is_array($value)) {
|
||||
foreach($value as $val) {
|
||||
if($val=="*")
|
||||
if(is_array($attruser[$key])) {
|
||||
foreach($attruser[$key] as $val) {
|
||||
if($value=="*")
|
||||
$retgroups->add($group);
|
||||
elseif($val==$attruser[$key])
|
||||
elseif($val==$value)
|
||||
$retgroups->add($group);
|
||||
}
|
||||
}
|
||||
elseif(array_key_exists($key,$attruser)) {
|
||||
else {
|
||||
if($value=="*")
|
||||
$retgroups->add($group);
|
||||
elseif($value==$attruser[$key])
|
||||
|
||||
@ -15,15 +15,15 @@ class Niveau01Repository extends \Doctrine\ORM\EntityRepository
|
||||
|
||||
foreach($attniveau as $key => $value) {
|
||||
if(array_key_exists($key,$attruser)) {
|
||||
if(is_array($value)) {
|
||||
foreach($value as $val) {
|
||||
if($val=="*")
|
||||
if(is_array($attruser[$key])) {
|
||||
foreach($attruser[$key] as $val) {
|
||||
if($value=="*")
|
||||
return $niveau01;
|
||||
elseif($val==$attruser[$key])
|
||||
elseif($val==$value)
|
||||
return $niveau01;
|
||||
}
|
||||
}
|
||||
else if(array_key_exists($key,$attruser)) {
|
||||
else {
|
||||
if($value=="*")
|
||||
return $niveau01;
|
||||
elseif($value==$attruser[$key])
|
||||
|
||||
@ -1,14 +1,8 @@
|
||||
[user]
|
||||
[attributes]
|
||||
user=uid
|
||||
|
||||
[username]
|
||||
username=uid
|
||||
|
||||
[firstname]
|
||||
firstname=givenName
|
||||
|
||||
[lastname]
|
||||
lastname=sn
|
||||
|
||||
[email]
|
||||
email=mail
|
||||
user_groups=user_groups
|
||||
|
||||
|
||||
@ -488,6 +488,14 @@ parameters:
|
||||
user_attr_saml_lastname: sn
|
||||
user_attr_saml_firstname: givenName
|
||||
|
||||
%if %%getVar("ninegate_ssosynchrogroup", 'non') == "oui"
|
||||
ssosynchrogroup: true
|
||||
user_attr_cas_group: %%ninegate_ssoreqgroup
|
||||
%else
|
||||
ssosynchrogroup: fase
|
||||
user_attr_cas_group:
|
||||
%end if
|
||||
|
||||
%if %%is_defined("ninegate_smtpport")
|
||||
mailer_port: '%%ninegate_smtpport'
|
||||
mailer_encryption: %%ninegate_smtpencryption
|
||||
|
||||
Reference in New Issue
Block a user