frankniesten / limesurvey-saml-authentication Goto Github PK
View Code? Open in Web Editor NEWSAML Authentication Plugin for LimeSurvey 3.14+
License: GNU General Public License v3.0
SAML Authentication Plugin for LimeSurvey 3.14+
License: GNU General Public License v3.0
Hello !
I can't get it to appear in the plugin manager on a fresh 4 install.
Did you already tried it on a 4 ?
Do you think that there is a lot of work to make it compatible ?
Thanks a lot !
Hello,
I've configured simplesamlphp and was able to log in using the simplesaml test login but when I installed the plugin in limesurvey I get the following error:
"Error with authentication source 'limesurvey': Unknown authentication source."
Do you have any suggestions? I am having troubling trouble finding info on google about this.
My code is 99% the same as what is in the repo except I changed the path to 'C:\xampp\htdocs\simplesamlphp' and also here ' $simplesamlphp_path = $this->get('simplesamlphp_path', null, null, 'C:\xampp\htdocs\simplesamlphp');'. I suspect that this line is the issue but I don't know what to do with it. Thank you very much!
`<?php
/*
*/
class AuthSAML extends LimeSurvey\PluginManager\AuthPluginBase
{
protected $storage = 'DbStorage';
protected $ssp = null;
static protected $description = 'Core: SAML authentication';
static protected $name = 'SAML';
protected $settings = array(
'simplesamlphp_path' => array(
'type' => 'string',
'label' => 'Path to the SimpleSAMLphp folder',
'default' => 'C:\xampp\htdocs\simplesamlphp',
),
'saml_authsource' => array(
'type' => 'string',
'label' => 'SAML authentication source',
'default' => 'default-sp',
),
'saml_uid_mapping' => array(
'type' => 'string',
'label' => 'SAML attributed used as username',
'default' => 'uid',
),
'saml_mail_mapping' => array(
'type' => 'string',
'label' => 'SAML attributed used as email',
'default' => 'mail',
),
'saml_name_mapping' => array(
'type' => 'string',
'label' => 'SAML attributed used as name',
'default' => 'cn',
),
'auto_update_users' => array(
'type' => 'checkbox',
'label' => 'Auto update users',
'default' => true,
),
);
public function init() {
$this->subscribe('getGlobalBasePermissions');
$this->subscribe('beforeLogin');
$this->subscribe('beforeLogout');
$this->subscribe('newUserSession');
}
/**
* Add AuthLDAP Permission to global Permission
*/
public function getGlobalBasePermissions()
{
$this->getEvent()->append('globalBasePermissions', array(
'auth_saml' => array(
'create' => false,
'update' => false,
'delete' => false,
'import' => false,
'export' => false,
'title' => gT("Use SAML authentication"),
'description' => gT("Use SAML authentication"),
'img' => 'usergroup'
),
));
}
public function beforeLogin() {
$ssp = $this->get_saml_instance();
$ssp->requireAuth();
if ($ssp->isAuthenticated()) {
$this->setAuthPlugin();
$this->newUserSession();
}
}
public function beforeLogout() {
$ssp = $this->get_saml_instance();
if ($ssp->isAuthenticated()) {
$ssp->logout();
}
}
public function newUserSession() {
$ssp = $this->get_saml_instance();
if ($ssp->isAuthenticated()) {
$sUser = $this->getUserName();
$name = $this->getUserCommonName();
$mail = $this->getUserMail();
$oUser = $this->api->getUserByName($sUser);
if (is_null($oUser)) {
// Create new user
$oUser = new User;
$oUser->users_name = $sUser;
$oUser->setPassword(createPassword());
$oUser->full_name = $name;
$oUser->parent_id = 1;
$oUser->email = $mail;
if ($oUser->save()) {
$permission = new Permission;
Permission::model()->setGlobalPermission($oUser->uid, 'auth_saml');
Permission::model()->setGlobalPermission($oUser->uid, 'surveys', array('create_p'));
$oUser = $this->api->getUserByName($sUser);
$this->pluginManager->dispatchEvent(new PluginEvent('newUserLogin', $this));
$this->setAuthSuccess($oUser);
return;
}
else {
$this->setAuthFailure(self::ERROR_USERNAME_INVALID);
}
}
else {
// *** Update user ***
$auto_update_users = $this->get('auto_update_users', null, null, true);
if ($auto_update_users) {
$changes = array (
'full_name' => $name,
'email' => $mail,
);
User::model()->updateByPk($oUser->uid, $changes);
$oUser = $this->api->getUserByName($sUser);
}
$this->setAuthSuccess($oUser);
}
}
}
/**
* Initialize SAML authentication
* @return void
*/
protected function get_saml_instance() {
if ($this->ssp == null) {
$simplesamlphp_path = $this->get('simplesamlphp_path', null, null, 'C:\xampp\htdocs\simplesamlphp');
require_once($simplesamlphp_path.'/lib/_autoload.php');
$saml_authsource = $this->get('saml_authsource', null, null, 'limesurvey');
$this->ssp = new \SimpleSAML\Auth\Simple($saml_authsource);
}
return $this->ssp;
}
/**
* Get Userdata from SAML Attributes
* @return void
*/
public function getUserName() {
if ($this->_username == null) {
$ssp = $this->get_saml_instance();
$attributes = $this->ssp->getAttributes();
if (!empty($attributes)) {
$saml_uid_mapping = $this->get('saml_uid_mapping', null, null, 'uid');
if (array_key_exists($saml_uid_mapping , $attributes) && !empty($attributes[$saml_uid_mapping])) {
$username = $attributes[$saml_uid_mapping][0];
$this->setUsername($username);
}
}
}
return $this->_username;
}
public function getUserCommonName() {
$name = '';
$ssp = $this->get_saml_instance();
$attributes = $this->ssp->getAttributes();
if (!empty($attributes)) {
$saml_name_mapping = $this->get('saml_name_mapping', null, null, 'cn');
if (array_key_exists($saml_name_mapping , $attributes) && !empty($attributes[$saml_name_mapping])) {
$name = $attributes[$saml_name_mapping][0];
}
}
return $name;
}
public function getUserMail() {
$mail = '';
$ssp = $this->get_saml_instance();
$attributes = $this->ssp->getAttributes();
if (!empty($attributes)) {
$saml_mail_mapping = $this->get('saml_mail_mapping', null, null, 'mail');
if (array_key_exists($saml_mail_mapping , $attributes) && !empty($attributes[$saml_mail_mapping])) {
$mail = $attributes[$saml_mail_mapping][0];
}
}
return $mail;
}
}`
I try to use your plugin with LS Version 3.19.3+191023.
I installed simplesamlPHP as SP inside LS (https://survey.occitanie-en-scene.fr/simplesaml). This SP works well and correctly connects with our IDP. With a direct connect on simplsaml SP page I obtain all my attributes.
After that I installed and activated your login, after changing the path of my SP with the correct path.
SAML connection with our IDP seems to work, and user is created on Limesurvey table.
But it's impossible to access to the back office, with a problem like "too many redirects".
Any idea to solve this issue ?
And many thanks for your work !
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.