salvamomo / drupalauth Goto Github PK
View Code? Open in Web Editor NEWAutomatically exported from code.google.com/p/drupalauth
Automatically exported from code.google.com/p/drupalauth
If the modules 'simplesamlphp_auth' and 'drupalauth4ssp' are enabled /
activated simultaneously on the same Drupal 7 server then an empty page is
displayed. When I disable one of them or deactivate simplesamlphp_auth then it
works nicely either as an SP or and IdP. But I need both: I want to use it as a
User Register with another Drupal server (i.e. as an IdP) while I want to allow
people to register into this User Register also from external sources such as
Google and Facebook (i.e. as an SP). The User Register uses two separate
SimpleSAMLphp installations, two different MySQL databases, and different
cookies. Of course, the Google/Facebook IdP is based on a third SimpleSAMLphp
installation.
I have found out there are conflicting (redeclared) functions and classes in
'vendor/autoload.php', 'vendor/composer/autoload_real.php',
'simplesamlphp/xmlseclibs/xmlseclibs.php' and 'lib/_autoload_modules.php'.
But I have no idea what the files in the folder 'vendor' do; I have found no
clue in the documentation - is there a way to resolve these conflicts?
Original issue reported on code.google.com by [email protected]
on 21 Feb 2015 at 8:31
What steps will reproduce the problem?
1. Log in as a user on Drupal site
2. Goto site with SAML SP
3. Redirect to Drupal site
4. Notice that you just get the front page and don't get redirected back to SP
site.
The attached patch fixes the issue by hooking into hook_init and if the user is
already logged in ($user->uid != 0), performs the redirect.
Original issue reported on code.google.com by [email protected]
on 22 Dec 2013 at 4:33
Attachments:
Location:
http://idp.saml.net/simplesaml/module.php/drupalauth/resume.php?State=_6a8b4f8b6
12de6d04c64becee5c38bf94efac5ccc6%3Ahttp%3A%2F%2Fidp.saml.net%2Fsimplesaml%2Fsam
l2%2Fidp%2FSSOService.php%3Fspentityid%3Dhttp%253A%252F%252Fsp.saml.net%26cookie
Time%3D1403620133%26RelayState%3Dhttp%253A%252F%252Flocal2.saml.net%252Fsaml_log
in
Message
Notice: Undefined variable: attributes in
sspmod_drupalauth_Auth_Source_External->getUser() (line 294 of
D:\wamp\www\drupal-7-23-idp\simplesaml\modules\drupalauth\lib\Auth\Source\Extern
al.php).
Original issue reported on code.google.com by [email protected]
on 24 Jun 2014 at 2:34
Made 2 Drupal installations - one as parent and other one as child.
Made 2 'SimpleSAMLphp' installations - one as Identity Provider(idp) and other
as Service Provider(sp).
In the parent Drupal 'drupalauth4ssp' module is enabled
Also, in the 'BASIC SETUP' of the parent Drupal, idp path is given in
'Installation directory' and 'drupalauth:External' is given in 'Authentication
source'.
The module 'drupalauth' is enabled in the idp installation.
In the child Drupal 'simplesamlphp_auth' module is enabled.
Also, in the 'BASIC SETUP' of the child Drupal, sp path is given in
'Installation directory' and 'default-sp' is given in 'Authentication source'.
After I login into the parent drupal, when I click 'Federated Log In' to login
in to the child drupal I getting errror page
Unhandled exception
An unhandled exception was thrown.
If you report this error, please also report this tracking number which makes
it possible to locate your session in the logs available to the system
administrator: 44ecfc19f2
Debug information
The debug information below may be of interest to the administrator / help desk:
SimpleSAML_Error_Error: UNHANDLEDEXCEPTION
Backtrace:
0 D:\wamp\www\simplesaml\www\module.php:180 (N/A)
Caused by: SimpleSAML_Error_Exception: User not authenticated after login page.
Backtrace:
2 D:\wamp\www\simplesaml\modules\drupalauth\lib\Auth\Source\External.php:439
(sspmod_drupalauth_Auth_Source_External::resume)
1 D:\wamp\www\simplesaml\modules\drupalauth\www\resume.php:12 (require)
0 D:\wamp\www\simplesaml\www\module.php:135 (N/A)
Original issue reported on code.google.com by [email protected]
on 19 Jun 2014 at 10:06
What steps will reproduce the problem?
1. In the same browser (different tabs), sign into 2 SPs and the IdP.
2. Initiate "Log Out" from the IdP (Drupal 7 Website)
3. You are only logged out from the IdP (Drupal 7 site), not the IdPs.
4. If you initiate "Log Out" from any of the SPs, you are logged out of all 3
SPs and the IdP (Drupal 7 site)
What is the expected output? What do you see instead?
Once logged out of the IdP (Drupal 7 site), I should be able to go to the SP
tabs, and hit "refresh" and be redirected to a login page. That doesn't happen.
I'm able to continue navigating throughout both SPs.
What version of the product are you using? On what operating system?
I'm using the latest version of simpleSAMLphp on the IdP which is running a
Drupal 7 website.
Please provide any additional information below.
Original issue reported on code.google.com by [email protected]
on 19 Mar 2014 at 8:20
Hi, i'm using Drupal 7.22 under Linux, Drupalauth version 1.2.1_1x_7x
I successfully configured the authentication, and custom text fields are passed
correctly to the SP application, but turns out that if i define a field of type
"List (text)" in Drupal the field isn't passed trough the authentication.
I've been working at the file External.php around line 266
Seem that the key 'safe_value' is not in the dictionary
'$userAttrs[$userKey]['und'][0]' but there is a key 'value' instead.
I attach a patch for drupalauth/lib/Auth/Source/External.php .
Original issue reported on code.google.com by [email protected]
on 18 Aug 2013 at 2:47
Attachments:
The issue is that when passing a return to param to the logout() method, the
param is not used.
Here is working code to make that work, the code usses snippets from the drupal
redirect logout module.
drupalauth4ssp.module
// implements hook_user_logout()
function drupalauth4ssp_user_logout($account) {
// Get the configuration information from SimpleSAMLphp
$sspConfig = _drupalauth4ssp_get_simplesamlphp_config();
// If we don't have configuration, exit without doing anything
if (!is_array($sspConfig)) {
// The least we can do is write something to the watchdog so someone will know what's happening.
watchdog('drupalauth4ssp', 'Could not use drupalauth for %name, could not get the SimpleSAMLphp configuration.', array('%name' => $user->name));
return;
}
// Delete the cookie
setcookie($sspConfig['cookie_name'], "", time() - 3600 , $sspConfig['baseurlpath']);
// if the ReturnTo URL is present, send the user to the URL
if (isset($_GET['ReturnTo']) && $_GET['ReturnTo']) {
$destination = &drupal_static(__FUNCTION__);
$destination = $_GET['ReturnTo'];
}
}
/**
* Implements hook_drupal_goto_alter().
*/
function drupalauth4ssp_drupal_goto_alter(&$path, &$options,
&$http_response_code) {
$destination = &drupal_static('drupalauth4ssp_user_logout');
if (!$path && $destination) {
drupal_goto($destination);
}
}
And here is the code change for External.php
/**
* This function is called when the user start a logout operation, for example
* by logging out of a SP that supports single logout.
*
* @param array &$state The logout state array.
*/
public function logout(&$state) {
assert('is_array($state)');
if (!session_id()) {
/* session_start not called before. Do it here. */
session_start();
}
/*
* In this example we simply remove the 'uid' from the session.
*/
unset($_SESSION['uid']);
// Added armor plating, just in case
if (isset($_COOKIE[$this->cookie_name])) {
setcookie($this->cookie_name, "", time() - 3600, $this->cookie_path);
}
if (isset($state['ReturnTo'])) {
SimpleSAML_Utilities::redirect($this->drupal_logout_url, array(
'ReturnTo' => $state['ReturnTo'],
));
}
else {
/*
* Redirect the user to the Drupal logout page
*/
header('Location: ' . $this->drupal_logout_url);
}
die;
}
Original issue reported on code.google.com by [email protected]
on 16 May 2014 at 5:34
What steps will reproduce the problem?
1. Log out on Drupal site directly
2. Go to WordPress site, which has SLO support
3. Still logged into WordPress because WordPress is on it's own installation of
SSP, not the same one as the IdP.
What is the expected output? What do you see instead?
Expected to get logged out of WP. In other words, $as->isAuthenticated() should
fail.
What version of the product are you using? On what operating system?
Latest version. Configured and working on Drupal site.
Please provide any additional information below.
Not logging into Drupal site with SSP because it *is* the IdP. But I can set up
an SP for it as long as this won't make it too hard for things to work for my
existing Drupal users.
Original issue reported on code.google.com by kevin.kaland
on 15 Dec 2012 at 10:14
There is a serious security issue with the Drupal integration in simplesamlphp.
The function "getUser()" which returns the attributes for the current user
picks the Drupal User ID "uid" from a Cookie which obviously passes through the
client machine. There is nothing stopping a suitable engineered client from
changing the uid in the Cookie to be any user. Thus the client could acquire
single sign on credentials for any Drupal user whatsoever by manipulating the
Cookie so that when a single sign on transaction is started the client machine
gets logged in to the requesting server as that other user rather that as the
currently logged in Drupal user.
There is a very straightforward alternative which is to fetch the credentials
for the currently logged in Drupal user in
simplesamlphp/modules/drupalauth/lib/Auth/Source/External.php ...
Pseudo code...
global $user;
...
$drupaluid = $user->uid;
...
$drupaluser = user_load($drupaluid);
I have also added "chdir(DRUPAL_ROOT)" in two places as, at least in Drupal 6,
Drupal generates errors if it is called with the wrong working directory.
"chdir($a)" changes back the working directory after the call.
The code to fix the above issues is in the attached new version of
simplesamlphp/modules/drupalauth/lib/Auth/Source/External.php and, as an
alternative, a patch "External.php.patch" to apply the change.
Alan Barrett
Original issue reported on code.google.com by [email protected]
on 4 Nov 2013 at 4:35
Attachments:
What steps will reproduce the problem?
It is not possible to provide a language parameter from SP to IdP, because
drupalauth module will always redirect user to /user path of the IdP Drupal.
What is the expected output? What do you see instead?
Login is always in default language. It would be nice to have it in the same
language as in SP when user starts the login process.
What version of the product are you using? On what operating system?
Latest code on Drupal 7.30.
Please provide any additional information below.
Below is a fix for both simplesamlphp and drupal modules. A language url
parameter can be passed from SP to IdP and it will be stored in session. IdP
Drupal needs to have the language negotiation set to session with "language" as
parameter name.
Add this to drupalauth4ssp.module
/**
* Implements hook_init().
*/
function drupalauth4ssp_init() {
// Store language to session from URL if set
if (isset($_GET['language'])) {
$_SESSION['language'] = $_GET['language'];
}
// Store destination to session from URL if set
if (isset($_GET['destination'])) {
$_SESSION['destination'] = $_GET['destination'];
}
}
And this to External.php:
// If language is set, then append it to URL so that Drupal can react
if (isset($_GET['language'])) {
$authPage = $authPage . '&language=' . $_GET['language'];
}
Original issue reported on code.google.com by [email protected]
on 21 Aug 2014 at 12:32
What steps will reproduce the problem?
1. Use a SP
2. Call the $as->logout(array('ReturnTo' => $url)); method.
What is the expected output? What do you see instead?
Afther being logged out of saml and drupal, you would expect to be redirected
to the $url provided in the logout() method as described in
https://simplesamlphp.org/docs/stable/simplesamlphp-sp-api#section_5
What version of the product are you using? On what operating system?
Drupal 7, simpleSAMLphp latest.
Please provide any additional information below.
Original issue reported on code.google.com by [email protected]
on 15 May 2014 at 1:38
What steps will reproduce the problem?
1. In SP, click 'Test authentication resources' > 'drupal-userpass'
2. Login (E.g. admin credentials)
What is the expected output? What do you see instead?
Expected output = redirect to Drupal SP page and login over there
I see = White screen at simplesaml/module.php/core/loginuserpass.php
What version of the product are you using? On what operating system?
Latest version
Ubuntu
Please provide any additional information below.
I wonder if the problem could be caused by a misconfiguration on the Idp.
However, I'm not sure about this. Therefore I would like to know if this
behaviour is 'normal'. Why does the drupalauth module doesn't send a redirect?
Regards,
W
Original issue reported on code.google.com by [email protected]
on 5 Aug 2011 at 7:53
It would be nice if this recorded login events (success or failure) to the
Drupal watchdog. It would also be good if it updated the user's last login
information as well.
Original issue reported on code.google.com by [email protected]
on 1 Jun 2012 at 1:56
What steps will reproduce the problem?
1. Login to Drupal with acct1
2. Go to /user/acct2 (view the user profile, etc)
3. Initiate a drupalauth-based SAML login to your Service Provider
4. You will be logged in NOT as the currently authenticated session, but as the
user you viewed.
We are using 7.x-1.0.
It looks like this is the responsible piece of code:
// implements hook_user_view()
function drupalauth4ssp_user_view($account, $view_mode, $langcode) {
_drupalauth4ssp_exec($account);
}
Commenting this out fixed the issue for us.
What reason could there be for setting the user cookie on user view?!
Wouldn't it be much safer just to rely on the native SESS* cookie, that already
relates to the authenticated user session?
Original issue reported on code.google.com by [email protected]
on 13 Dec 2013 at 5:47
In the simpleSAMLphp installation page, I clicked on the Authentication tab to
test the drupalauth connection. I entered a username and password for an
account in the site and got the following error message on a white screen:
Call to undefined function entity_load() in
/home/sitename/public_html/modules/user/user.module on line 287
Original issue reported on code.google.com by [email protected]
on 1 Oct 2012 at 7:51
1.)
Notice: Use of undefined constant DRUPAL_ROOT - assumed 'DRUPAL_ROOT' in
/simplesamlphp/modules/drupalauth/lib/Auth/Source/UserPass.php on line 107
To fix change line 107 from
define(DRUPAL_ROOT, $drupalAuthConfig->getDrupalroot());
to
define('DRUPAL_ROOT', $drupalAuthConfig->getDrupalroot());
2.)
Strict standards: Creating default object from empty value in
/var/www/bloodhound/simplesamlphp/modules/drupalauth/lib/Auth/Source/UserPass.ph
p on line 119
to fix add the following below line 118
if(!is_object($user)){
$user = new stdClass();
}
so that:
global $user;
$user->uid = 0;
becomes:
global $user;
if(!is_object($user)){
$user = new stdClass();
}
$user->uid = 0;
Original issue reported on code.google.com by [email protected]
on 19 Apr 2012 at 11:02
The Drupal Module "drupalauth4ssp" does not work with Drupal 6 (user hooks not
triggered).
To make it work a new "hook" function drupalauth4ssp_user(...) needs to be
added to
simplesamlphp/modules/drupalauth/drupal_module/drupalauth4ssp/drupalauth4ssp.mod
ule .
The user hook functions in drupalauth4ssp.module are only triggered in Drupal
7, but are not triggered in Drupal 6.
drupalauth4ssp_user(...) provides the equivalent functionality for Drupal 6.
Since the "user" hook does not seem to be triggered in Drupal 7, it does not
seem to be an issue to leave that function in the Drupal 7 version (in other
words it would seem that the module with that function added will work with
both Drupal 6 and 7).
Attached is an updated drupalauth4ssp.module and, as an alternative, a patch
"drupalauth4ssp.module.patch" to apply the change.
Alan Barrett
Original issue reported on code.google.com by [email protected]
on 4 Nov 2013 at 4:37
Attachments:
How does this work in a multi-site environment when you have multiple websites
under the same Drupal installation and you only want one of them to be
authenticated against?
Original issue reported on code.google.com by [email protected]
on 1 Apr 2011 at 1:23
I noticed that only the first value of multi-value fields is used.
The attached patch adds support for multi-value fields.
Original issue reported on code.google.com by [email protected]
on 10 Nov 2013 at 7:34
Attachments:
1. Configure drupalauth + drupalauth4ssp
2. In simplesaml config.php file, set up baseurlpath to any valid URL
(http://...)
Logins do not work, because the cookie path that drupal module is trying to set
will equal to /http://... as per following code:
// get the baseurlpath
$config['baseurlpath'] = '/' . $sspConfig->getValue('baseurlpath');
Original issue reported on code.google.com by [email protected]
on 26 Nov 2013 at 10:27
You currently are unable to use the same user field for multiple SAML
attributes. If you do this then only the last SAML attribute will be set. This
occurs because of the array handling in the loop on line 239 of
lib/auth/source/External.php.
The use case of this is passing the user email field as the email attribute and
the username attribute for Salesforce, which wants an email for the username
field.
Patch attached.
Original issue reported on code.google.com by [email protected]
on 6 Sep 2013 at 7:15
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.