mirror of https://github.com/MISP/MISP
Merge pull request #1549 from ppanero/shibbsso
warining due to session start fixed, warning due to org assigment wh…pull/1550/head
commit
5bb79549e9
|
@ -3,7 +3,9 @@
|
|||
App::uses('BaseAuthenticate', 'Controller/Component/Auth');
|
||||
App::uses('RandomTool', 'Tools');
|
||||
|
||||
session_start();
|
||||
if (session_status() == PHP_SESSION_NONE) {
|
||||
session_start();
|
||||
}
|
||||
session_regenerate_id();
|
||||
/*
|
||||
* custom class for Apache-based authentication
|
||||
|
@ -95,7 +97,10 @@ class ApacheShibbAuthenticate extends BaseAuthenticate {
|
|||
|
||||
//Get user role from its list of groups
|
||||
list($roleChanged, $roleId) = $this->getUserRoleFromGroup($groupTag, $groupRoleMatching, $roleId);
|
||||
if($roleId < 0) return false; //Deny if the user is not in any egroup
|
||||
if($roleId < 0) {
|
||||
CakeLog::write('error', 'No role was assigned, no egorup matched the configuration.');
|
||||
return false; //Deny if the user is not in any egroup
|
||||
}
|
||||
|
||||
// Database model object
|
||||
$userModel = ClassRegistry::init($this->settings['userModel']);
|
||||
|
@ -209,7 +214,6 @@ class ApacheShibbAuthenticate extends BaseAuthenticate {
|
|||
'conditions' => array('name' => $org),
|
||||
)
|
||||
);
|
||||
$orgId = $orgAux['Organisation']['id'];
|
||||
if ($orgAux == null) {
|
||||
$organisations = new Organisation();
|
||||
$orgUserId = 1; //By default created by the admin
|
||||
|
@ -217,6 +221,7 @@ class ApacheShibbAuthenticate extends BaseAuthenticate {
|
|||
$orgId = $organisations->createOrgFromName($org, $orgUserId, 0); //Created with local set to 0 by default
|
||||
CakeLog::write('info', "User organisation ${org} created with id ${orgId}.");
|
||||
} else {
|
||||
$orgId = $orgAux['Organisation']['id'];
|
||||
CakeLog::write('info', "User organisation ${org} found with id ${orgId}.");
|
||||
}
|
||||
return $orgId;
|
||||
|
|
|
@ -18,8 +18,7 @@ Uncomment the following line to enable SSO authorization
|
|||
'auth'=>array('ShibbAuth.ApacheShibb'),
|
||||
```
|
||||
|
||||
And configure it. apacheEnv ans ssoAuth are parametert that come by default which values should not be changed unless
|
||||
it is explicitly needed. MailTag, OrgTag and GroupTag are the string that represent the key for the values needed by the plugin.
|
||||
And configure it. MailTag, OrgTag and GroupTag are the string that represent the key for the values needed by the plugin.
|
||||
For example if you are using ADFS OrgTag will be ADFS_FEDERATION, GroupTag will be ADFS_GROUP, etc. meaning the key for the values needed.
|
||||
DefaultRoleId and DefaultOrg are values that come by default just in case they are not defined or obtained from the environment variables.
|
||||
The GroupRoleMatching is an array that allows the definition and correlation between groups and roles in MISP, being them updated
|
||||
|
@ -30,18 +29,15 @@ in the list given by apache.
|
|||
```php
|
||||
'ApacheShibbAuth' => // Configuration for shibboleth authentication
|
||||
array(
|
||||
'apacheEnv' => 'REMOTE_USER', // If proxy variable = HTTP_REMOTE_USER
|
||||
'ssoAuth' => 'AUTH_TYPE',
|
||||
'MailTag' => 'EMAIL_TAG',
|
||||
'OrgTag' => 'FEDERATION_TAG',
|
||||
'GroupTag' => 'GROUP_TAG',
|
||||
'GroupSeparator' => ';',
|
||||
'GroupTag' => 'GROUP_TAG',
|
||||
'GroupSeparator' => ';',
|
||||
'GroupRoleMatching' => array( // 3:User, 1:admin. May be good to set "1" for the first user
|
||||
'group_three' => '3',
|
||||
'group_two' => 2,
|
||||
'group_one' => 1,
|
||||
'group_two' => 2,
|
||||
'group_one' => 1,
|
||||
),
|
||||
'DefaultRoleId' => 3,
|
||||
'DefaultOrg' => 'DEFAULT_ORG',
|
||||
),
|
||||
```
|
||||
|
|
Loading…
Reference in New Issue