From fe43d8698632cfc399855d0e3b6f09c4be9b0a5c Mon Sep 17 00:00:00 2001 From: Julio Montoya Date: Wed, 12 Sep 2018 15:45:46 +0200 Subject: [PATCH] Remove sso code should be replaced with HWIOAuthBundle #2645 --- app/Migrations/Schema/V200/Version20.php | 4 +- main/auth/sso/SsoServer.php | 60 ---- main/auth/sso/sso.Drupal.class.php | 298 ----------------- main/auth/sso/sso.class.php | 301 ------------------ main/auth/sso/sso_server_test.php | 105 ------ main/inc/lib/api.lib.php | 67 ---- main/inc/lib/display.lib.php | 23 -- main/inc/lib/template.lib.php | 3 - .../Manager/SettingsManager.php | 6 - 9 files changed, 2 insertions(+), 865 deletions(-) delete mode 100644 main/auth/sso/SsoServer.php delete mode 100755 main/auth/sso/sso.Drupal.class.php delete mode 100755 main/auth/sso/sso.class.php delete mode 100755 main/auth/sso/sso_server_test.php diff --git a/app/Migrations/Schema/V200/Version20.php b/app/Migrations/Schema/V200/Version20.php index 588271e782c..aa18edae10a 100644 --- a/app/Migrations/Schema/V200/Version20.php +++ b/app/Migrations/Schema/V200/Version20.php @@ -450,12 +450,12 @@ public function up(Schema $schema) 'openid_authentication', //'platform_charset', 'shibboleth_description', - /*'sso_authentication', + 'sso_authentication', 'sso_authentication_domain', 'sso_authentication_auth_uri', 'sso_authentication_unauth_uri', 'sso_authentication_protocol', - 'sso_force_redirect',*/ + 'sso_force_redirect', ]; foreach ($settings as $setting) { diff --git a/main/auth/sso/SsoServer.php b/main/auth/sso/SsoServer.php deleted file mode 100644 index eb3fb6177dc..00000000000 --- a/main/auth/sso/SsoServer.php +++ /dev/null @@ -1,60 +0,0 @@ - $userInfo['username'], - 'secret' => sha1($userInfo['password']), - 'master_domain' => $chamiloUrl, - 'master_auth_uri' => $chamiloUrl.'?submitAuth=true', - 'lifetime' => time() + 3600, - 'target' => $refererSso, - ]; - - if (!empty($additionalParams)) { - foreach ($additionalParams as $key => $value) { - if (!empty($key)) { - $sso[$key] = $value; - - continue; - } - - $sso[] = $value; - } - } - - $cookie = base64_encode(serialize($sso)); - - return $refererSso - .($getParams ? '&' : '?') - .http_build_query([ - 'loginFailed' => 0, - 'sso_referer' => $refererSso, - 'sso_cookie' => $cookie, - ]); - } -} diff --git a/main/auth/sso/sso.Drupal.class.php b/main/auth/sso/sso.Drupal.class.php deleted file mode 100755 index 497b117fefc..00000000000 --- a/main/auth/sso/sso.Drupal.class.php +++ /dev/null @@ -1,298 +0,0 @@ -protocol = api_get_setting('sso_authentication_protocol'); - // There can be multiple domains, so make sure to take only the first - // This might be later extended with a decision process - $domains = preg_split('/,/', api_get_setting('sso_authentication_domain')); - $this->domain = trim($domains[0]); - $this->auth_uri = api_get_setting('sso_authentication_auth_uri'); - $this->deauth_uri = api_get_setting('sso_authentication_unauth_uri'); - //cut the string to avoid recursive URL construction in case of failure - $this->referer = $this->protocol.$_SERVER['HTTP_HOST'].substr($_SERVER['REQUEST_URI'], 0, strpos($_SERVER['REQUEST_URI'], 'sso')); - $this->deauth_url = $this->protocol.$this->domain.$this->deauth_uri; - $this->master_url = $this->protocol.$this->domain.$this->auth_uri; - $this->referrer_uri = base64_encode($_SERVER['REQUEST_URI']); - $this->target = api_get_path(WEB_PATH); - } - - /** - * Unlogs the user from the remote server. - */ - public function logout() - { - // no_redirect means Drupal sent the signal to logout. When redirecting to Drupal, the $_GET['stop'] param is - // set to 1, to allow Drupal to know that this is it, the logout is already done in Chamilo and there's no - // need to do it again - if (empty($_GET['no_redirect'])) { - header('Location: '.$this->deauth_url.'&stop=1'); - } else { - header('Location: '.$this->protocol.$this->domain); - } - exit; - } - - /** - * Sends the user to the master URL for a check of active connection. - */ - public function ask_master() - { - // Generate a single usage token that must be encoded by the master - $_SESSION['sso_challenge'] = api_generate_password(48); - // Redirect browser to the master URL - $params = ''; - if (empty($_GET['no_redirect'])) { - $params = 'sso_referer='.urlencode($this->referer). - '&sso_target='.urlencode($this->target). - '&sso_challenge='.urlencode($_SESSION['sso_challenge']). - '&sso_ruri='.urlencode($this->referrer_uri); - if (strpos($this->master_url, "?") === false) { - $params = "?{$params}"; - } else { - $params = "&{$params}"; - } - } - header('Location: '.$this->master_url.$params); - exit; - } - - /** - * Validates the received active connection data with the database. - * - * @return null|false Return the loginFailed variable value to local.inc.php - */ - public function check_user() - { - global $_user; - $loginFailed = false; - - //change the way we recover the cookie depending on how it is formed - $sso = $this->decode_cookie($_GET['sso_cookie']); - - //get token that should have been used and delete it - //from session since it can only be used once - $sso_challenge = ''; - if (isset($_SESSION['sso_challenge'])) { - $sso_challenge = $_SESSION['sso_challenge']; - unset($_SESSION['sso_challenge']); - } - - //lookup the user in the main database - $user_table = Database::get_main_table(TABLE_MAIN_USER); - $sql = "SELECT id, username, password, auth_source, active, expiration_date, status - FROM $user_table - WHERE username = '".trim(Database::escape_string($sso['username']))."'"; - $result = Database::query($sql); - if (Database::num_rows($result) > 0) { - $uData = Database::fetch_array($result); - //Check the user's password - if ($uData['auth_source'] == PLATFORM_AUTH_SOURCE) { - if ($sso['secret'] === sha1($uData['username'].$sso_challenge.api_get_security_key()) - && ($sso['username'] == $uData['username'])) { - //Check if the account is active (not locked) - if ($uData['active'] == '1') { - // check if the expiration date has not been reached - if (empty($uData['expiration_date']) or $uData['expiration_date'] > date('Y-m-d H:i:s') or $uData['expiration_date'] == '0000-00-00 00:00:00') { - //If Multiple URL is enabled - if (api_get_multiple_access_url()) { - //Check the access_url configuration setting if the user is registered in the access_url_rel_user table - //Getting the current access_url_id of the platform - $current_access_url_id = api_get_current_access_url_id(); - // my user is subscribed in these - //sites: $my_url_list - $my_url_list = api_get_access_url_from_user($uData['id']); - } else { - $current_access_url_id = 1; - $my_url_list = [1]; - } - - $my_user_is_admin = UserManager::is_admin($uData['id']); - - if ($my_user_is_admin === false) { - if (is_array($my_url_list) && count($my_url_list) > 0) { - if (in_array($current_access_url_id, $my_url_list)) { - // the user has permission to enter at this site - $_user['user_id'] = $uData['id']; - $_user = api_get_user_info($_user['user_id']); - $_user['uidReset'] = true; - Session::write('_user', $_user); - Event::eventLogin($_user['user_id']); - // Redirect to homepage - $sso_target = ''; - if (!empty($sso['ruri'])) { - //The referrer URI is *only* used if - // the user credentials are OK, which - // should be protection enough - // against evil URL spoofing... - $sso_target = api_get_path(WEB_PATH).base64_decode($sso['ruri']); - } else { - $sso_target = isset($sso['target']) ? $sso['target'] : api_get_path(WEB_PATH).'index.php'; - } - header('Location: '.$sso_target); - exit; - } else { - // user does not have permission for this site - $loginFailed = true; - Session::erase('_uid'); - header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=access_url_inactive'); - exit; - } - } else { - // there is no URL in the multiple - // urls list for this user - $loginFailed = true; - Session::erase('_uid'); - header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=access_url_inactive'); - exit; - } - } else { - //Only admins of the "main" (first) Chamilo - // portal can login wherever they want - if (in_array(1, $my_url_list)) { - //Check if this admin is admin on the - // principal portal - $_user['user_id'] = $uData['id']; - $_user = api_get_user_info($_user['user_id']); - $is_platformAdmin = $uData['status'] == COURSEMANAGER; - Session::write('is_platformAdmin', $is_platformAdmin); - Session::write('_user', $_user); - Event::eventLogin($_user['user_id']); - } else { - //Secondary URL admin wants to login - // so we check as a normal user - if (in_array($current_access_url_id, $my_url_list)) { - $_user['user_id'] = $uData['user_id']; - $_user = api_get_user_info($_user['user_id']); - Session::write('_user', $_user); - Event::eventLogin($_user['user_id']); - } else { - $loginFailed = true; - Session::erase('_uid'); - header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=access_url_inactive'); - exit; - } - } - } - } else { - // user account expired - $loginFailed = true; - Session::erase('_uid'); - header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=account_expired'); - exit; - } - } else { - //User not active - $loginFailed = true; - Session::erase('_uid'); - header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=account_inactive'); - exit; - } - } else { - //SHA1 of password is wrong - $loginFailed = true; - Session::erase('_uid'); - header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=wrong_password'); - exit; - } - } else { - //Auth_source is wrong - $loginFailed = true; - Session::erase('_uid'); - header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=wrong_authentication_source'); - exit; - } - } else { - //No user by that login - $loginFailed = true; - Session::erase('_uid'); - header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=user_not_found'); - exit; - } - - return $loginFailed; - } - - /** - * Generate the URL for profile editing for a any user or the current user. - * - * @param int $userId Optional. The user id - * @param bool $asAdmin Optional. Whether get the URL for the platform admin - * - * @return string If the URL is obtained return the drupal_user_id. Otherwise return false - */ - public function generateProfileEditingURL($userId = 0, $asAdmin = false) - { - $userId = intval($userId); - - if (empty($userId)) { - $userId = api_get_user_id(); - } - - $userExtraFieldValue = new ExtraFieldValue('user'); - $drupalUserIdData = $userExtraFieldValue->get_values_by_handler_and_field_variable( - $userId, - 'drupal_user_id' - ); - - // If this is an administrator, allow him to make some changes in - // the Chamilo profile - if ($asAdmin && api_is_platform_admin(true)) { - return api_get_path(WEB_CODE_PATH)."admin/user_edit.php?user_id=$userId"; - } - // If the user doesn't match a Drupal user, give the normal profile - // link - if ($drupalUserIdData === false) { - return api_get_path(WEB_CODE_PATH).'auth/profile.php'; - } - // In all other cases, generate a link to the Drupal profile edition - $drupalUserId = $drupalUserIdData['value']; - $url = "{$this->protocol}{$this->domain}/user/{$drupalUserId}/edit"; - - return $url; - } - - /** - * Decode the cookie (this function may vary depending on the - * Single Sign On implementation. - * - * @param string Encoded cookie - * - * @return array Parsed and unencoded cookie - */ - private function decode_cookie($cookie) - { - return unserialize(base64_decode($cookie)); - } -} diff --git a/main/auth/sso/sso.class.php b/main/auth/sso/sso.class.php deleted file mode 100755 index 46e3d8d9236..00000000000 --- a/main/auth/sso/sso.class.php +++ /dev/null @@ -1,301 +0,0 @@ -protocol = api_get_setting('sso_authentication_protocol'); - // There can be multiple domains, so make sure to take only the first - // This might be later extended with a decision process - $domains = explode(',', api_get_setting('sso_authentication_domain')); - $this->domain = trim($domains[0]); - $this->auth_uri = api_get_setting('sso_authentication_auth_uri'); - $this->deauth_uri = api_get_setting('sso_authentication_unauth_uri'); - //cut the string to avoid recursive URL construction in case of failure - $this->referer = $this->protocol.$_SERVER['HTTP_HOST'].substr($_SERVER['REQUEST_URI'], 0, strpos($_SERVER['REQUEST_URI'], 'sso')); - $this->deauth_url = $this->protocol.$this->domain.$this->deauth_uri; - $this->master_url = $this->protocol.$this->domain.$this->auth_uri; - $this->referrer_uri = base64_encode($_SERVER['REQUEST_URI']); - $this->target = api_get_path(WEB_PATH); - } - - /** - * Unlogs the user from the remote server. - */ - public function logout() - { - header('Location: '.$this->deauth_url); - exit; - } - - /** - * Sends the user to the master URL for a check of active connection. - */ - public function ask_master() - { - $tempKey = api_generate_password(32); - $params = 'sso_referer='.urlencode($this->referer). - '&sso_target='.urlencode($this->target). - '&sso_challenge='.$tempKey. - '&sso_ruri='.urlencode($this->referrer_uri); - Session::write('tempkey', $tempKey); - if (strpos($this->master_url, "?") === false) { - $params = "?$params"; - } else { - $params = "&$params"; - } - header('Location: '.$this->master_url.$params); - exit; - } - - /** - * Validates the received active connection data with the database. - * - * @return bool Return the loginFailed variable value to local.inc.php - */ - public function check_user() - { - global $_user; - $loginFailed = false; - //change the way we recover the cookie depending on how it is formed - $sso = $this->decode_cookie($_GET['sso_cookie']); - - //error_log('check_user'); - //error_log('sso decode cookie: '.print_r($sso,1)); - - //lookup the user in the main database - $user_table = Database::get_main_table(TABLE_MAIN_USER); - $sql = "SELECT user_id, username, password, auth_source, active, expiration_date, status - FROM $user_table - WHERE username = '".trim(Database::escape_string($sso['username']))."'"; - $result = Database::query($sql); - if (Database::num_rows($result) > 0) { - //error_log('user exists'); - $uData = Database::fetch_array($result); - //Check the user's password - if ($uData['auth_source'] == PLATFORM_AUTH_SOURCE) { - //This user's authentification is managed by Chamilo itself - // check the user's password - // password hash comes already parsed in sha1, md5 or none - - /* - error_log($sso['secret']); - error_log($uData['password']); - error_log($sso['username']); - error_log($uData['username']); - */ - global $_configuration; - // Two possible authentication methods here: legacy using password - // and new using a temporary, session-fixed, tempkey - if (( - $sso['username'] == $uData['username'] - && $sso['secret'] === sha1( - $uData['username']. - Session::read('tempkey'). - $_configuration['security_key'] - ) - ) - or ( - ($sso['secret'] === sha1($uData['password'])) - && ($sso['username'] == $uData['username']) - ) - ) { - //error_log('user n password are ok'); - //Check if the account is active (not locked) - if ($uData['active'] == '1') { - // check if the expiration date has not been reached - if (empty($uData['expiration_date']) - or $uData['expiration_date'] > date('Y-m-d H:i:s') - or $uData['expiration_date'] == '0000-00-00 00:00:00') { - //If Multiple URL is enabled - if (api_get_multiple_access_url()) { - //Check the access_url configuration setting if - // the user is registered in the access_url_rel_user table - //Getting the current access_url_id of the platform - $current_access_url_id = api_get_current_access_url_id(); - // my user is subscribed in these - //sites: $my_url_list - $my_url_list = api_get_access_url_from_user($uData['user_id']); - } else { - $current_access_url_id = 1; - $my_url_list = [1]; - } - - $my_user_is_admin = UserManager::is_admin($uData['user_id']); - - if ($my_user_is_admin === false) { - if (is_array($my_url_list) && count($my_url_list) > 0) { - if (in_array($current_access_url_id, $my_url_list)) { - // the user has permission to enter at this site - $_user['user_id'] = $uData['user_id']; - $_user = api_get_user_info($_user['user_id']); - $_user['uidReset'] = true; - Session::write('_user', $_user); - Event::eventLogin($_user['user_id']); - // Redirect to homepage - $sso_target = ''; - if (!empty($sso['ruri'])) { - //The referrer URI is *only* used if - // the user credentials are OK, which - // should be protection enough - // against evil URL spoofing... - $sso_target = api_get_path(WEB_PATH).base64_decode($sso['ruri']); - } else { - $sso_target = isset($sso['target']) ? $sso['target'] : api_get_path(WEB_PATH).'index.php'; - } - header('Location: '.$sso_target); - exit; - } else { - // user does not have permission for this site - $loginFailed = true; - Session::erase('_uid'); - header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=access_url_inactive'); - exit; - } - } else { - // there is no URL in the multiple - // urls list for this user - $loginFailed = true; - Session::erase('_uid'); - header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=access_url_inactive'); - exit; - } - } else { - //Only admins of the "main" (first) Chamilo - // portal can login wherever they want - if (in_array(1, $my_url_list)) { - //Check if this admin is admin on the - // principal portal - $_user['user_id'] = $uData['user_id']; - $_user = api_get_user_info($_user['user_id']); - $is_platformAdmin = $uData['status'] == COURSEMANAGER; - Session::write('is_platformAdmin', $is_platformAdmin); - Session::write('_user', $_user); - Event::eventLogin($_user['user_id']); - } else { - //Secondary URL admin wants to login - // so we check as a normal user - if (in_array($current_access_url_id, $my_url_list)) { - $_user['user_id'] = $uData['user_id']; - $_user = api_get_user_info($_user['user_id']); - Session::write('_user', $_user); - Event::eventLogin($_user['user_id']); - } else { - $loginFailed = true; - Session::erase('_uid'); - header( - 'Location: '.api_get_path(WEB_PATH) - .'index.php?loginFailed=1&error=access_url_inactive' - ); - exit; - } - } - } - } else { - // user account expired - $loginFailed = true; - Session::erase('_uid'); - header( - 'Location: '.api_get_path(WEB_PATH) - .'index.php?loginFailed=1&error=account_expired' - ); - exit; - } - } else { - //User not active - $loginFailed = true; - Session::erase('_uid'); - header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=account_inactive'); - exit; - } - } else { - //SHA1 of password is wrong - $loginFailed = true; - Session::erase('_uid'); - header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=wrong_password'); - exit; - } - } else { - //Auth_source is wrong - $loginFailed = true; - Session::erase('_uid'); - header( - 'Location: '.api_get_path(WEB_PATH) - .'index.php?loginFailed=1&error=wrong_authentication_source' - ); - exit; - } - } else { - //No user by that login - $loginFailed = true; - Session::erase('_uid'); - header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=user_not_found'); - exit; - } - - return $loginFailed; - } - - /** - * Generate the URL for profile editing for a any user or the current user. - * - * @param int $userId Optional. The user id - * @param bool $asAdmin Optional. Whether get the URL for the platform admin - * - * @return string The SSO URL - */ - public function generateProfileEditingURL($userId = 0, $asAdmin = false) - { - $userId = intval($userId); - - if ($asAdmin && api_is_platform_admin(true)) { - return api_get_path(WEB_CODE_PATH)."admin/user_edit.php?user_id=$userId"; - } - - return api_get_path(WEB_CODE_PATH).'auth/profile.php'; - } - - /** - * Decode the cookie (this function may vary depending on the - * Single Sign On implementation. - * - * @param string Encoded cookie - * - * @return array Parsed and unencoded cookie - */ - private function decode_cookie($cookie) - { - return unserialize(base64_decode($cookie)); - } -} diff --git a/main/auth/sso/sso_server_test.php b/main/auth/sso/sso_server_test.php deleted file mode 100755 index 030edc693a7..00000000000 --- a/main/auth/sso/sso_server_test.php +++ /dev/null @@ -1,105 +0,0 @@ - $account['username'], - 'secret' => $account['password'], - 'master_domain' => $my_chamilo_server, - 'master_auth_uri' => $master_auth_uri, - 'lifetime' => time() + 3600, - 'target' => filter_xss($_GET['sso_target']), - ]; - - $cookie = base64_encode(serialize($sso)); - $url = chamilo_sso_protocol().$master_auth_uri; - $params = 'sso_referer='.urlencode($url).'&sso_cookie='.urlencode($cookie); - $final_url = filter_xss($_GET['sso_referer']).'?'.$params; - - //If your user exists redirect to chamilo and set the account in a session to check it later - $_SESSION['my_server_user_session'] = $account; - - //3. After validating the user in the server and getting and setting the user data of chamilo in the sso_cookie variable: - // Redirect to this URL - header('Location: '.$final_url); - exit; - } else { - echo '

Wrong parameters

'; - } -} - -if (isset($_POST['logout'])) { - //echo do something to logout -} - -function validate_user($user, $pass) -{ - return true; -} -function filter_xss($val) -{ - //do some cleaning - return $val; -} - -function chamilo_sso_protocol() -{ - //get the sso_protocol from chamilo using webservices - return 'http://'; -} -?> - -
- User - Pass - -
- diff --git a/main/inc/lib/api.lib.php b/main/inc/lib/api.lib.php index b9eb28cf9bd..ffe1dc84363 100644 --- a/main/inc/lib/api.lib.php +++ b/main/inc/lib/api.lib.php @@ -2414,30 +2414,6 @@ function api_check_password($password) return $isPasswordOk; } -/** - * Clears the user ID from the session if it was the anonymous user. Generally - * used on out-of-tools pages to remove a user ID that could otherwise be used - * in the wrong context. - * This function is to be used in conjunction with the api_set_anonymous() - * function to simulate the user existence in case of an anonymous visit. - * - * @param bool database check switch - passed to api_is_anonymous() - * - * @return bool true if succesfully unregistered, false if not anonymous - */ -function api_clear_anonymous($db_check = false) -{ - global $_user; - if (api_is_anonymous($_user['user_id'], $db_check)) { - unset($_user['user_id']); - Session::erase('_uid'); - - return true; - } - - return false; -} - /** * Returns the status string corresponding to the status code. * @@ -2461,41 +2437,6 @@ function get_status_from_code($status_code) } } -/** - * Sets the current user as anonymous if it hasn't been identified yet. This - * function should be used inside a tool only. The function api_clear_anonymous() - * acts in the opposite direction by clearing the anonymous user's data every - * time we get on a course homepage or on a neutral page (index, admin, my space). - * - * @return bool true if set user as anonymous, false if user was already logged in or anonymous id could not be found - */ -function api_set_anonymous() -{ - return false; - - global $_user; - - if (!empty($_user['user_id'])) { - return false; - } - - $user_id = api_get_anonymous_id(); - if ($user_id == 0) { - return false; - } - - if (isset($_user['is_anonymous'])) { - return false; - } - - Session::erase('_user'); - $_user['user_id'] = $user_id; - $_user['is_anonymous'] = true; - $GLOBALS['_user'] = $_user; - Session::write('_user', $_user); - - return true; -} /** * Gets the current Chamilo (not PHP/cookie) session ID. @@ -2789,7 +2730,6 @@ function api_get_setting($variable) // deprecated settings // no break case 'openid_authentication': - case 'sso_authentication': case 'service_ppt2lp': case 'add_cas_login_button_cas_button_label': case 'add_cas_login_button_cas_button_comment': @@ -3791,13 +3731,6 @@ function api_not_allowed( $response->send(); exit; - if (api_get_setting('sso_authentication') === 'true') { - global $osso; - if ($osso) { - $osso->logout(); - } - } - $home_url = api_get_path(WEB_PATH); $user_id = api_get_user_id(); $course = api_get_course_id(); diff --git a/main/inc/lib/display.lib.php b/main/inc/lib/display.lib.php index eebcfcdc0d1..8c507d62944 100755 --- a/main/inc/lib/display.lib.php +++ b/main/inc/lib/display.lib.php @@ -2394,29 +2394,6 @@ public static function getProfileEditionLink($userId, $asAdmin = false) $editProfileUrl = api_get_path(WEB_CODE_PATH)."admin/user_edit.php?user_id=".intval($userId); } - if (api_get_setting('sso_authentication') === 'true') { - $subSSOClass = api_get_setting('sso_authentication_subclass'); - $objSSO = null; - - if (!empty($subSSOClass)) { - $file = api_get_path(SYS_CODE_PATH)."auth/sso/sso.$subSSOClass.class.php"; - if (file_exists($file)) { - require_once $file; - $subSSOClass = 'sso'.$subSSOClass; - $objSSO = new $subSSOClass(); - } else { - throw new Exception("$subSSOClass file not set"); - } - } else { - $objSSO = new sso(); - } - - $editProfileUrl = $objSSO->generateProfileEditingURL( - $userId, - $asAdmin - ); - } - return $editProfileUrl; } diff --git a/main/inc/lib/template.lib.php b/main/inc/lib/template.lib.php index 6281ae3a2e7..bdd2cc2d1c8 100755 --- a/main/inc/lib/template.lib.php +++ b/main/inc/lib/template.lib.php @@ -988,9 +988,6 @@ public function handleLoginFailed() case 'multiple_connection_not_allowed': $message = get_lang('MultipleConnectionsAreNotAllow'); break; - case 'unrecognize_sso_origin': - //$message = get_lang('SSOError'); - break; } } diff --git a/src/SettingsBundle/Manager/SettingsManager.php b/src/SettingsBundle/Manager/SettingsManager.php index 19ed8850d5b..655334c4787 100644 --- a/src/SettingsBundle/Manager/SettingsManager.php +++ b/src/SettingsBundle/Manager/SettingsManager.php @@ -261,11 +261,6 @@ public function getVariablesAndCategories() 'show_link_ticket_notification' => 'Platform', 'course_validation' => 'course', //'course_validation' => 'Platform', 'course_validation_terms_and_conditions_url' => 'Platform', - 'sso_authentication' => 'Security', - 'sso_authentication_domain' => 'Security', - 'sso_authentication_auth_uri' => 'Security', - 'sso_authentication_unauth_uri' => 'Security', - 'sso_authentication_protocol' => 'Security', 'enabled_wiris' => 'Editor', 'allow_spellcheck' => 'Editor', 'force_wiki_paste_as_plain_text' => 'Editor', @@ -409,7 +404,6 @@ public function getVariablesAndCategories() 'hide_certificate_export_link' => 'Gradebook', 'dropbox_hide_course_coach' => 'Tools', 'dropbox_hide_general_coach' => 'Tools', - 'sso_force_redirect' => 'Security', 'session_course_ordering' => 'Session', 'gamification_mode' => 'Platform', 'prevent_multiple_simultaneous_login' => 'Security',