Permalink
Browse files

this file now does the authentication and doesnt use Shibboleth lazy …

…sessions anymore for

various reasons, including security
  • Loading branch information...
1 parent b0e1220 commit a70d959a71681840894c55ddd147c75ad93ed1ed exe-cutor committed Feb 16, 2006
Showing with 15 additions and 11 deletions.
  1. +15 −11 auth/shibboleth/index.php
@@ -5,9 +5,18 @@
require('lib.php');
if (isloggedin() && $USER->username != 'guest') { // Nothing to do
- redirect($CFG->wwwroot.'/index.php');
- }
+ if (isset($SESSION->wantsurl) and (strpos($SESSION->wantsurl, $CFG->wwwroot) === 0)){
+ $urltogo = $SESSION->wantsurl; /// Because it's an address in this site
+ unset($SESSION->wantsurl);
+ } else {
+ $urltogo = $CFG->wwwroot.'/'; /// Go to the standard home page
+ unset($SESSION->wantsurl); /// Just in case
+ }
+
+ redirect($urltogo);
+ }
+
$pluginconfig = get_config('auth/shibboleth');
// Check whether Shibboleth is configured properly
@@ -50,19 +59,14 @@
redirect($urltogo);
}
- }
+ }
// If we can find any (user independent) Shibboleth attributes but no user
// attributes we probably didn't receive any user attributes
- if ( !empty($_SERVER['HTTP_SHIB_APPLICATION_ID'])
- && empty($_SERVER[$pluginconfig->shib_user_attribute]))
- {
+ elseif (!empty($_SERVER['HTTP_SHIB_APPLICATION_ID'])){
error(get_string( 'shib_no_attributes_error', 'auth' , '\''.$pluginconfig->shib_user_attribute.'\', \''.$pluginconfig->field_map_firstname.'\', \''.$pluginconfig->field_map_lastname.'\' and \''.$pluginconfig->field_map_email.'\''));
+ } else {
+ error(get_string( 'shib_not_set_up_error', 'auth'));
}
-
-
- $SESSION->shibboleth_checked = true; // This will stop us bouncing back here
-
- redirect($CFG->wwwroot.'/login/index.php');
?>

0 comments on commit a70d959

Please sign in to comment.