Skip to content

Commit

Permalink
Update ShibToken for Keycloak based EGI Check In
Browse files Browse the repository at this point in the history
- this has included:
  - switching to aai-demo.egi.eu for preproduction, on the
    advice of EGI Check In team
  - updating the expected IdPs from subdomain/proxy/saml2/idp/metadata.php
    to subdomain/auth/realms/egi
  - moving from using epuid to voPersonID

- related ticket: https://ggus.eu/index.php?mode=ticket_info&ticket_id=164026
  • Loading branch information
gregcorbett committed Nov 23, 2023
1 parent 07e7be3 commit 2337fe5
Showing 1 changed file with 14 additions and 14 deletions.
28 changes: 14 additions & 14 deletions lib/Authentication/AuthTokens/ShibAuthToken.php
Original file line number Diff line number Diff line change
Expand Up @@ -98,9 +98,9 @@ private function getAttributesInitToken(){
$this->userDetails = array('AuthenticationRealm' => array('UK_ACCESS_FED'));
return;
}
else if($idp == 'https://aai.egi.eu/proxy/saml2/idp/metadata.php'){
else if($idp == 'https://aai.egi.eu/auth/realms/egi'){
// assurance is the old way EGI checkIn used to pass LoA attributes
/*if( empty($_SERVER['epuid'])){// || empty($_SERVER['displayName']) ){
/*if( empty($_SERVER['voPersonID'])){// || empty($_SERVER['displayName']) ){
die('Did not recieve required attributes from the EGI Proxy Identity Provider to complete authentication, please contact gocdb-admins');
}
if(empty($_SERVER['assurance'])){
Expand All @@ -114,16 +114,16 @@ private function getAttributesInitToken(){
echo ($HTML);
die();
}
$this->principal = $_SERVER['epuid'];
$this->principal = $_SERVER['voPersonID'];
$this->userDetails = array('AuthenticationRealm' => array('EGI Proxy IdP'));
return;
*/

if( empty($_SERVER['epuid'])){// || empty($_SERVER['displayName']) ){
if( empty($_SERVER['voPersonID'])){// || empty($_SERVER['displayName']) ){
die('Did not recieve required attributes from the EGI Proxy Identity Provider to complete authentication, please contact gocdb-admins');
}
if(empty($_SERVER['entitlement'])){
//die('Did not recieve the required entitlement attribute from the EGI Dev Proxy IdP, please contact gocdb-admins');
//die('Did not recieve the required entitlement attribute from the EGI Proxy IdP, please contact gocdb-admins');
$HTML = '<ul><li>Login requires a GOCDB entitlement value <a href="https://wiki.egi.eu/wiki/URN_Registry:aai.egi.eu:gocdb" target="_blank">https://wiki.egi.eu/wiki/URN_Registry:aai.egi.eu:gocdb</a></li><li>Please, logout or restart your browser and attempt to login again using an identity provider that provides a GOCDB entitlement</li></ul>';
$HTML .= "<div style='text-align: center;'>";
$HTML .= '<a href="'.htmlspecialchars(\Factory::$properties['LOGOUTURL']).'"><b><font colour="red">Logout</font></b></a>';
Expand All @@ -141,28 +141,28 @@ private function getAttributesInitToken(){
echo ($HTML);
die();
}
$this->principal = $_SERVER['epuid'];
$this->principal = $_SERVER['voPersonID'];
$this->userDetails = array('AuthenticationRealm' => array('EGI Proxy IdP'));
return;

}
else if($idp == 'https://aai-dev.egi.eu/proxy/saml2/idp/metadata.php'){
if( empty($_SERVER['epuid'])){
die('Did not receive required ePUID attributes from the EGI Dev Proxy Identity Provider to complete authentication, please contact gocdb-admins');
else if($idp == 'https://aai-demo.egi.eu/auth/realms/egi'){
if( empty($_SERVER['voPersonID'])){
die('Did not receive required voPersonID attributes from the EGI Demo Proxy Identity Provider to complete authentication, please contact gocdb-admins');
}
if(empty($_SERVER['entitlement'])){
die('Did not receive the required entitlement attribute from the EGI Dev Proxy IdP, please contact gocdb-admins');
}
$entitlementValuesArray = explode(';', $_SERVER['entitlement']);
die('Did not receive the required entitlement attribute from the EGI Demo Proxy IdP, please contact gocdb-admins');
}
$entitlementValuesArray = explode(';', $_SERVER['entitlement']);
if( !in_array('urn:mace:egi.eu:res:gocdb#aai.egi.eu', $entitlementValuesArray) ){
$HTML = '<ul><li>You authenticated to the EGI Dev Identity Provider using a method that does not provide a GOCDB entitlement.</li><li>Login is required with a gocdb entitlement.</li><li>To gain access, you will need to login to the Proxy IdP using a scheme that provides a gocdb entitlement.</li><li>Please logout or restart your browser and attempt to login again.</li></ul>';
$HTML = '<ul><li>You authenticated to the EGI Demo Identity Provider using a method that does not provide a GOCDB entitlement.</li><li>Login is required with a gocdb entitlement.</li><li>To gain access, you will need to login to the Proxy IdP using a scheme that provides a gocdb entitlement.</li><li>Please logout or restart your browser and attempt to login again.</li></ul>';
$HTML .= "<div style='text-align: center;'>";
$HTML .= '<a href="'.htmlspecialchars(\Factory::$properties['LOGOUTURL']).'"><b><font colour="red">Logout</font></b></a>';
$HTML .= "</div>";
echo ($HTML);
die();
}
$this->principal = $_SERVER['epuid'];
$this->principal = $_SERVER['voPersonID'];
$this->userDetails = array('AuthenticationRealm' => array('EGI Proxy IdP'));
return;
}
Expand Down

0 comments on commit 2337fe5

Please sign in to comment.