Mantis_SAML

Patch for SimpleSAMLphp Authentication

Download the patch from http://www.mantisbt.org/bugs/view.php?id=4235#c28290 Copy simplesamlphp_api.php to mantis/core/

Source code changes

Make the following changes in the source files mentioned below: core/authentication_api.php
case BASIC_AUTH: $f_username = $_SERVER['REMOTE_USER']; break; case SIMPLESAML_AUTH: if($p_username) $f_username = $p_username; break; case HTTP_AUTH: if( !auth_http_is_logout_pending() ) { if( isset( $_SERVER['PHP_AUTH_USER'] ) ) { function auth_attempt_login( $p_username, $p_password, $p_perm_login = false ) { $t_email = ''; $t_user_id = user_get_id_by_name( $p_username ); $t_login_method = config_get( 'login_method' );

+ + + +

+ + + + +

if ( false === $t_user_id ) { if ( BASIC_AUTH == $t_login_method ) { $t_auto_create = true; } else if ( SIMPLESAML_AUTH == $t_login_method ) { $t_auto_create = true; $t_attibutes = config_get('simplesamlphp_attributes'); $t_auth_attributes = config_get('simplesamlphp_auth_attributes'); $t_email = $t_attibutes[$t_auth_attributes['email']][0]; } else if ( LDAP == $t_login_method && ldap_authenticate_by_username( $p_username, $p $t_auto_create = true; } else { if ( $t_auto_create ) { # attempt to create the user $t_cookie_string = user_create( $p_username, md5( $p_password ) ); $t_cookie_string = user_create( $p_username, md5( $p_password ), $t_email); if ( false === $t_cookie_string ) { if( LDAP == $t_configured_login_method ) { return ldap_authenticate( $p_user_id, $p_test_password ); } if( SIMPLESAML_AUTH == $t_configured_login_method ) return TRUE; $t_password = user_get_field( $p_user_id, 'password' ); $t_login_methods = Array(

+ +

Patch for SimpleSAMLphp Authentication

Mantis_SAML
+

function auth_reauthenticate() { if( config_get_global( 'reauthentication' ) == OFF || BASIC_AUTH == config_get( 'login_method if( config_get_global( 'reauthentication' ) == OFF || BASIC_AUTH == config_get( 'login_method return true; }

core/constant_inc.php
+ define( 'SIMPLESAML_AUTH', 7 );

index.php
if ( auth_is_user_authenticated() ) { print_header_redirect( config_get( 'default_home_page' ) ); } else { print_header_redirect( 'login_page.php' ); + print_header_redirect( 'login.php' ); }

login.php
$f_from = gpc_get_string( 'from', '' ); $f_secure_session = gpc_get_bool( 'secure_session', false ); +if ( SIMPLESAML_AUTH == config_get( 'login_method' ) ) { + ssphp_init(); + if(ssphp_is_user_authenticated()) + $f_username = ssphp_get_username(); + else + $f_username = ssphp_authenticate_user(); +} + $f_username = auth_prepare_username($f_username); $f_password = auth_prepare_password($f_password);

logout_page.php
require_once( 'core.php' ); auth_logout(); - print_header_redirect( config_get( 'logout_redirect_page' ), /* die */ true, /* sanitize */ false + print_header_redirect( config_get( 'login_page' ), /* die */ true, /* sanitize */ false );

signup.php
# Check to see if signup is allowed if ( OFF == config_get_global( 'allow_signup' ) ) { print_header_redirect( 'login_page.php' ); + print_header_redirect( 'login.php' ); exit; } </tr> </table> <br /> -<?php print_bracket_link( 'login_page.php', lang_get( 'proceed' ) ); ?> +<?php print_bracket_link( 'login.php', lang_get( 'proceed' ) ); ?> </div>

Source code changes

Mantis_SAML core.php
# Authentication and user setup require_once('simplesamlphp_api.php'); require_once( 'authentication_api.php' );

Configuration Changes
$g_login_method = SIMPLESAML_AUTH; $g_simplesamlphp_autoloader = '/var/simplesamlphp/lib/_autoload.php'; $g_simplesamlphp_instance = NULL; $g_simplesamlphp_SP_name = 'default-sp'; $g_simplesamlphp_auth_attributes = Array( 'username' => 'uid', 'email' => 'mail'); $g_simplesamlphp_autz_attributes = Array(); $g_simplesamlphp_attributes = Array();

Configuration Changes