Changeset 1049559
- Timestamp:
- 12/19/2014 06:03:43 PM (11 years ago)
- Location:
- openam-authentication/trunk
- Files:
-
- 3 edited
-
README.md (modified) (2 diffs)
-
README.txt (modified) (3 diffs)
-
openam-rest.php (modified) (12 diffs)
Legend:
- Unmodified
- Added
- Removed
-
openam-authentication/trunk/README.md
r1013018 r1049559 4 4 <b>OpenAM Authentication</b> 5 5 <table border="0"> 6 <tr><td>Contributors:</td><td>forgerock1 </td></tr>6 <tr><td>Contributors:</td><td>forgerock1,forgerock,marius-g,qcastel</td></tr> 7 7 <tr><td>Link:</td><td> http://www.forgerock.org/</td></tr> 8 8 <tr><td>Tags:</td><td> OpenAM, Authentication, REST, OpenAM 11.0.1, OpenAM 12.0, Wordpress 3.9</td></tr> 9 9 <tr><td>Requires at least:</td><td> 3.9</td></tr> 10 <tr><td>Tested up to:</td><td>4. 0.0</td></tr>11 <tr><td>Stable tag:</td><td>1. 1.1</td></tr>10 <tr><td>Tested up to:</td><td>4.1.0</td></tr> 11 <tr><td>Stable tag:</td><td>1.2.0</td></tr> 12 12 <tr><td>License:</td><td> CDDLv1.0</td></tr> 13 13 <tr><td>License URL</td><td>http://forgerock.org/projects/cddlv1-0/</td></tr> … … 92 92 <dd>Introduced the Legacy REST API mode to support OpenAM versions older than 11.0 93 93 <dd>An option to enable debugging and specify the name of the debug file was introduced 94 <dt> 95 1.2 96 <dd>Added an option to specify the domain where the SSO cookie will be set. 97 <dd>The uid and email address attribute name were hardcoded, now they are properly done. 98 <dd>Change a little bit the Options (Settings) page 94 99 </dl> -
openam-authentication/trunk/README.txt
r1013013 r1049559 4 4 Tags: OpenAM, Authentication, REST, OpenAM 11.0.1, OpenAM 12.0, Wordpress 3.9 5 5 Requires at least: 3.9 6 Tested up to: 4. 0.07 Stable tag: 1. 1.16 Tested up to: 4.1.0 7 Stable tag: 1.2 8 8 License: CDDLv1.0 9 9 License URI: http://forgerock.org/projects/cddlv1-0/ … … 18 18 == Contributing == 19 19 The easiest way to contribute to this plugin is to submit a GitHub pull request. Here's the repo: 20 https://github.com/forgerock 1/openam-authentication20 https://github.com/forgerock/openam-authentication 21 21 22 22 … … 74 74 Introduced the Legacy REST API mode to support OpenAM versions older than 11.0 75 75 An option to enable debugging and specify the name of the debug file was introduced 76 = 1.2 = 77 Added an option to specify the domain where the SSO cookie will be set. 78 The uid and email address attribute name were hardcoded, now they are properly done. 79 Change a little bit the Options (Settings) page -
openam-authentication/trunk/openam-rest.php
r1013018 r1049559 4 4 Plugin URI: http://www.forgerock.org 5 5 Description: This plugin is used to authenticate users using OpenAM. The plugin uses REST calls to the OpenAM. The required REST APIs are: /json/authenticate; /json/users/ and /json/sessions. Therefore you need OpenAM 11.0 and above. 6 Version: 1. 16 Version: 1.2 7 7 Author: Victor info@forgerock.com, openam@forgerock.org (subscribe to mailing list firt) 8 8 Author URI: http://www.forgerock.com/ … … 36 36 add_option( 'openam_legacy_apis_enabled', 0 ); 37 37 add_option( 'openam_cookie_name', 'iPlanetDirectoryPro' ); 38 add_option( 'openam_cookie_domain', substr($_SERVER['HTTP_HOST'], strpos($_SERVER['HTTP_HOST'], '.')) ); 38 39 add_option( 'openam_base_url', 'https://openam.example.com:443/openam' ); 39 40 add_option( 'openam_realm', '' ); … … 51 52 define( 'OPENAM_LEGACY_APIS_ENABLED', get_option( 'openam_legacy_apis_enabled' ) ); 52 53 define( 'OPENAM_COOKIE_NAME', get_option( 'openam_cookie_name' ) ); 54 define( 'DOMAIN', get_option( 'openam_cookie_domain')); 53 55 define( 'OPENAM_BASE_URL', get_option( 'openam_base_url' ) ); 54 56 define( 'OPENAM_REALM', get_option( 'openam_realm' ) ); … … 56 58 define( 'OPENAM_SERVICE_CHAIN', get_option( 'openam_service_chain' ) ); 57 59 define( 'OPENAM_WORDPRESS_ATTRIBUTES', get_option( 'openam_wordpress_attributes' ) ); 60 $OPENAM_WORDPRESS_ATTRIBUTES_ARRAY = explode(',', OPENAM_WORDPRESS_ATTRIBUTES); 61 define( 'OPENAM_WORDPRESS_ATTRIBUTES_USERNAME', $OPENAM_WORDPRESS_ATTRIBUTES_ARRAY[0] ); 62 define( 'OPENAM_WORDPRESS_ATTRIBUTES_MAIL', $OPENAM_WORDPRESS_ATTRIBUTES_ARRAY[1] ); 58 63 define( 'OPENAM_LOGOUT_TOO', get_option( 'openam_logout_too' ) ); 59 64 define( 'OPENAM_DO_REDIRECT', get_option( 'openam_do_redirect' ) ); … … 93 98 $am_response['boolean'] == '1') { // Session was valid 94 99 openam_debug("openam_auth: Authentication was succesful"); 95 $amAttributes = getAttributesFromOpenAM($tokenId, $am_response['uid'], OPENAM_WORDPRESS_ATTRIBUTES); 96 openam_debug("openam_auth: UID: " . print_r($amAttributes['uid'][0], TRUE)); 97 openam_debug("openam_auth: MAIL: " . print_r($amAttributes['mail'][0], TRUE)); 98 $user = loadUser($amAttributes['uid'][0], $amAttributes['mail'][0]); 100 $amAttributes = getAttributesFromOpenAM($tokenId, $am_response[OPENAM_WORDPRESS_ATTRIBUTES_USERNAME], OPENAM_WORDPRESS_ATTRIBUTES); 101 $usernameAttr = get_attribute_value($amAttributes, OPENAM_WORDPRESS_ATTRIBUTES_USERNAME); 102 $mailAttr = get_attribute_value($amAttributes, OPENAM_WORDPRESS_ATTRIBUTES_MAIL); 103 openam_debug("openam_auth: UID: " . print_r($usernameAttr, TRUE)); 104 openam_debug("openam_auth: MAIL: " . print_r($mailAttr, TRUE)); 105 $user = loadUser($usernameAttr, $mailAttr); 99 106 remove_action('authenticate', 'wp_authenticate_username_password', 20); 100 107 return $user; … … 114 121 $amAttributes = getAttributesFromOpenAM($tokenId, $username, OPENAM_WORDPRESS_ATTRIBUTES); 115 122 if ($amAttributes) { 116 $user = loadUser($amAttributes['uid'][0], $amAttributes['mail'][0]); 123 $usernameAttr = get_attribute_value($amAttributes, OPENAM_WORDPRESS_ATTRIBUTES_USERNAME); 124 $mailAttr = get_attribute_value($amAttributes, OPENAM_WORDPRESS_ATTRIBUTES_MAIL); 125 openam_debug("openam_auth: UID: " . print_r($usernameAttr, TRUE)); 126 openam_debug("openam_auth: MAIL: " . print_r($mailAttr, TRUE)); 127 $user = loadUser($usernameAttr, $mailAttr); 117 128 remove_action('authenticate', 'wp_authenticate_username_password', 20); 118 129 return $user; … … 465 476 466 477 478 /* 479 * Select the attribute value : 480 * if it's an array, we return the first value of it. if not, we directly return the attribute value 481 */ 482 function get_attribute_value($attributes, $attributeId) { 483 if(is_array($attributes[$attributeId])) { 484 return $attributes[$attributeId][0]; 485 } else { 486 return $attributes[$attributeId]; 487 } 488 } 489 490 467 491 // Functions from here and down are used for the administration of the plugin 468 492 // in the wordpress admin panel … … 489 513 <table class="form-table"> 490 514 491 <tr valign=" top">492 <t h scope="row"><?php _e('OpenAM-REST enabled') ?></th>493 <td> <fieldset><legend class="screen-reader-text">< span><?php _e('OpenAM REST enabled') ?></span></legend><label for="openam_rest_enabled">515 <tr valign="middle"> 516 <td><?php _e('OpenAM-REST enabled') ?></td> 517 <td> <fieldset><legend class="screen-reader-text"><?php _e('OpenAM REST enabled') ?></legend><label for="openam_rest_enabled"> 494 518 <input name="openam_rest_enabled" type="checkbox" id="openam_rest_enabled" value="1" <?php checked('1', get_option('openam_rest_enabled')); ?> /> 495 < ?php _e('This checkbox enables or disablesthis plugin') ?></label>496 </fieldset></td></tr>497 498 <tr valign=" top">499 <t h scope="row"><?php _e('OpenAM-Legacy enabled') ?></th>500 <td> <fieldset><legend class="screen-reader-text">< span><?php _e('OpenAM Legacy enabled') ?></span></legend><label for="openam_legacy_apis_enabled">519 </td><td ><span class="description"><?php _e('Enable or disable this plugin') ?></label> 520 </span></fieldset></td></tr> 521 522 <tr valign="middle"> 523 <td><?php _e('OpenAM-Legacy enabled') ?></td> 524 <td> <fieldset><legend class="screen-reader-text"><?php _e('OpenAM Legacy enabled') ?></legend><label for="openam_legacy_apis_enabled"> 501 525 <input name="openam_legacy_apis_enabled" type="checkbox" id="openam_legacy_apis_enabled" value="1" <?php checked('1', get_option('openam_legacy_apis_enabled')); ?> /> 502 < ?php _e('This checkbox enables or disablesthe use of legacy REST APIs (For OpenAM 11.0 and older)') ?></label>503 </fieldset></td></tr>504 505 <tr valign=" top">506 <t h scope="row"><label for="openam_cookie_name"><?php _e('OpenAM Session cookie') ?></label></th>526 </td><td><span class="description"><?php _e('Enable or disable the use of legacy REST APIs (For OpenAM 11.0 and older)') ?></label> 527 </span></fieldset></td></tr> 528 529 <tr valign="middle"> 530 <td><label for="openam_cookie_name"><?php _e('OpenAM Session cookie') ?></label></td> 507 531 <td><input type="text" name="openam_cookie_name" value="<?php echo get_option('openam_cookie_name'); ?>" class="regular-text code" /> 508 < span class="description">532 </td><td><span class="description"> 509 533 <?php _e('Default in OpenAM is <code>iPlanetDirectoryPro</code>, but can be something different. Check with the OpenAM Administrator') ?> 510 534 </span> 511 </td> 512 </tr> 513 514 <tr valign="top"> 515 <th scope="row"><label for="openam_base_url"><?php _e('OpenAM base URL') ?></label></th> 516 <td><input type="text" name="openam_base_url" value="<?php echo get_option('openam_base_url'); ?>" class="regular-text code" /> 517 <span class="description"> 518 <?php _e('The OpenAM deployment URL. Example: <code>http://openam.example.com:80/openam</code>') ?> 519 </span> 520 </td> 521 </tr> 522 523 <tr valign="top"> 524 <th scope="row"><label for="openam_realm"><?php _e('OpenAM realm where users reside') ?></label></th> 535 </td> 536 </tr> 537 538 <tr valign="middle"> 539 <td><label for="openam_cookie_domain"><?php _e('Cookie domain') ?></label></td> 540 <td><input type="text" name="openam_cookie_domain" value="<?php echo get_option('openam_cookie_domain'); ?>" class="regular-text code" /> 541 </td><td><span class="description"> 542 <?php _e('The Domain where the above cookie will be set, once the user authenticates. Default is the last 2 components of the domain, if available, but can be something different. Depends on your deployment') ?> 543 </span> 544 </td> 545 </tr> 546 547 <tr valign="middle"> 548 <td><label for="openam_base_url"><?php _e('OpenAM base URL') ?></label></td> 549 <td valign=""top"><input type="text" name="openam_base_url" value="<?php echo get_option('openam_base_url'); ?>" class="regular-text code" /> 550 </td><td><span class="description"> 551 <?php _e('The OpenAM deployment URL. Example: <code>http://openam.example.com:80/openam</code>') ?> 552 </span> 553 </td> 554 </tr> 555 556 <tr valign="middle"> 557 <td><label for="openam_realm"><?php _e('OpenAM realm where users reside') ?></label></td> 525 558 <td><input type="text" name="openam_realm" value="<?php echo get_option('openam_realm'); ?>" class="regular-text code" /> 526 <span class="description"> 559 </td><td> 560 <span class="description"> 527 561 <?php _e('The OpenAM realm where users reside. Example: <code>/</code> or <code>/myrealm</code>') ?> 528 562 </span> 529 </td>530 </tr> 531 532 <tr valign=" top">533 <t h scope="row"><label for="openam_authn_module"><?php _e('OpenAM Authentication Module') ?></label></th>534 <td ><input type="text" name="openam_authn_module" value="<?php echo get_option('openam_authn_module'); ?>" class="regular-text code" />535 < span class="description">563 </td> 564 </tr> 565 566 <tr valign="middle"> 567 <td><label for="openam_authn_module"><?php _e('OpenAM Authentication Module') ?></label></td> 568 <td valign="top"><input type="text" name="openam_authn_module" value="<?php echo get_option('openam_authn_module'); ?>" class="regular-text code" /> 569 </td><td><span class="description"> 536 570 <?php _e('The Authentication module to use in the OpenAM. Example: <code>DataStore</code> or <code>LDAP</code> 537 571 <br/><italic>Note: Module and Service Chain can not be used at the same time. This option can be left empty, in which case the default module configured in OpenAM wil be used. 538 572 The module should only accept user and password, if that is not the case then enable \'Redirect to OpenAM for Login\'.</italic>') ?> 539 573 </span> 540 </td>541 </tr> 542 543 544 <tr valign=" top">545 <t h scope="row"><label for="openam_service_chain"><?php _e('OpenAM Authentication Service (Chain)') ?></label></th>574 </td> 575 </tr> 576 577 578 <tr valign="middle"> 579 <td><label for="openam_service_chain"><?php _e('OpenAM Authentication Service (Chain)') ?></label></td> 546 580 <td><input type="text" name="openam_service_chain" value="<?php echo get_option('openam_service_chain'); ?>" class="regular-text code" /> 547 <span class="description"> 581 </td><td> 582 <span class="description"> 548 583 <?php _e('The Authentication Service or Chain to be used in the OpenAM. Example: <code>ldapService</code> or <code>myChain</code> 549 584 <br/><italic>Note: Service Chain and Module can not be used at the same time. This option can be left empty, in which case the default service configured in OpenAM wil be used. 550 585 The modules in the chain should only accept user and password, if that is not the case then enable \'Redirect to OpenAM for Login\'.</italic>') ?> 551 586 </span> 552 </td>553 </tr> 554 555 <tr valign=" top">556 <t h scope="row"><?php _e('Logout from OpenAM when logging out from Wordpress') ?></th>587 </td> 588 </tr> 589 590 <tr valign="middle"> 591 <td><?php _e('Logout from OpenAM when logging out from Wordpress') ?></td> 557 592 <td> 558 593 <fieldset><legend class="screen-reader-text"><span> … … 560 595 </span></legend><label for="openam_logout_too"> 561 596 <input name="openam_logout_too" type="checkbox" id="openam_logout_too" value="1" <?php checked('1', get_option('openam_logout_too')); ?> /> 562 < ?php _e('If selected, when the user logs out from Wordpress it will also terminate the session in OpenAM.') ?></label>563 </fieldset></td>564 565 <tr valign=" top">566 <t h scope="row"><label for="openam_wordpress_attributes"><?php _e('OpenAM attributes to map Login Name and Mail address') ?></label></th>597 </td><td><span class="description"><?php _e('If selected, when the user logs out from Wordpress it will also terminate the session in OpenAM.') ?></label> 598 </span></fieldset></td> 599 600 <tr valign="middle"> 601 <td><label for="openam_wordpress_attributes"><?php _e('OpenAM attributes to map Login Name and Mail address') ?></label></td> 567 602 <td><input type="text" name="openam_wordpress_attributes" value="<?php echo get_option('openam_wordpress_attributes'); ?>" class="regular-text code" /> 568 < span class="description">603 </td><td><span class="description"> 569 604 <?php _e('Comma separated name of the OpenAM attributes to map login name and mail. Example: <code>uid,mail</code>') ?> 570 605 </span> 571 </td>572 </tr> 573 574 <tr valign=" top">575 <t h scope="row"><?php _e('Redirect to OpenAM for Login') ?></th>606 </td> 607 </tr> 608 609 <tr valign="middle"> 610 <td><?php _e('Redirect to OpenAM for Login') ?></td> 576 611 <td> 577 612 <fieldset><legend class="screen-reader-text"><span> … … 579 614 </span></legend><label for="openam_do_redirect"> 580 615 <input name="openam_do_redirect" type="checkbox" id="openam_do_redirect" value="1" <?php checked('1', get_option('openam_do_redirect')); ?> /> 581 < ?php _e('For authentication chains and modules with a more complex workflow than user/password, redirect to OpenAM') ?></label>582 </fieldset></td></tr>583 584 <tr valign=" top">585 <t h scope="row"><?php _e('Enable debug') ?></th>616 </td><td><span class="description"><?php _e('For authentication chains and modules with a more complex workflow than user/password, redirect to OpenAM') ?></label> 617 </span></fieldset></td></tr> 618 619 <tr valign="middle"> 620 <td><?php _e('Enable debug') ?></td> 586 621 <td> 587 622 <fieldset><legend class="screen-reader-text"><span> … … 589 624 </span></legend><label for="openam_debug_enabled"> 590 625 <input name="openam_debug_enabled" type="checkbox" id="openam_debug_enabled" value="1" <?php checked('1', get_option('openam_debug_enabled')); ?> /> 591 < ?php _e('Enables debug in the module. If enabled, the debug file must be specified. Remember to turn-off in production environment') ?></label>592 </fieldset></td>593 </tr> 594 595 <tr valign=" top">596 <t h scope="row"><label for="openam_debug_file"><?php _e('Name of the debug file') ?></label></th>626 </td><td><span class="description"><?php _e('Enables debug in the module. If enabled, the debug file must be specified. Remember to turn-off in production environment') ?></label> 627 </span></fieldset></td> 628 </tr> 629 630 <tr valign="middle"> 631 <td><label for="openam_debug_file"><?php _e('Name of the debug file') ?></label></td> 597 632 <td><input type="text" name="openam_debug_file" value="<?php echo get_option('openam_debug_file'); ?>" class="regular-text code" /> 598 < span class="description">633 </td><td><span class="description"> 599 634 <?php _e('Name of the debug file') ?> 600 635 </span> 601 </td>636 </td> 602 637 </tr> 603 638 … … 605 640 606 641 <input type="hidden" name="action" value="update" /> 607 <input type="hidden" name="page_options" value="openam_rest_enabled,openam_legacy_apis_enabled,openam_cookie_name,openam_base_url, 608 openam_realm,openam_authn_module,openam_service_chain,openam_logout_too,openam_do_redirect,openam_wordpress_attributes, 642 <input type="hidden" name="page_options" value="openam_rest_enabled, 643 openam_legacy_apis_enabled,openam_cookie_name,openam_cookie_dmain, 644 openam_base_url,openam_realm,openam_authn_module,openam_service_chain, 645 openam_logout_too,openam_do_redirect,openam_wordpress_attributes, 609 646 openam_debug_enabled, openam_debug_file" /> 610 647
Note: See TracChangeset
for help on using the changeset viewer.