diff --git a/ChangeLog b/ChangeLog index e0e68664a..29dafd6e0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -142,6 +142,7 @@ thanks to Thilanka Kaushalya - [interface] New default theme pmahomme, dropped darkblue_orange theme. - rfe #2936155 [auth] Allow to pass additional parameters using signon method. +- rfe #1640812 [auth] Add example for OpenID authentication using signon method. 3.3.10.0 (not yet released) - patch #3147400 [structure] Aria table size printed as unknown, diff --git a/Documentation.html b/Documentation.html index 956f67749..3c40382c6 100644 --- a/Documentation.html +++ b/Documentation.html @@ -758,7 +758,9 @@ since this link provides funding for phpMyAdmin. as introduced in 2.10.0 allows you to log in from prepared PHP session data. This is useful for implementing single signon from another application. Sample way how to seed session is in - signon example: scripts/signon.php. You need to + signon example: scripts/signon.php. There is also + alternative example using OpenID - + scripts/openid.php. You need to configure session name and signon diff --git a/scripts/openid.php b/scripts/openid.php new file mode 100644 index 000000000..b35408802 --- /dev/null +++ b/scripts/openid.php @@ -0,0 +1,161 @@ + array( + 'user' => 'root', + 'password' => '', + ), + ); + +/** + * Simple function to show HTML page with given content. + */ +function show_page($contents) { + header('Content-Type: text/html; charset=utf-8'); + echo '' . "\n"; + ?> + + + + + + phpMyAdmin OpenID signon example + + +' . $_SESSION['PMA_single_signon_message'] . '

'; + unset($_SESSION['PMA_single_signon_message']); +} +echo $contents; +?> + + + +OpenID:
+ + + +'; + show_page($content); + exit; +} + +/* Grab identifier */ +if (isset($_POST['identifier'])) { + $identifier = $_POST['identifier']; +} else if (isset($_SESSION['identifier'])) { + $identifier = $_SESSION['identifier']; +} else { + $identifier = null; +} + +/* Create OpenID object */ +try { + $o = new OpenID_RelyingParty($returnTo, $realm, $identifier); +} catch (OpenID_Exception $e) { + $contents = "
\n"; + $contents .= "
" . $e->getMessage() . "
\n"; + $contents .= "
"; + show_page($contents); + exit; +} + +/* Redirect to OpenID provider */ +if (isset($_POST['start'])) { + try { + $authRequest = $o->prepare(); + } catch (OpenID_Exception $e) { + $contents = "
\n"; + $contents .= "
" . $e->getMessage() . "
\n"; + $contents .= "
"; + show_page($contents); + exit; + } + + $url = $authRequest->getAuthorizeURL(); + + header("Location: $url"); + exit; +} else { + /* Grab query string */ + if (!count($_POST)) { + list(, $queryString) = explode('?', $_SERVER['REQUEST_URI']); + } else { + // I hate php sometimes + $queryString = file_get_contents('php://input'); + } + + /* Check reply */ + $message = new OpenID_Message($queryString, OpenID_Message::FORMAT_HTTP); + + $id = $message->get('openid.claimed_id'); + + if (!empty($id) && isset($AUTH_MAP[$id])) { + $_SESSION['PMA_single_signon_user'] = $AUTH_MAP[$id]['user']; + $_SESSION['PMA_single_signon_password'] = $AUTH_MAP[$id]['password']; + session_write_close(); + /* Redirect to phpMyAdmin (should use absolute URL here!) */ + header('Location: ../index.php'); + } else { + show_page('

User not allowed!

'); + exit; + } +}