|
|
@@ -67,6 +67,47 @@ if ($test) {
|
|
|
exit();
|
|
|
}
|
|
|
|
|
|
+// === ROBUSTER SSO-LOGIN BEGIN ===
|
|
|
+try {
|
|
|
+ $provider = $signon_provider->getProvider();
|
|
|
+ $token = $provider->getAccessToken('authorization_code', [
|
|
|
+ 'code' => $_GET['code']
|
|
|
+ ]);
|
|
|
+
|
|
|
+ $userinfo = $provider->getResourceOwner($token)->toArray();
|
|
|
+
|
|
|
+ // Debug-Log schreiben
|
|
|
+ file_put_contents('/tmp/glpi_sso_debug.log', print_r($userinfo, true));
|
|
|
+
|
|
|
+ // Felder mit Fallbacks auslesen
|
|
|
+ $email = $userinfo['email'] ?? $userinfo['preferred_username'] ?? null;
|
|
|
+ $name = $userinfo['name'] ?? ($email ? explode('@', $email)[0] : null);
|
|
|
+
|
|
|
+ if (!$email && !$name) {
|
|
|
+ Toolbox::logInFile('ssodebug', 'Kein gültiger Benutzername/email in Azure-Antwort', true);
|
|
|
+ Html::displayErrorAndDie(__('SSO-Login: Benutzerinformationen fehlen oder unvollständig.', 'singlesignon'));
|
|
|
+ }
|
|
|
+
|
|
|
+ // Eindeutigen Benutzer in GLPI suchen
|
|
|
+ $username = $signon_provider->fields['use_email_for_login'] ? $email : $name;
|
|
|
+ $users = getAllDataFromTable('glpi_users', ['name' => $username]);
|
|
|
+
|
|
|
+ if (count($users) !== 1) {
|
|
|
+ Toolbox::logInFile('ssodebug', "GLPI-Benutzer '$username' mehrfach oder nicht gefunden", true);
|
|
|
+ Html::displayErrorAndDie(__('SSO-Login: Benutzer nicht eindeutig zuordenbar. Kontaktieren Sie den Admin.', 'singlesignon'));
|
|
|
+ }
|
|
|
+
|
|
|
+ // Setze Session manuell (falls benötigt)
|
|
|
+ $user = new User();
|
|
|
+ $user->getFromDB(current($users)['id']);
|
|
|
+ Session::init($user->getID());
|
|
|
+
|
|
|
+} catch (Exception $e) {
|
|
|
+ Toolbox::logInFile('ssodebug', 'SSO-Ausnahme: ' . $e->getMessage(), true);
|
|
|
+ Html::displayErrorAndDie(__('SSO-Fehler: ' . $e->getMessage(), 'singlesignon'));
|
|
|
+}
|
|
|
+// === ROBUSTER SSO-LOGIN ENDE ===
|
|
|
+
|
|
|
$user_id = Session::getLoginUserID();
|
|
|
|
|
|
$REDIRECT = "";
|
