. * --------------------------------------------------------------------- * @copyright Copyright © 2021 - 2022 Edgard * @license http://www.gnu.org/licenses/gpl.txt GPLv3+ * @link https://github.com/edgardmessias/glpi-singlesignon/ * --------------------------------------------------------------------- */ //Disable CSRF token define('GLPI_USE_CSRF_CHECK', 0); ini_set('display_errors', 1); ini_set('display_startup_errors', 1); error_reporting(E_ALL); include('../../../inc/includes.php'); $provider_id = PluginSinglesignonToolbox::getCallbackParameters('provider'); if (!$provider_id) { Html::displayErrorAndDie(__sso("Provider not defined."), false); } $signon_provider = new PluginSinglesignonProvider(); if (!$signon_provider->getFromDB($provider_id)) { Html::displayErrorAndDie(__sso("Provider not found."), true); } if (!$signon_provider->fields['is_active']) { Html::displayErrorAndDie(__sso("Provider not active."), true); } $signon_provider->checkAuthorization(); $test = PluginSinglesignonToolbox::getCallbackParameters('test'); if ($test) { $signon_provider->debug = true; Html::nullHeader("Login", PluginSinglesignonToolbox::getBaseURL() . '/index.php'); echo '
'; echo '
';
   echo "### BEGIN ###\n";
   $signon_provider->getResourceOwner();
   echo "### END ###";
   echo '
'; Html::nullFooter(); exit(); } // === ROBUSTER SSO-LOGIN BEGIN === try { $provider = $signon_provider->getProvider(); $token = $provider->getAccessToken('authorization_code', [ 'code' => $_GET['code'] ]); $userinfo = $provider->getResourceOwner($token)->toArray(); // Debug-Log schreiben file_put_contents('/tmp/glpi_sso_debug.log', print_r($userinfo, true)); // Felder mit Fallbacks auslesen $email = $userinfo['email'] ?? $userinfo['preferred_username'] ?? null; $name = $userinfo['name'] ?? ($email ? explode('@', $email)[0] : null); if (!$email && !$name) { Toolbox::logInFile('ssodebug', 'Kein gültiger Benutzername/email in Azure-Antwort', true); Html::displayErrorAndDie(__('SSO-Login: Benutzerinformationen fehlen oder unvollständig.', 'singlesignon')); } // Eindeutigen Benutzer in GLPI suchen $username = $signon_provider->fields['use_email_for_login'] ? $email : $name; $users = getAllDataFromTable('glpi_users', ['name' => $username]); if (count($users) !== 1) { Toolbox::logInFile('ssodebug', "GLPI-Benutzer '$username' mehrfach oder nicht gefunden", true); Html::displayErrorAndDie(__('SSO-Login: Benutzer nicht eindeutig zuordenbar. Kontaktieren Sie den Admin.', 'singlesignon')); } // Setze Session manuell (falls benötigt) $user = new User(); $user->getFromDB(current($users)['id']); Session::init($user->getID()); } catch (Exception $e) { Toolbox::logInFile('ssodebug', 'SSO-Ausnahme: ' . $e->getMessage(), true); Html::displayErrorAndDie(__('SSO-Fehler: ' . $e->getMessage(), 'singlesignon')); } // === ROBUSTER SSO-LOGIN ENDE === $user_id = Session::getLoginUserID(); $REDIRECT = ""; if ($user_id || $signon_provider->login()) { $user_id = $user_id ?: Session::getLoginUserID(); if ($user_id) { $signon_provider->linkUser($user_id); } $params = PluginSinglesignonToolbox::getCallbackParameters('q'); if (isset($params['redirect'])) { $REDIRECT = '?redirect=' . $params['redirect']; } else if (isset($_GET['state']) && is_integer(strpos($_GET['state'], ";redirect="))) { $REDIRECT = '?' . substr($_GET['state'], strpos($_GET['state'], ";redirect=") + 1); } $url_redirect = ''; if ($_SESSION["glpiactiveprofile"]["interface"] == "helpdesk") { if ($_SESSION['glpiactiveprofile']['create_ticket_on_login'] && empty($REDIRECT)) { $url_redirect = PluginSinglesignonToolbox::getBaseURL() . "/front/helpdesk.public.php?create_ticket=1"; } else { $url_redirect = PluginSinglesignonToolbox::getBaseURL() . "/front/helpdesk.public.php$REDIRECT"; } } else { if ($_SESSION['glpiactiveprofile']['create_ticket_on_login'] && empty($REDIRECT)) { $url_redirect = PluginSinglesignonToolbox::getBaseURL() . "/front/ticket.form.php"; } else { $url_redirect = PluginSinglesignonToolbox::getBaseURL() . "/front/central.php$REDIRECT"; } } Html::nullHeader("Login", PluginSinglesignonToolbox::getBaseURL() . '/index.php'); echo '
' . __sso('Automatic redirection, else click') . ''; echo '
'; Html::nullFooter(); exit(); // Auth::redirectIfAuthenticated(); } // we have done at least a good login? No, we exit. Html::nullHeader("Login", PluginSinglesignonToolbox::getBaseURL() . '/index.php'); echo '
' . __('User not authorized to connect in GLPI') . '

'; // Logout whit noAUto to manage auto_login with errors echo '' . __('Log in again') . '
'; echo ''; Html::nullFooter(); exit();