diff --git a/SoObjects/SOGo/SOGoCache.m b/SoObjects/SOGo/SOGoCache.m index e2a8a51a4..557beb09a 100644 --- a/SoObjects/SOGo/SOGoCache.m +++ b/SoObjects/SOGo/SOGoCache.m @@ -40,6 +40,7 @@ * cas-ticket:< > value = * cas-pgtiou:< > value = * session:< > value = + * saml2-login:< > value = */ diff --git a/SoObjects/SOGo/SOGoSAML2Session.h b/SoObjects/SOGo/SOGoSAML2Session.h index 00a3c4945..de7e086ea 100644 --- a/SoObjects/SOGo/SOGoSAML2Session.h +++ b/SoObjects/SOGo/SOGoSAML2Session.h @@ -1,8 +1,6 @@ /* SOGoSAML2Session.h - this file is part of SOGo * - * Copyright (C) 2012 Inverse inc. - * - * Author: Wolfgang Sourdeau + * Copyright (C) 2012-2014 Inverse inc. * * This file is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by diff --git a/SoObjects/SOGo/SOGoSAML2Session.m b/SoObjects/SOGo/SOGoSAML2Session.m index 328fb92fb..0f947d565 100644 --- a/SoObjects/SOGo/SOGoSAML2Session.m +++ b/SoObjects/SOGo/SOGoSAML2Session.m @@ -1,8 +1,6 @@ /* SOGoSAML2Session.m - this file is part of SOGo * - * Copyright (C) 2012 Inverse inc. - * - * Author: Wolfgang Sourdeau + * Copyright (C) 2012-2014 Inverse inc. * * This file is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -215,7 +213,6 @@ LassoServerInContext (WOContext *context) - (void) _updateDataFromLogin { - // LassoSamlp2Response *response; LassoSaml2Assertion *saml2Assertion; GList *statementList, *attributeList; LassoSaml2AttributeStatement *statement; @@ -223,10 +220,15 @@ LassoServerInContext (WOContext *context) LassoSaml2AttributeValue *value; LassoMiscTextNode *textNode; LassoSaml2NameID *nameIdentifier; + SOGoSystemDefaults *sd; + NSString *loginAttribue; + gchar *dump; - saml2Assertion - = LASSO_SAML2_ASSERTION (lasso_login_get_assertion (lassoLogin)); + saml2Assertion = LASSO_SAML2_ASSERTION (lasso_login_get_assertion (lassoLogin)); + sd = [SOGoSystemDefaults sharedSystemDefaults]; + loginAttribue = [sd SAML2LoginAttribute]; + if (saml2Assertion) { /* deduce user login */ @@ -241,22 +243,42 @@ LassoServerInContext (WOContext *context) while (!login && attributeList) { attribute = LASSO_SAML2_ATTRIBUTE (attributeList->data); - if (strcmp (attribute->Name, "uid") == 0) + if (loginAttribue && (strcmp (attribute->Name, [loginAttribue UTF8String]) == 0)) { value = LASSO_SAML2_ATTRIBUTE_VALUE (attribute->AttributeValue->data); textNode = value->any->data; + + // If we got an @ sign in the value, it's most likely an email address + // so we'll ask SOGoUserManager about this login = [NSString stringWithUTF8String: textNode->content]; + + if ([login rangeOfString: @"@"].location != NSNotFound) + { + login = [[SOGoUserManager sharedUserManager] getUIDForEmail: login]; + } + [login retain]; } - else if (strcmp (attribute->Name, "mail") == 0) + else if (!loginAttribue) { - value = LASSO_SAML2_ATTRIBUTE_VALUE (attribute->AttributeValue->data); - textNode = value->any->data; - login = [[SOGoUserManager sharedUserManager] getUIDForEmail: [NSString stringWithUTF8String: textNode->content]]; - [login retain]; + // We fallback on "standard" attributes such as "uid" and "mail" + if (strcmp (attribute->Name, "uid") == 0) + { + value = LASSO_SAML2_ATTRIBUTE_VALUE (attribute->AttributeValue->data); + textNode = value->any->data; + login = [NSString stringWithUTF8String: textNode->content]; + [login retain]; + } + else if (strcmp (attribute->Name, "mail") == 0) + { + value = LASSO_SAML2_ATTRIBUTE_VALUE (attribute->AttributeValue->data); + textNode = value->any->data; + login = [[SOGoUserManager sharedUserManager] getUIDForEmail: [NSString stringWithUTF8String: textNode->content]]; + [login retain]; + } } - else - attributeList = attributeList->next; + + attributeList = attributeList->next; } statementList = statementList->next; } diff --git a/SoObjects/SOGo/SOGoSession.h b/SoObjects/SOGo/SOGoSession.h index 42e2ddd9a..a22b46e94 100644 --- a/SoObjects/SOGo/SOGoSession.h +++ b/SoObjects/SOGo/SOGoSession.h @@ -1,9 +1,6 @@ /* SOGoSession.h - this file is part of SOGo * - * Copyright (C) 2010-2011 Inverse inc. - * - * Author: Ludovic Marcotte - * Francis Lachapelle + * Copyright (C) 2010-2014 Inverse inc. * * This file is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by diff --git a/SoObjects/SOGo/SOGoSession.m b/SoObjects/SOGo/SOGoSession.m index e2137349f..235ef371e 100644 --- a/SoObjects/SOGo/SOGoSession.m +++ b/SoObjects/SOGo/SOGoSession.m @@ -1,10 +1,6 @@ /* SOGoSession.m - this file is part of SOGo * - * Copyright (C) 2010-2011 Inverse inc. - * - * Author: Ludovic Marcotte - * Francis Lachapelle - + * Copyright (C) 2010-2014 Inverse inc. * * This file is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by diff --git a/SoObjects/SOGo/SOGoSystemDefaults.h b/SoObjects/SOGo/SOGoSystemDefaults.h index bf6032c9b..4d68d7538 100644 --- a/SoObjects/SOGo/SOGoSystemDefaults.h +++ b/SoObjects/SOGo/SOGoSystemDefaults.h @@ -80,6 +80,7 @@ - (NSString *) SAML2IdpMetadataLocation; - (NSString *) SAML2IdpPublicKeyLocation; - (NSString *) SAML2IdpCertificateLocation; +- (NSString *) SAML2LoginAttribute; - (BOOL) SAML2LogoutEnabled; - (BOOL) enablePublicAccess; diff --git a/SoObjects/SOGo/SOGoSystemDefaults.m b/SoObjects/SOGo/SOGoSystemDefaults.m index b9f1f0225..d48ab7c03 100644 --- a/SoObjects/SOGo/SOGoSystemDefaults.m +++ b/SoObjects/SOGo/SOGoSystemDefaults.m @@ -511,6 +511,11 @@ _injectConfigurationFromFile (NSMutableDictionary *defaultsDict, return [self boolForKey: @"SOGoSAML2LogoutEnabled"]; } +- (NSString *) SAML2LoginAttribute +{ + return [self stringForKey: @"SOGoSAML2LoginAttribute"]; +} + - (BOOL) enablePublicAccess { return [self boolForKey: @"SOGoEnablePublicAccess"];