diff --git a/appinfo/app.php b/appinfo/app.php index ecaca6b..f7d44a6 100644 --- a/appinfo/app.php +++ b/appinfo/app.php @@ -33,10 +33,12 @@ $l = \OC::$server->getL10N('user_saml'); $config = \OC::$server->getConfig(); $request = \OC::$server->getRequest(); $userSession = \OC::$server->getUserSession(); +$session = \OC::$server->getSession(); $samlSettings = new \OCA\User_SAML\SAMLSettings( $urlGenerator, $config, - $request + $request, + $session ); $userBackend = new \OCA\User_SAML\UserBackend( @@ -45,7 +47,8 @@ $userBackend = new \OCA\User_SAML\UserBackend( \OC::$server->getSession(), \OC::$server->getDatabaseConnection(), \OC::$server->getUserManager(), - \OC::$server->getGroupManager() + \OC::$server->getGroupManager(), + $samlSettings ); $userBackend->registerBackends(\OC::$server->getUserManager()->getBackends()); OC_User::useBackend($userBackend); diff --git a/lib/Controller/SAMLController.php b/lib/Controller/SAMLController.php index a991437..cfc08ee 100644 --- a/lib/Controller/SAMLController.php +++ b/lib/Controller/SAMLController.php @@ -102,7 +102,8 @@ class SAMLController extends Controller { * @throws NoUserFoundException */ private function autoprovisionIfPossible(array $auth) { - $uidMapping = $this->config->getAppValue('user_saml', 'general-uid_mapping'); + $prefix = $this->settings->getPrefix(); + $uidMapping = $this->config->getAppValue('user_saml', $prefix . 'general-uid_mapping'); if(isset($auth[$uidMapping])) { if(is_array($auth[$uidMapping])) { $uid = $auth[$uidMapping][0]; diff --git a/lib/SAMLSettings.php b/lib/SAMLSettings.php index 0f97b63..3e287ea 100644 --- a/lib/SAMLSettings.php +++ b/lib/SAMLSettings.php @@ -24,6 +24,7 @@ namespace OCA\User_SAML; use OCP\AppFramework\Http; use OCP\IConfig; use OCP\IRequest; +use OCP\ISession; use OCP\IURLGenerator; class SAMLSettings { @@ -33,18 +34,25 @@ class SAMLSettings { private $config; /** @var IRequest */ private $request; + /** @var ISession */ + private $session; + /** @var array list of global settings which are valid for every idp */ + private $globalSettings = ['general-require_provisioned_account', 'general-allow_multiple_user_back_ends', 'general-use_saml_auth_for_desktop']; /** * @param IURLGenerator $urlGenerator * @param IConfig $config * @param IRequest $request + * @param ISession $session */ public function __construct(IURLGenerator $urlGenerator, IConfig $config, - IRequest $request) { + IRequest $request, + ISession $session) { $this->urlGenerator = $urlGenerator; $this->config = $config; $this->request = $request; + $this->session = $session; } /** @@ -148,5 +156,26 @@ class SAMLSettings { return $settings; } -} + /** + * calculate prefix for config values + * + * @param string name of the setting + * @return string + */ + public function getPrefix($setting = '') { + + $prefix = ''; + if (!empty($setting) && in_array($setting, $this->globalSettings)) { + return $prefix; + } + + $idp = $this->session->get('user_saml.Idp'); + if ((int)$idp > 1) { + $prefix = $idp . '-'; + } + + return $prefix; + } + +} diff --git a/lib/UserBackend.php b/lib/UserBackend.php index fd5df33..7b8b1f3 100644 --- a/lib/UserBackend.php +++ b/lib/UserBackend.php @@ -48,6 +48,8 @@ class UserBackend implements IApacheBackend, UserInterface, IUserBackend { private $groupManager; /** @var \OCP\UserInterface[] */ private static $backends = []; + /** @var SAMLSettings */ + private $settings; /** * @param IConfig $config @@ -56,19 +58,22 @@ class UserBackend implements IApacheBackend, UserInterface, IUserBackend { * @param IDBConnection $db * @param IUserManager $userManager * @param IGroupManager $groupManager + * @param SAMLSettings $settings */ public function __construct(IConfig $config, IURLGenerator $urlGenerator, ISession $session, IDBConnection $db, IUserManager $userManager, - IGroupManager $groupManager) { + IGroupManager $groupManager, + SAMLSettings $settings) { $this->config = $config; $this->urlGenerator = $urlGenerator; $this->session = $session; $this->db = $db; $this->userManager = $userManager; $this->groupManager = $groupManager; + $this->settings = $settings; } /** @@ -344,7 +349,8 @@ class UserBackend implements IApacheBackend, UserInterface, IUserBackend { * {@inheritdoc} */ public function getLogoutUrl() { - $slo = $this->config->getAppValue('user_saml', 'idp-singleLogoutService.url', ''); + $prefix = $this->settings->getPrefix(); + $slo = $this->config->getAppValue('user_saml', $prefix . 'idp-singleLogoutService.url', ''); if($slo === '') { return ''; } @@ -373,7 +379,8 @@ class UserBackend implements IApacheBackend, UserInterface, IUserBackend { */ public function getCurrentUserId() { $samlData = $this->session->get('user_saml.samlUserData'); - $uidMapping = $this->config->getAppValue('user_saml', 'general-uid_mapping', ''); + $prefix = $this->settings->getPrefix(); + $uidMapping = $this->config->getAppValue('user_saml', $prefix . 'general-uid_mapping', ''); if($uidMapping !== '' && isset($samlData[$uidMapping])) { if(is_array($samlData[$uidMapping])) { @@ -437,7 +444,8 @@ class UserBackend implements IApacheBackend, UserInterface, IUserBackend { private function getAttributeKeys($name) { - $keys = explode(' ', $this->config->getAppValue('user_saml', $name, '')); + $prefix = $this->settings->getPrefix($name); + $keys = explode(' ', $this->config->getAppValue('user_saml', $prefix . $name, '')); if (count($keys) === 1 && $keys[0] === '') { throw new \InvalidArgumentException('Attribute is not configured');