2 if(!defined('sugarEntry') || !sugarEntry) die('Not A Valid Entry Point');
3 /*********************************************************************************
4 * SugarCRM Community Edition is a customer relationship management program developed by
5 * SugarCRM, Inc. Copyright (C) 2004-2011 SugarCRM Inc.
7 * This program is free software; you can redistribute it and/or modify it under
8 * the terms of the GNU Affero General Public License version 3 as published by the
9 * Free Software Foundation with the addition of the following permission added
10 * to Section 15 as permitted in Section 7(a): FOR ANY PART OF THE COVERED WORK
11 * IN WHICH THE COPYRIGHT IS OWNED BY SUGARCRM, SUGARCRM DISCLAIMS THE WARRANTY
12 * OF NON INFRINGEMENT OF THIRD PARTY RIGHTS.
14 * This program is distributed in the hope that it will be useful, but WITHOUT
15 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
16 * FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
19 * You should have received a copy of the GNU Affero General Public License along with
20 * this program; if not, see http://www.gnu.org/licenses or write to the Free
21 * Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
24 * You can contact SugarCRM, Inc. headquarters at 10050 North Wolfe Road,
25 * SW2-130, Cupertino, CA 95014, USA. or at email address contact@sugarcrm.com.
27 * The interactive user interfaces in modified source and object code versions
28 * of this program must display Appropriate Legal Notices, as required under
29 * Section 5 of the GNU Affero General Public License version 3.
31 * In accordance with Section 7(b) of the GNU Affero General Public License version 3,
32 * these Appropriate Legal Notices must retain the display of the "Powered by
33 * SugarCRM" logo. If the display of the logo is not reasonably feasible for
34 * technical reasons, the Appropriate Legal Notices must display the words
35 * "Powered by SugarCRM".
36 ********************************************************************************/
42 * This file is where the user authentication occurs. No redirection should happen in this file.
45 require_once('modules/Users/authentication/SugarAuthenticate/SugarAuthenticateUser.php');
48 class SAMLAuthenticateUser extends SugarAuthenticateUser{
51 * Does the actual authentication of the user and returns an id that will be used
52 * to load the current user (loadUserOnSession)
55 * @param STRING $password
56 * @return STRING id - used for loading the user
58 * Contributions by Erik Mitchell erikm@logicpd.com
60 function authenticateUser($name, $password) {
61 if(empty($_POST['SAMLResponse']))return parent::authenticateUser($name, $password);
63 require 'modules/Users/authentication/SAMLAuthenticate/settings.php';
64 require 'modules/Users/authentication/SAMLAuthenticate/lib/onelogin/saml.php';
65 $samlresponse = new SamlResponse($_POST['SAMLResponse']);
66 $samlresponse->user_settings = get_user_settings();
67 if ($samlresponse->is_valid()){
68 $dbresult = $GLOBALS['db']->query("SELECT id, status FROM users WHERE user_name='" . $samlresponse->get_nameid() . "' AND deleted = 0");
70 //user already exists use this one
71 if($row = $GLOBALS['db']->fetchByAssoc($dbresult)){
72 if($row['status'] != 'Inactive')
77 return $this->createUser($samlresponse->get_nameid());
90 * Creates a user with the given User Name and returns the id of that new user
91 * populates the user with what was set in ldapUserInfo
96 function createUser($name){
99 $user->user_name = $name;
100 $user->email1 = $name;
101 $user->last_name = $name;
102 $user->employee_status = 'Active';
103 $user->status = 'Active';
105 $user->external_auth_only = 1;
106 $user->system_generated_password = 0;