2 if(!defined('sugarEntry') || !sugarEntry) die('Not A Valid Entry Point');
3 /*********************************************************************************
4 * SugarCRM Community Edition is a customer relationship management program developed by
5 * SugarCRM, Inc. Copyright (C) 2004-2012 SugarCRM Inc.
7 * This program is free software; you can redistribute it and/or modify it under
8 * the terms of the GNU Affero General Public License version 3 as published by the
9 * Free Software Foundation with the addition of the following permission added
10 * to Section 15 as permitted in Section 7(a): FOR ANY PART OF THE COVERED WORK
11 * IN WHICH THE COPYRIGHT IS OWNED BY SUGARCRM, SUGARCRM DISCLAIMS THE WARRANTY
12 * OF NON INFRINGEMENT OF THIRD PARTY RIGHTS.
14 * This program is distributed in the hope that it will be useful, but WITHOUT
15 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
16 * FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
19 * You should have received a copy of the GNU Affero General Public License along with
20 * this program; if not, see http://www.gnu.org/licenses or write to the Free
21 * Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
24 * You can contact SugarCRM, Inc. headquarters at 10050 North Wolfe Road,
25 * SW2-130, Cupertino, CA 95014, USA. or at email address contact@sugarcrm.com.
27 * The interactive user interfaces in modified source and object code versions
28 * of this program must display Appropriate Legal Notices, as required under
29 * Section 5 of the GNU Affero General Public License version 3.
31 * In accordance with Section 7(b) of the GNU Affero General Public License version 3,
32 * these Appropriate Legal Notices must retain the display of the "Powered by
33 * SugarCRM" logo. If the display of the logo is not reasonably feasible for
34 * technical reasons, the Appropriate Legal Notices must display the words
35 * "Powered by SugarCRM".
36 ********************************************************************************/
43 * This file is where the user authentication occurs. No redirection should happen in this file.
46 require_once('modules/Users/authentication/SugarAuthenticate/SugarAuthenticateUser.php');
49 class SAMLAuthenticateUser extends SugarAuthenticateUser{
51 * Does the actual authentication of the user and returns an id that will be used
52 * to load the current user (loadUserOnSession)
55 * @param STRING $password
56 * @return STRING id - used for loading the user
58 * Contributions by Erik Mitchell erikm@logicpd.com
60 function authenticateUser($name, $password) {
61 $GLOBALS['log']->debug('authenticating user.'); // JMH
62 // uncomment the line below to test on the server. this is a temporary solution - John H. (task 9069)
63 // $_POST['SAMLResponse'] = "PHNhbWxwOlJlc3BvbnNlIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iIHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSIgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgRGVzdGluYXRpb249Imh0dHA6Ly9kZXZzdWdhci5ydHAucmFsZWlnaC5pYm0uY29tL3N1Z2FyLXNhbWwvaW5kZXgucGhwP21vZHVsZT1Vc2VycyZhbXA7YWN0aW9uPUF1dGhlbnRpY2F0ZSIgSUQ9IkZJTVJTUF8xZjUxNjc4Ni0wMTM0LTFmMGQtYWRiZS1iZWE4M2JhM2EyNTEiIEluUmVzcG9uc2VUbz0iXzhmMmFmY2UyNTJiNDVhZGVkNWE4IiBJc3N1ZUluc3RhbnQ9IjIwMTEtMTItMDhUMjA6MTU6NTVaIiBWZXJzaW9uPSIyLjAiPg0KICAgIDxzYW1sOklzc3VlciBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpuYW1laWQtZm9ybWF0OmVudGl0eSI+aHR0cHM6Ly9sb25kby5ydHAucmFsZWlnaC5pYm0uY29tOjk0NDMvc3BzL1NBTUxJZHAvc2FtbDIwPC9zYW1sOklzc3Vlcj4NCiAgICA8c2FtbHA6U3RhdHVzPg0KICAgICAgICA8c2FtbHA6U3RhdHVzQ29kZSBWYWx1ZT0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnN0YXR1czpTdWNjZXNzIj48L3NhbWxwOlN0YXR1c0NvZGU+DQogICAgPC9zYW1scDpTdGF0dXM+DQogICAgPHNhbWw6QXNzZXJ0aW9uIElEPSJBc3NlcnRpb24tdXVpZDFmNTE2NzdkLTAxMzQtMWE2NC05MTA4LWJlYTgzYmEzYTI1MSIgSXNzdWVJbnN0YW50PSIyMDExLTEyLTA4VDIwOjE1OjU1WiIgVmVyc2lvbj0iMi4wIj4NCiAgICAgICAgPHNhbWw6SXNzdWVyIEZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOm5hbWVpZC1mb3JtYXQ6ZW50aXR5Ij5odHRwczovL2xvbmRvLnJ0cC5yYWxlaWdoLmlibS5jb206OTQ0My9zcHMvU0FNTElkcC9zYW1sMjA8L3NhbWw6SXNzdWVyPg0KICAgICAgICA8ZHM6U2lnbmF0dXJlIHhtbG5zOmRzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIiBJZD0idXVpZDFmNTE2NzgxLTAxMzQtMWRmYS04ZDAwLWJlYTgzYmEzYTI1MSI+DQogICAgICAgICAgICA8ZHM6U2lnbmVkSW5mbz4NCiAgICAgICAgICAgICAgICA8ZHM6Q2Fub25pY2FsaXphdGlvbk1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyI+PC9kczpDYW5vbmljYWxpemF0aW9uTWV0aG9kPg0KICAgICAgICAgICAgICAgIDxkczpTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjcnNhLXNoYTEiPjwvZHM6U2lnbmF0dXJlTWV0aG9kPg0KICAgICAgICAgICAgICAgIDxkczpSZWZlcmVuY2UgVVJJPSIjQXNzZXJ0aW9uLXV1aWQxZjUxNjc3ZC0wMTM0LTFhNjQtOTEwOC1iZWE4M2JhM2EyNTEiPg0KICAgICAgICAgICAgICAgICAgICA8ZHM6VHJhbnNmb3Jtcz4NCiAgICAgICAgICAgICAgICAgICAgICAgIDxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjZW52ZWxvcGVkLXNpZ25hdHVyZSI+PC9kczpUcmFuc2Zvcm0+DQogICAgICAgICAgICAgICAgICAgICAgICA8ZHM6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIj4NCiAgICAgICAgICAgICAgICAgICAgICAgICAgICA8eGMxNG46SW5jbHVzaXZlTmFtZXNwYWNlcyB4bWxuczp4YzE0bj0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIiBQcmVmaXhMaXN0PSJ4cyBzYW1sIHhzaSI+PC94YzE0bjpJbmNsdXNpdmVOYW1lc3BhY2VzPg0KICAgICAgICAgICAgICAgICAgICAgICAgPC9kczpUcmFuc2Zvcm0+DQogICAgICAgICAgICAgICAgICAgIDwvZHM6VHJhbnNmb3Jtcz4NCiAgICAgICAgICAgICAgICAgICAgPGRzOkRpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNzaGExIj48L2RzOkRpZ2VzdE1ldGhvZD4NCiAgICAgICAgICAgICAgICAgICAgPGRzOkRpZ2VzdFZhbHVlPkdMV3BGdkYwYkx3UUVMWFpNZ1ozczFKL3pSUT08L2RzOkRpZ2VzdFZhbHVlPg0KICAgICAgICAgICAgICAgIDwvZHM6UmVmZXJlbmNlPg0KICAgICAgICAgICAgPC9kczpTaWduZWRJbmZvPg0KICAgICAgICAgICAgPGRzOlNpZ25hdHVyZVZhbHVlPkRVaEJueU1UUmFYNlUvT2hDZ2lrN08yZ2hDaXl5akNNOWpHTmk5UE1MMXdidWkyMjNyNCtaRW9tOGdodjVpL3pCOU0yVUhCZTNpdVNEYUUyVGxWVm96Y1h3bHJSUUFaTS9lMVZDck9hRFdhWWJURjZKZ05aM1RWekpDVy9helBNa21aenROV2laY2Z4Q3hjODRkYmlCSzlCQzNOdEdVZGlwWlpQb3h4WUlZYz08L2RzOlNpZ25hdHVyZVZhbHVlPg0KICAgICAgICAgICAgPGRzOktleUluZm8+DQogICAgICAgICAgICAgICAgPGRzOlg1MDlEYXRhPg0KICAgICAgICAgICAgICAgICAgICA8ZHM6WDUwOUNlcnRpZmljYXRlPk1JSUMxekNDQWtDZ0F3SUJBZ0lJRWtvd1hvZlF0eWd3RFFZSktvWklodmNOQVFFRkJRQXdnWW94Q3pBSkJnTlZCQVlUQWxWVE1Rd3dDZ1lEVlFRS0V3TkpRazB4RkRBU0JnTlZCQXNUQzJ4dmJtUnZUbTlrWlRBeE1SZ3dGZ1lEVlFRTEV3OXNiMjVrYjA1dlpHVXdNVU5sYkd3eEdUQVhCZ05WQkFzVEVGSnZiM1FnUTJWeWRHbG1hV05oZEdVeElqQWdCZ05WQkFNVEdXeHZibVJ2TG5KMGNDNXlZV3hsYVdkb0xtbGliUzVqYjIwd0hoY05NVEV4TURBMU1UWXpOekF6V2hjTk1USXhNREEwTVRZek56QXpXakJ2TVFzd0NRWURWUVFHRXdKVlV6RU1NQW9HQTFVRUNoTURTVUpOTVJRd0VnWURWUVFMRXd0c2IyNWtiMDV2WkdVd01URVlNQllHQTFVRUN4TVBiRzl1Wkc5T2IyUmxNREZEWld4c01TSXdJQVlEVlFRREV4bHNiMjVrYnk1eWRIQXVjbUZzWldsbmFDNXBZbTB1WTI5dE1JR2ZNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0R05BRENCaVFLQmdRQ1BkcHBnRnRMWXJJdUdwSE1uNXYzZzdRNXRPdHZRZzh4WW9nVjkzdnJBTWhtcUlGWkFqUkFzWXdGc3lyaFQ3UnVxckttaEhtbnEvSUlQcHVWbGhZRjZvZisyTEExZ0VkSGMyb1lBRk5WNUl5cFdRS1JjUWF6RlNHc2FqQktLUExjclNaY20zQVNHYlYySHVNKytNMFZmMWs4Q3hqM1hOb1NIRjJRZnZVUHZmUUlEQVFBQm8yQXdYakJKQmdOVkhSRUVRakJBZ1Q1UWNtOW1hV3hsVlZWSlJEcEJjSEJUY25Zd01TMUNRVk5GTFRJM1ltRmhOMlEzTFRoallUTXROR1F6T1MxaU1qYzNMVEprWm1VNE1tSXpaamxtWXpBUkJnTlZIUTRFQ2dRSVFxUWFNYVlyYmE4d0RRWUpLb1pJaHZjTkFRRUZCUUFEZ1lFQWxJd0FlZnpnRXRLeXBBazJndkhFQnk1Njc1UGtBcU5MT3ZrN2JDRVRsQnVXdTAya0N2bGtSQ09FdFJCanIrbVBHYkRaaHRTZEt3SkFibDhiSXYvYkgzVnpSVHd3ODdYaUZzVzFPbDViL3o0SVBWcmhDVFFPMWVMQ2w2N3kycHd4SmROYWxOQUFXelpERytRSjNFQlp6K3hxUVdKbktRTkVjQjY3K0xBVXNHRT08L2RzOlg1MDlDZXJ0aWZpY2F0ZT4NCiAgICAgICAgICAgICAgICA8L2RzOlg1MDlEYXRhPg0KICAgICAgICAgICAgPC9kczpLZXlJbmZvPg0KICAgICAgICA8L2RzOlNpZ25hdHVyZT4NCiAgICAgICAgPHNhbWw6U3ViamVjdD4NCiAgICAgICAgICAgIDxzYW1sOk5hbWVJRCBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjEuMTpuYW1laWQtZm9ybWF0OnVuc3BlY2lmaWVkIj5DLUNCVEs4OTc8L3NhbWw6TmFtZUlEPg0KICAgICAgICAgICAgPHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbiBNZXRob2Q9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpjbTpiZWFyZXIiPg0KICAgICAgICAgICAgICAgIDxzYW1sOlN1YmplY3RDb25maXJtYXRpb25EYXRhIEluUmVzcG9uc2VUbz0iXzhmMmFmY2UyNTJiNDVhZGVkNWE4IiBOb3RPbk9yQWZ0ZXI9IjIwMTEtMTItMDhUMjA6MTY6NTVaIiBSZWNpcGllbnQ9Imh0dHA6Ly9kZXZzdWdhci5ydHAucmFsZWlnaC5pYm0uY29tL3N1Z2FyLXNhbWwvaW5kZXgucGhwP21vZHVsZT1Vc2VycyZhbXA7YWN0aW9uPUF1dGhlbnRpY2F0ZSI+PC9zYW1sOlN1YmplY3RDb25maXJtYXRpb25EYXRhPg0KICAgICAgICAgICAgPC9zYW1sOlN1YmplY3RDb25maXJtYXRpb24+DQogICAgICAgIDwvc2FtbDpTdWJqZWN0Pg0KICAgICAgICA8c2FtbDpDb25kaXRpb25zIE5vdEJlZm9yZT0iMjAxMC0xMi0wOFQyMDoxNDo1NVoiIE5vdE9uT3JBZnRlcj0iMjAxMy0xMi0wOFQyMDoxNjo1NVoiPg0KICAgICAgICAgICAgPHNhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj4NCiAgICAgICAgICAgICAgICA8c2FtbDpBdWRpZW5jZT5waHAtc2FtbDwvc2FtbDpBdWRpZW5jZT4NCiAgICAgICAgICAgIDwvc2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPg0KICAgICAgICA8L3NhbWw6Q29uZGl0aW9ucz4NCiAgICAgICAgPHNhbWw6QXV0aG5TdGF0ZW1lbnQgQXV0aG5JbnN0YW50PSIyMDExLTEyLTA4VDIwOjE1OjU1WiIgU2Vzc2lvbkluZGV4PSJ1dWlkMWY0ZTU2MzItMDEzNC0xNjRlLTk1MWItYmVhODNiYTNhMjUxIiBTZXNzaW9uTm90T25PckFmdGVyPSIyMDExLTEyLTA4VDIxOjE1OjU1WiI+DQogICAgICAgICAgICA8c2FtbDpBdXRobkNvbnRleHQ+DQogICAgICAgICAgICAgICAgPHNhbWw6QXV0aG5Db250ZXh0Q2xhc3NSZWY+dXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFjOmNsYXNzZXM6UGFzc3dvcmRQcm90ZWN0ZWRUcmFuc3BvcnQ8L3NhbWw6QXV0aG5Db250ZXh0Q2xhc3NSZWY+DQogICAgICAgICAgICA8L3NhbWw6QXV0aG5Db250ZXh0Pg0KICAgICAgICA8L3NhbWw6QXV0aG5TdGF0ZW1lbnQ+DQogICAgICAgIDxzYW1sOkF0dHJpYnV0ZVN0YXRlbWVudD4NCiAgICAgICAgICAgIDxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJETl9WYWx1ZSIgTmFtZUZvcm1hdD0idXJuOmlibTpuYW1lczpJVEZJTTo1LjE6YWNjZXNzbWFuYWdlciI+DQogICAgICAgICAgICAgICAgPHNhbWw6QXR0cmlidXRlVmFsdWUgeHNpOnR5cGU9InhzOnN0cmluZyI+dWlkPUMtQ0JUSzg5NyxjPXVzLG91PWJsdWVwYWdlcyxvPWlibS5jb208L3NhbWw6QXR0cmlidXRlVmFsdWU+DQogICAgICAgICAgICA8L3NhbWw6QXR0cmlidXRlPg0KICAgICAgICA8L3NhbWw6QXR0cmlidXRlU3RhdGVtZW50Pg0KICAgIDwvc2FtbDpBc3NlcnRpb24+DQo8L3NhbWxwOlJlc3BvbnNlPg==";
67 if(empty($_POST['SAMLResponse']))return parent::authenticateUser($name, $password);
69 $GLOBALS['log']->debug('have saml data.'); // JMH
70 // Look for custom versions of config files
71 if (file_exists('custom/modules/Users/authentication/SAMLAuthenticate/settings.php'))
72 require 'custom/modules/Users/authentication/SAMLAuthenticate/settings.php';
74 require 'modules/Users/authentication/SAMLAuthenticate/settings.php';
75 require 'modules/Users/authentication/SAMLAuthenticate/lib/onelogin/saml.php';
77 $samlresponse = new SamlResponse(get_saml_settings(), $_POST['SAMLResponse']);
79 if ($samlresponse->is_valid()){
80 $GLOBALS['log']->debug('response is valid');
81 $settings = get_saml_settings();
82 $customFields = $this->getAdditionalFieldsToSelect($samlresponse, $settings);
83 $GLOBALS['log']->debug('got this many custom fields:' . count($customFields));
84 $xmlDoc = new DOMDocument();
85 $xmlDoc->loadXML(base64_decode($_POST['SAMLResponse']));
86 $xpath = new DOMXpath($xmlDoc);
87 $query = $settings->saml_settings['check']['user_name'];
88 $entries = $xpath->query($query);
89 $nameId = $entries->item(0)->nodeValue;
91 $sql = "SELECT id, status $customFields FROM users WHERE " . $settings->id . "='" . $nameId . "' AND deleted = 0";
92 $dbresult = $GLOBALS['db']->query("SELECT id, status $customFields FROM users WHERE " . $settings->id . "='" . $nameId . "' AND deleted = 0");
94 $GLOBALS['log']->debug("sql: {$sql}"); // JMH
96 $GLOBALS['log']->debug('queried the db'); // JMH
97 //user already exists use this one
98 if($row = $GLOBALS['db']->fetchByAssoc($dbresult)){
99 $GLOBALS['log']->debug('have db results'); // JMH
100 if($row['status'] != 'Inactive')
102 $GLOBALS['log']->debug('have current user'); // JMH
103 $this->updateCustomFields($row, $_POST['SAMLResponse'], $settings);
108 $GLOBALS['log']->debug('have inactive user'); // JMH
114 if (IsSet($settings->customCreateFunction))
116 // we don't have anything for this yet, so just call whatever function may be
117 // defined in the custom settings file
118 // call_user_func($settings->customCreateFunction);
122 return $this->createUser($samlresponse->get_nameid(), $xpath, $settings);
125 // comment out the following two lines for testing - John H. (task 9069)
132 * Updates the custom fields listed in settings->saml_settings['update'] in our
133 * db records with the data from the xml in the saml assertion. Every field
134 * listed in the ['update'] array is a key whose value is a (hopefully) valid
135 * xpath, which in turn can be used to retrive the value of the node specified
136 * by that xpath. If the value of the node does not equal the value in our
137 * records, update our records to match the value from the xml.
139 * @param hash $dbData - data for this user from our db.
140 * @param string $xmlSAMLAssertion - xml text, a valid saml assertion.
141 * @param SamlSettings $settings - our settings object.
142 * @return int - 0 = no action taken, 1 = user record saved, -1 = no update.
144 * Contributed by Mike Andersen, SugarCRM.
146 function updateCustomFields($dbData, $xmlSAMLAssertion, $settings)
148 $customFields = $this->getCustomFields($settings, 'update');
150 if (count($customFields) == 0)
152 $GLOBALS['log']->debug("No custom fields! So returning 0."); // JMH
157 $user->retrieve($dbData['id']);
158 $GLOBALS['log']->debug("updateCF()... userid={$user->id}"); // JMH
160 $xmlDoc = new DOMDocument();
161 $xmlDoc->loadXML(base64_decode($xmlSAMLAssertion));
162 $xpath = new DOMXpath($xmlDoc);
163 $GLOBALS['log']->debug("Created xpath object."); // JMH
165 $customFieldUpdated = false;
167 foreach ($customFields as $field)
169 $GLOBALS['log']->debug("Top of fields loop with $field."); // JMH
170 if (!array_key_exists($field, $dbData))
172 $GLOBALS['log']->debug("$field is not in \$dbData. \n\$dbData=" . var_export($dbData, TRUE)); // JMH
173 // custom field not listed in db query results!
176 $customFieldValue = $dbData[$field];
178 $xmlNodes = $xpath->query($settings->saml_settings['update'][$field]);
179 if ($xmlNodes === false)
182 $GLOBALS['log']->debug("$field contains bad xpath: " . $settings->saml_settings['update'][$field]); // JMH
185 $GLOBALS['log']->debug("updateCF(): 3"); // JMH
186 if ($xmlNodes->length == 0)
188 // no nodes match xpath!
189 $GLOBALS['log']->debug("$field no nodes match this xpath: " . $settings->saml_settings['update'][$field]); // JMH
193 $xmlValue = $xmlNodes->item(0)->nodeValue;
194 $GLOBALS['log']->debug("$field xpath returned $xmlValue"); // JMH
196 if ($customFieldValue != $xmlValue)
198 // need to update our user record.
199 $customFieldUpdated = true;
200 $user->$field = $xmlValue;
201 $GLOBALS['log']->debug("db is out of date. setting {$field} to {$xmlValue}"); // JMH
205 if ($customFieldUpdated)
207 $GLOBALS['log']->debug("updateCustomFields calling user->save() and returning 0"); // JMH
212 $GLOBALS['log']->debug("updateCustomFields found no fields to update. Returning -1"); // JMH
218 * Determines if there are custom fields to add to our select statement, and
219 * returns a comma prepended, comma-delimited list of those custom fields.
221 * @param SamlResponse $samlresponse
222 * @param SamlSettings $settings
223 * @return String $additionalFields = either empty, or ", field1[, field2, fieldn]"
225 * Contributed by Mike Andersen, SugarCRM.
227 function getAdditionalFieldsToSelect($samlresponse, $settings)
229 $additionalFields = "";
230 if (IsSet($settings->saml_settings))
232 if (IsSet($settings->saml_settings['update']))
234 if (count($settings->saml_settings['update']) > 0)
236 $additionalFields = ", " . implode(",", $this->getCustomFields($settings, 'update'));
240 return $additionalFields;
245 * Returns an array of custom field names. These names are the keys in the
246 * 'update' hash in $settings->saml_settings hash.
247 * See modules/Users/authentication/SAMLAuthenticate/settings.php for details.
249 * @param SamlSettings $settings
250 * @param String $which - which custom fields: 'check', 'create' or 'update'
251 * @return Array - list of custom field names.
253 * Contributed by Mike Andersen, SugarCRM.
255 function getCustomFields($settings, $which)
257 if (IsSet($settings->saml_settings[$which]))
259 return array_keys($settings->saml_settings[$which]);
271 * Creates a user with the given User Name and returns the id of that new user
272 * populates the user with what was set in the SAML Response
274 * @param STRING $name
275 * @param DOMXpath $xpath
276 * @param SamlSettings $settings - our settings object.
279 function createUser($name, $xpath, $settings)
281 $GLOBALS['log']->debug("Called createUser");
283 $user->user_name = $name;
284 $user->email1 = $name;
285 $user->last_name = $name;
286 $user->employee_status = 'Active';
287 $user->status = 'Active';
289 $user->external_auth_only = 1;
290 $user->system_generated_password = 0;
292 // Loop through the create custom fields and update their values in the
293 // user object from the xml SAML response.
294 $customFields = $this->getCustomFields($settings, 'create');
295 $GLOBALS['log']->debug("number of custom fields: " . count($customFields));
296 foreach ($customFields as $field)
298 $GLOBALS['log']->debug("xpath for $field is " . $settings->saml_settings['create'][$field]);
299 $xmlNodes = $xpath->query($settings->saml_settings['create'][$field]);
300 if ($xmlNodes === false)
303 $GLOBALS['log']->debug("Bad xpath: " . $settings->saml_settings['create'][$field]);
306 if ($xmlNodes->length == 0)
308 // no nodes match xpath!
309 $GLOBALS['log']->debug("No nodes match this xpath: " . $settings->saml_settings['create'][$field]);
315 $user->new_with_id = true;
318 $xmlValue = $xmlNodes->item(0)->nodeValue;
319 $GLOBALS['log']->debug("Setting $field to $xmlValue");
320 $user->$field = $xmlValue;
323 $GLOBALS['log']->debug("finished loop - saving.");
325 $GLOBALS['log']->debug("New user id is " . $user->id);