diff options
| author | Andreas Gohr <andi@splitbrain.org> | 2013-10-22 21:45:37 +0200 |
|---|---|---|
| committer | Andreas Gohr <andi@splitbrain.org> | 2013-10-22 21:45:37 +0200 |
| commit | d34a2a38603431bc5caa74b726a6f58d86a70530 (patch) | |
| tree | d860b2c9fa5ccb254673d5b9dec597339068736c | |
| parent | 1d8036c2a36d5e226e4a58657e9d859cbc241508 (diff) | |
| download | rpg-d34a2a38603431bc5caa74b726a6f58d86a70530.tar.gz rpg-d34a2a38603431bc5caa74b726a6f58d86a70530.tar.bz2 | |
allow charset for SSO to be configured FS#2148
| -rw-r--r-- | lib/plugins/authad/auth.php | 26 | ||||
| -rw-r--r-- | lib/plugins/authad/conf/default.php | 1 | ||||
| -rw-r--r-- | lib/plugins/authad/conf/metadata.php | 1 | ||||
| -rw-r--r-- | lib/plugins/authad/lang/en/settings.php | 3 |
4 files changed, 21 insertions, 10 deletions
diff --git a/lib/plugins/authad/auth.php b/lib/plugins/authad/auth.php index fcbd2eeef..e1d758fb8 100644 --- a/lib/plugins/authad/auth.php +++ b/lib/plugins/authad/auth.php @@ -92,16 +92,24 @@ class auth_plugin_authad extends DokuWiki_Auth_Plugin { } // Prepare SSO - if(!utf8_check($_SERVER['REMOTE_USER'])) { - $_SERVER['REMOTE_USER'] = utf8_encode($_SERVER['REMOTE_USER']); - } - if($_SERVER['REMOTE_USER'] && $this->conf['sso']) { - $_SERVER['REMOTE_USER'] = $this->cleanUser($_SERVER['REMOTE_USER']); + if(!empty($_SERVER['REMOTE_USER'])) { + + // make sure the right encoding is used + if($this->getConf('sso_charset')) { + $_SERVER['REMOTE_USER'] = iconv($this->getConf('sso_charset'), 'UTF-8', $_SERVER['REMOTE_USER']); + } elseif(!utf8_check($_SERVER['REMOTE_USER'])) { + $_SERVER['REMOTE_USER'] = utf8_encode($_SERVER['REMOTE_USER']); + } - // we need to simulate a login - if(empty($_COOKIE[DOKU_COOKIE])) { - $INPUT->set('u', $_SERVER['REMOTE_USER']); - $INPUT->set('p', 'sso_only'); + // trust the incoming user + if($this->conf['sso']) { + $_SERVER['REMOTE_USER'] = $this->cleanUser($_SERVER['REMOTE_USER']); + + // we need to simulate a login + if(empty($_COOKIE[DOKU_COOKIE])) { + $INPUT->set('u', $_SERVER['REMOTE_USER']); + $INPUT->set('p', 'sso_only'); + } } } diff --git a/lib/plugins/authad/conf/default.php b/lib/plugins/authad/conf/default.php index f71202cfc..6fb4c9145 100644 --- a/lib/plugins/authad/conf/default.php +++ b/lib/plugins/authad/conf/default.php @@ -4,6 +4,7 @@ $conf['account_suffix'] = ''; $conf['base_dn'] = ''; $conf['domain_controllers'] = ''; $conf['sso'] = 0; +$conf['sso_charset'] = ''; $conf['admin_username'] = ''; $conf['admin_password'] = ''; $conf['real_primarygroup'] = 0; diff --git a/lib/plugins/authad/conf/metadata.php b/lib/plugins/authad/conf/metadata.php index 7b4f895d0..560d25315 100644 --- a/lib/plugins/authad/conf/metadata.php +++ b/lib/plugins/authad/conf/metadata.php @@ -4,6 +4,7 @@ $meta['account_suffix'] = array('string','_caution' => 'danger'); $meta['base_dn'] = array('string','_caution' => 'danger'); $meta['domain_controllers'] = array('string','_caution' => 'danger'); $meta['sso'] = array('onoff','_caution' => 'danger'); +$meta['sso_charset'] = array('string','_caution' => 'danger'); $meta['admin_username'] = array('string','_caution' => 'danger'); $meta['admin_password'] = array('password','_caution' => 'danger'); $meta['real_primarygroup'] = array('onoff','_caution' => 'danger'); diff --git a/lib/plugins/authad/lang/en/settings.php b/lib/plugins/authad/lang/en/settings.php index aff49550b..92e9ac4e8 100644 --- a/lib/plugins/authad/lang/en/settings.php +++ b/lib/plugins/authad/lang/en/settings.php @@ -6,7 +6,8 @@ $lang['domain_controllers'] = 'A comma separated list of Domain controllers. Eg. $lang['admin_username'] = 'A privileged Active Directory user with access to all other user\'s data. Optional, but needed for certain actions like sending subscription mails.'; $lang['admin_password'] = 'The password of the above user.'; $lang['sso'] = 'Should Single-Sign-On via Kerberos or NTLM be used?'; -$lang['real_primarygroup'] = 'Should the real primary group be resolved instead of assuming "Domain Users" (slower)'; +$lang['sso_charset'] = 'The charset your webserver will pass the Kerberos or NTLM username in. Empty for UTF-8 or latin-1. Requires the iconv extension.'; +$lang['real_primarygroup'] = 'Should the real primary group be resolved instead of assuming "Domain Users" (slower).'; $lang['use_ssl'] = 'Use SSL connection? If used, do not enable TLS below.'; $lang['use_tls'] = 'Use TLS connection? If used, do not enable SSL above.'; $lang['debug'] = 'Display additional debugging output on errors?'; |