Tweaking simplesamlphp privacyidea.php on CentOS 6.7

26 views
Skip to first unread message

Jon Knight

unread,
Apr 26, 2017, 10:41:28 AM4/26/17
to privacyidea
Hi,

I've been playing with privacyidea alongside our development simplesamlphp setup, with a view to using it to provide 2FA on our production IdP.  We've got paper based OTP with Active Directory users/passwords working OK, which is a great start.  However in getting to this stage I had to tweak a couple of lines in the privacyidea module for simplesamlphp (modules/privacyidea/lib/Auth/Source/privacyidea.php).  It appear that my version of php (5.3.3 on CentOS 6.7) doesn't like the syntax of some of the arrays in foreach statements.  Replacing them with explicit array functions fixes it.

In case this helps anyone else, here's a context diff of the changes:

*** privacyidea.php 2017-04-26 11:09:10.127262689 +0100
--- privacyidea.php.Original 2017-03-02 07:38:07.000000000 +0000
***************
*** 145,158 ****
          }
          // determine the client IP
          $headers = $_SERVER;
 
! foreach(array("X-Forwarded-For", "HTTP_X_FORWARDED_FOR", "REMOTE_ADDR") as $clientkey) {
 if (array_key_exists($clientkey, $headers)) {
   $client_ip = urlencode($headers[$clientkey]);
   SimpleSAML_Logger::debug("Using IP from " . $clientkey . ": " . $client_ip);
   $params = $params . "&client=" . $client_ip;
   break;
 }
          }
  
          // Add some debug so we know what we are doing.
--- 145,157 ----
          }
          // determine the client IP
          $headers = $_SERVER;
!         foreach(["X-Forwarded-For", "HTTP_X_FORWARDED_FOR", "REMOTE_ADDR"] as $clientkey) {
             if (array_key_exists($clientkey, $headers)) {
                 $client_ip = urlencode($headers[$clientkey]);
                 SimpleSAML_Logger::debug("Using IP from " . $clientkey . ": " . $client_ip);
                 $params = $params . "&client=" . $client_ip;
                 break;
             }
          }
  
          // Add some debug so we know what we are doing.
***************
*** 230,236 ****
                  if ($transaction_id) {
                      /* If we have a transaction_id, we do challenge response */
                      SimpleSAML_Logger::debug("Throwing CHALLENGERESPONSE");
!                     throw new SimpleSAML_Error_Error(array("CHALLENGERESPONSE", $transaction_id, $message, $attributes));
                  }
                  SimpleSAML_Logger::debug("Throwing WRONGUSERPASS");
                  throw new SimpleSAML_Error_Error("WRONGUSERPASS");
--- 229,235 ----
                  if ($transaction_id) {
                      /* If we have a transaction_id, we do challenge response */
                      SimpleSAML_Logger::debug("Throwing CHALLENGERESPONSE");
!                     throw new SimpleSAML_Error_Error(["CHALLENGERESPONSE", $transaction_id, $message, $attributes]);
                  }
                  SimpleSAML_Logger::debug("Throwing WRONGUSERPASS");
                  throw new SimpleSAML_Error_Error("WRONGUSERPASS");

Cornelius Kölbel

unread,
Apr 26, 2017, 11:38:01 AM4/26/17
to privacyidea
Hi Jon,

interesting! I think using array() instead of [] does no harm,
so we can add this to the github repo:

Thanks a lot
Cornelius
Reply all
Reply to author
Forward
0 new messages