Tweaking simplesamlphp privacyidea.php on CentOS 6.7

Hi,

I’ve been playing with privacyidea alongside our development simplesamlphp
setup, with a view to using it to provide 2FA on our production IdP. We’ve
got paper based OTP with Active Directory users/passwords working OK, which
is a great start. However in getting to this stage I had to tweak a couple
of lines in the privacyidea module for simplesamlphp
(modules/privacyidea/lib/Auth/Source/privacyidea.php). It appear that my
version of php (5.3.3 on CentOS 6.7) doesn’t like the syntax of some of the
arrays in foreach statements. Replacing them with explicit array functions
fixes it.

In case this helps anyone else, here’s a context diff of the changes:

*** privacyidea.php 2017-04-26 11:09:10.127262689 +0100
— privacyidea.php.Original 2017-03-02 07:38:07.000000000 +0000***************
*** 145,158 ****
}
// determine the client IP
$headers = $_SERVER;

! foreach(array(“X-Forwarded-For”, “HTTP_X_FORWARDED_FOR”, “REMOTE_ADDR”)
as $clientkey) {
if (array_key_exists($clientkey, $headers)) {
$client_ip = urlencode($headers[$clientkey]);
SimpleSAML_Logger::debug("Using IP from " . $clientkey . ": " .
$client_ip);
$params = $params . “&client=” . $client_ip;
break;
}
}

      // Add some debug so we know what we are doing.

— 145,157 ----
}
// determine the client IP
$headers = $_SERVER;
! foreach([“X-Forwarded-For”, “HTTP_X_FORWARDED_FOR”,
“REMOTE_ADDR”] as $clientkey) {
if (array_key_exists($clientkey, $headers)) {
$client_ip = urlencode($headers[$clientkey]);
SimpleSAML_Logger::debug(“Using IP from " . $clientkey .
”: " . $client_ip);
$params = $params . “&client=” . $client_ip;
break;
}
}

      // Add some debug so we know what we are doing.

*** 230,236 ****
if ($transaction_id) {
/* If we have a transaction_id, we do challenge
response /
SimpleSAML_Logger::debug(“Throwing
CHALLENGERESPONSE”);
! throw new
SimpleSAML_Error_Error(array(“CHALLENGERESPONSE”, $transaction_id,
$message, $attributes));
}
SimpleSAML_Logger::debug(“Throwing WRONGUSERPASS”);
throw new SimpleSAML_Error_Error(“WRONGUSERPASS”);
— 229,235 ----
if ($transaction_id) {
/
If we have a transaction_id, we do challenge
response */
SimpleSAML_Logger::debug(“Throwing
CHALLENGERESPONSE”);
! throw new
SimpleSAML_Error_Error([“CHALLENGERESPONSE”, $transaction_id, $message,
$attributes]);
}
SimpleSAML_Logger::debug(“Throwing WRONGUSERPASS”);
throw new SimpleSAML_Error_Error(“WRONGUSERPASS”);

Hi Jon,

interesting! I think using array() instead of does no harm,
so we can add this to the github repo:
https://github.com/privacyidea/simplesamlphp-module-privacyidea/blob/master/lib/Auth/Source/privacyidea.php

Thanks a lot
CorneliusAm Mittwoch, 26. April 2017 16:41:28 UTC+2 schrieb Jon Knight:

Hi,

I’ve been playing with privacyidea alongside our development simplesamlphp
setup, with a view to using it to provide 2FA on our production IdP. We’ve
got paper based OTP with Active Directory users/passwords working OK, which
is a great start. However in getting to this stage I had to tweak a couple
of lines in the privacyidea module for simplesamlphp
(modules/privacyidea/lib/Auth/Source/privacyidea.php). It appear that my
version of php (5.3.3 on CentOS 6.7) doesn’t like the syntax of some of the
arrays in foreach statements. Replacing them with explicit array functions
fixes it.

In case this helps anyone else, here’s a context diff of the changes:

*** privacyidea.php 2017-04-26 11:09:10.127262689 +0100
— privacyidea.php.Original 2017-03-02 07:38:07.000000000 +0000


*** 145,158 ****
}
// determine the client IP
$headers = $_SERVER;

! foreach(array(“X-Forwarded-For”, “HTTP_X_FORWARDED_FOR”, “REMOTE_ADDR”)
as $clientkey) {
if (array_key_exists($clientkey, $headers)) {
$client_ip = urlencode($headers[$clientkey]);
SimpleSAML_Logger::debug("Using IP from " . $clientkey . ": " .
$client_ip);
$params = $params . “&client=” . $client_ip;
break;
}
}

      // Add some debug so we know what we are doing.

— 145,157 ----
}
// determine the client IP
$headers = $_SERVER;
! foreach([“X-Forwarded-For”, “HTTP_X_FORWARDED_FOR”,
“REMOTE_ADDR”] as $clientkey) {
if (array_key_exists($clientkey, $headers)) {
$client_ip = urlencode($headers[$clientkey]);
SimpleSAML_Logger::debug("Using IP from " . $clientkey .
": " . $client_ip);
$params = $params . “&client=” . $client_ip;
break;
}
}

      // Add some debug so we know what we are doing.

*** 230,236 ****
if ($transaction_id) {
/* If we have a transaction_id, we do challenge
response /
SimpleSAML_Logger::debug(“Throwing
CHALLENGERESPONSE”);
! throw new
SimpleSAML_Error_Error(array(“CHALLENGERESPONSE”, $transaction_id,
$message, $attributes));
}
SimpleSAML_Logger::debug(“Throwing WRONGUSERPASS”);
throw new SimpleSAML_Error_Error(“WRONGUSERPASS”);
— 229,235 ----
if ($transaction_id) {
/
If we have a transaction_id, we do challenge
response */
SimpleSAML_Logger::debug(“Throwing
CHALLENGERESPONSE”);
! throw new
SimpleSAML_Error_Error([“CHALLENGERESPONSE”, $transaction_id, $message,
$attributes]);
}
SimpleSAML_Logger::debug(“Throwing WRONGUSERPASS”);
throw new SimpleSAML_Error_Error(“WRONGUSERPASS”);