phpCAS proxy initializer.
| public static proxy ( string $server_version, string $server_hostname, string $server_port, string $server_uri, boolean $changeSessionID = true ) : a | ||
| $server_version | string | the version of the CAS server |
| $server_hostname | string | the hostname of the CAS server |
| $server_port | string | the port the CAS server is running on |
| $server_uri | string | the URI the CAS server is responding on |
| $changeSessionID | boolean | Allow phpCAS to change the session_id (Single Sign Out/handleLogoutRequests is based on that change) |
| return | a | newly created CAS_Client object |
/**
* Initializes the authority objects based on an associative array of arguments
* @param array $args an associate array of arguments. The argument list is dependent on the authority
*
* General - Required keys:
* TITLE => The human readable title of the AuthorityImage
* INDEX => The tag used to identify this authority @see AuthenticationAuthority::getAuthenticationAuthority
*
* General - Optional keys:
* LOGGEDIN_IMAGE_URL => a url to an image/badge that is placed next to the user name when logged in
*
* CAS - Required keys:
* CAS_PROTOCOL => The protocol to use. Should be equivalent to one of the phpCAS constants, e.g. "2.0":
* CAS_VERSION_1_0 => '1.0', CAS_VERSION_2_0 => '2.0', SAML_VERSION_1_1 => 'S1'
* CAS_HOST => The host name of the CAS server, e.g. "cas.example.edu"
* CAS_PORT => The port the CAS server is listening on, e.g. "443"
* CAS_PATH => The path of the CAS application, e.g. "/cas/"
* CAS_CA_CERT => The filesystem path to a CA certificate that will be used to validate the authenticity
* of the CAS server, e.g. "/etc/tls/pki/certs/my_ca_cert.crt". If empty, no certificate
* validation will be performed (not recommended for production).
*
* CAS - Optional keys:
* ATTRA_EMAIL => Attribute name for the user's email adress, e.g. "email". This only applies if your
* CAS server returns attributes in a SAML-1.1 or CAS-2.0 response.
* ATTRA_FIRST_NAME => Attribute name for the user's first name, e.g. "givename". This only applies if your
* CAS server returns attributes in a SAML-1.1 or CAS-2.0 response.
* ATTRA_LAST_NAME => Attribute name for the user's last name, e.g. "surname". This only applies if your
* CAS server returns attributes in a SAML-1.1 or CAS-2.0 response.
* ATTRA_FULL_NAME => Attribute name for the user's full name, e.g. "displayname". This only applies if your
* CAS server returns attributes in a SAML-1.1 or CAS-2.0 response.
* ATTRA_MEMBER_OF => Attribute name for the user's groups, e.g. "memberof". This only applies if your
* CAS server returns attributes in a SAML-1.1 or CAS-2.0 response.
*
* NOTE: Any subclass MUST call parent::init($args) to ensure proper operation
*
*/
public function init($args)
{
parent::init($args);
// include the PHPCAS library
if (empty($args['CAS_PHPCAS_PATH'])) {
require_once 'CAS.php';
} else {
require_once $args['CAS_PHPCAS_PATH'] . '/CAS.php';
}
if (empty($args['CAS_PROTOCOL'])) {
throw new KurogoConfigurationException('CAS_PROTOCOL value not set for ' . $this->AuthorityTitle);
}
if (empty($args['CAS_HOST'])) {
throw new KurogoConfigurationException('CAS_HOST value not set for ' . $this->AuthorityTitle);
}
if (empty($args['CAS_PORT'])) {
throw new KurogoConfigurationException('CAS_PORT value not set for ' . $this->AuthorityTitle);
}
if (empty($args['CAS_PATH'])) {
throw new KurogoConfigurationException('CAS_PATH value not set for ' . $this->AuthorityTitle);
}
if (empty($args['CAS_PROXY_INIT'])) {
phpCAS::client($args['CAS_PROTOCOL'], $args['CAS_HOST'], intval($args['CAS_PORT']), $args['CAS_PATH'], false);
} else {
phpCAS::proxy($args['CAS_PROTOCOL'], $args['CAS_HOST'], intval($args['CAS_PORT']), $args['CAS_PATH'], false);
if (!empty($args['CAS_PROXY_TICKET_PATH'])) {
phpCAS::setPGTStorageFile('', $args['CAS_PROXY_TICKET_PATH']);
}
if (!empty($args['CAS_PROXY_FIXED_CALLBACK_URL'])) {
phpCAS::setFixedCallbackURL($args['CAS_PROXY_FIXED_CALLBACK_URL']);
}
}
if (empty($args['CAS_CA_CERT'])) {
phpCAS::setNoCasServerValidation();
} else {
phpCAS::setCasServerCACert($args['CAS_CA_CERT']);
}
// Record any attribute mapping configured.
if (!empty($args['ATTRA_EMAIL'])) {
CASUser::mapAttribute('Email', $args['ATTRA_EMAIL']);
}
if (!empty($args['ATTRA_FIRST_NAME'])) {
CASUser::mapAttribute('FirstName', $args['ATTRA_FIRST_NAME']);
}
if (!empty($args['ATTRA_LAST_NAME'])) {
CASUser::mapAttribute('LastName', $args['ATTRA_LAST_NAME']);
}
if (!empty($args['ATTRA_FULL_NAME'])) {
CASUser::mapAttribute('FullName', $args['ATTRA_FULL_NAME']);
}
// Store an attribute for group membership if configured.
if (!empty($args['ATTRA_MEMBER_OF'])) {
CASUser::mapAttribute('MemberOf', $args['ATTRA_MEMBER_OF']);
}
}
function setup()
{
//Only setup if we haven't already
global $PHPCAS_CLIENT;
if (!is_object($PHPCAS_CLIENT)) {
phpCAS::setDebug("/var/www/campus/dev.intranet.campusforchrist.org/cas.log");
phpCAS::proxy(SITE_CAS_VERSION, SITE_CAS_HOSTNAME, SITE_CAS_PORT, SITE_CAS_PATH, SITE_CAS_SESSION);
phpCAS::setFixedCallbackURL(SITE_CAS_CALLBACK);
//No SSL
phpCAS::setNoCasServerValidation();
phpCAS::setPGTStorageFile('xml', SITE_CAS_PGT_STORE);
//session_save_path());
return true;
}
return false;
}
<?php
// Example for a proxy with session usage
// Load the settings from the central config file
include_once 'config.php';
// Load the CAS lib
include_once $phpcas_path . '/CAS.php';
// Uncomment to enable debugging
phpCAS::setDebug();
// Initialize phpCAS
phpCAS::proxy(CAS_VERSION_2_0, $cas_host, $cas_port, $cas_context);
// For production use set the CA certificate that is the issuer of the cert
// on the CAS server and uncomment the line below
// phpCAS::setCasServerCACert($cas_server_ca_cert_path);
// For quick testing you can disable SSL validation of the CAS server.
// THIS SETTING IS NOT RECOMMENDED FOR PRODUCTION.
// VALIDATING THE CAS SERVER IS CRUCIAL TO THE SECURITY OF THE CAS PROTOCOL!
phpCAS::setNoCasServerValidation();
// force CAS authentication
phpCAS::forceAuthentication();
// at this step, the user has been authenticated by the CAS server
// and the user's login name can be read with phpCAS::getUser().
// moreover, a PGT was retrieved from the CAS server that will
// permit to gain accesses to new services.
?>
<html>
<head>
<title>phpCAS proxied proxy example (with sessioning)</title>
<link rel="stylesheet" type='text/css' href='example.css'/>
</head>
<body>
$_SESSION['phpCAS']['service_cookies'] = array();
}
$sm = $_SESSION['ovd-client']['sessionmanager'];
foreach ($sm->get_cookies() as $k => $v) {
$cookie = array('domain' => parse_url($sm->get_base_url(), PHP_URL_HOST), 'path' => '/', 'secure' => false, 'name' => $k, 'value' => $v);
$_SESSION['phpCAS']['service_cookies'][] = $cookie;
}
}
$port = parse_url($CAS_server_url, PHP_URL_PORT);
if (is_null($port)) {
if (parse_url($CAS_server_url, PHP_URL_SCHEME) == 'https') {
$port = 443;
} else {
$port = 80;
}
}
$path = !parse_url($CAS_server_url, PHP_URL_PATH) ? '' : parse_url($CAS_server_url, PHP_URL_PATH);
phpCAS::proxy(CAS_VERSION_2_0, parse_url($CAS_server_url, PHP_URL_HOST), $port, $path, false);
phpCAS::setNoCasServerValidation();
phpCAS::setPGTStorageFile(CAS_PGT_STORAGE_FILE_FORMAT_PLAIN, session_save_path());
phpCAS::setFixedCallbackURL($CAS_callback_url);
//HTTPS required, and Apache's CRT must be added in Tomcat's keystore (CAS server)
phpCAS::forceAuthentication();
if (!phpCAS::serviceWeb($_SESSION['ovd-client']['sessionmanager_url'] . '/start', $errno, $output)) {
$_SESSION['ovd-client']['from_SM_start_XML'] = 'ERROR';
finish();
die;
}
$_SESSION['ovd-client']['from_SM_start_XML'] = $output;
finish();
die;
/**
* Connect to the CAS (clientcas connection or proxycas connection)
*
*/
function connectCAS()
{
global $CFG;
static $connected = false;
if (!$connected) {
// Make sure phpCAS doesn't try to start a new PHP session when connecting to the CAS server.
if ($this->config->proxycas) {
phpCAS::proxy($this->config->casversion, $this->config->hostname, (int) $this->config->port, $this->config->baseuri, false);
} else {
phpCAS::client($this->config->casversion, $this->config->hostname, (int) $this->config->port, $this->config->baseuri, false);
}
$connected = true;
}
// If Moodle is configured to use a proxy, phpCAS needs some curl options set.
if (!empty($CFG->proxyhost) && !is_proxybypass($this->config->hostname)) {
phpCAS::setExtraCurlOption(CURLOPT_PROXY, $CFG->proxyhost);
if (!empty($CFG->proxyport)) {
phpCAS::setExtraCurlOption(CURLOPT_PROXYPORT, $CFG->proxyport);
}
if (!empty($CFG->proxytype)) {
// Only set CURLOPT_PROXYTYPE if it's something other than the curl-default http
if ($CFG->proxytype == 'SOCKS5') {
phpCAS::setExtraCurlOption(CURLOPT_PROXYTYPE, CURLPROXY_SOCKS5);
}
}
if (!empty($CFG->proxyuser) and !empty($CFG->proxypassword)) {
phpCAS::setExtraCurlOption(CURLOPT_PROXYUSERPWD, $CFG->proxyuser . ':' . $CFG->proxypassword);
if (defined('CURLOPT_PROXYAUTH')) {
// any proxy authentication if PHP 5.1
phpCAS::setExtraCurlOption(CURLOPT_PROXYAUTH, CURLAUTH_BASIC | CURLAUTH_NTLM);
}
}
}
if ($this->config->certificate_check && $this->config->certificate_path) {
phpCAS::setCasServerCACert($this->config->certificate_path);
} else {
// Don't try to validate the server SSL credentials
phpCAS::setNoCasServerValidation();
}
}
<?php
//
// phpCAS proxied proxy
//
// import phpCAS lib
include_once 'CAS.php';
// set debug mode
phpCAS::setDebug();
// initialize phpCAS
phpCAS::proxy(CAS_VERSION_2_0, 'sso-cas.univ-rennes1.fr', 443, '');
// no SSL validation for the CAS server
phpCAS::setNoCasServerValidation();
// force CAS authentication
phpCAS::forceAuthentication();
// at this step, the user has been authenticated by the CAS server
// and the user's login name can be read with phpCAS::getUser().
// moreover, a PGT was retrieved from the CAS server that will
// permit to gain accesses to new services.
$service = 'http://phpcas-test.ifsic.univ-rennes1.fr/examples/example_service.php';
?>
<html>
<head>
<title>phpCAS proxied proxy example</title>
</head>
<body>
<h1>phpCAS proxied proxy example</h1>
<p>the user's login is <b><?php
echo phpCAS::getUser();
?>
</b>.</p>
function tryToLogUser(&$httpVars, $isLast = false)
{
if (isset($_SESSION["CURRENT_MINISITE"])) {
return false;
}
$this->loadConfig();
if (isset($_SESSION['AUTHENTICATE_BY_CAS'])) {
$flag = $_SESSION['AUTHENTICATE_BY_CAS'];
} else {
$flag = 0;
}
$pgtIou = !empty($httpVars['pgtIou']);
$logged = isset($_SESSION['LOGGED_IN_BY_CAS']);
$enre = !empty($httpVars['put_action_enable_redirect']);
$ticket = !empty($httpVars['ticket']);
$pgt = !empty($_SESSION['phpCAS']['pgt']);
$clientModeTicketPendding = isset($_SESSION['AUTHENTICATE_BY_CAS_CLIENT_MOD_TICKET_PENDDING']);
if ($this->cas_modify_login_page) {
if ($flag == 0 && $enre && !$logged && !$pgtIou) {
$_SESSION['AUTHENTICATE_BY_CAS'] = 1;
} elseif ($flag == 1 && !$enre && !$logged && !$pgtIou && !$ticket && !$pgt) {
$_SESSION['AUTHENTICATE_BY_CAS'] = 0;
} elseif ($flag == 1 && $enre && !$logged && !$pgtIou) {
$_SESSION['AUTHENTICATE_BY_CAS'] = 1;
} elseif ($pgtIou || $pgt) {
$_SESSION['AUTHENTICATE_BY_CAS'] = 1;
} elseif ($ticket) {
$_SESSION['AUTHENTICATE_BY_CAS'] = 1;
$_SESSION['AUTHENTICATE_BY_CAS_CLIENT_MOD_TICKET_PENDDING'] = 1;
} elseif ($logged && $pgtIou) {
$_SESSION['AUTHENTICATE_BY_CAS'] = 2;
} else {
$_SESSION['AUTHENTICATE_BY_CAS'] = 0;
}
if ($_SESSION['AUTHENTICATE_BY_CAS'] < 1) {
if ($clientModeTicketPendding) {
unset($_SESSION['AUTHENTICATE_BY_CAS_CLIENT_MOD_TICKET_PENDDING']);
} else {
return false;
}
}
}
/**
* Depend on phpCAS mode configuration
*/
switch ($this->cas_mode) {
case PHPCAS_MODE_CLIENT:
if ($this->checkConfigurationForClientMode()) {
AJXP_Logger::info(__FUNCTION__, "Start phpCAS mode Client: ", "sucessfully");
phpCAS::client(CAS_VERSION_2_0, $this->cas_server, $this->cas_port, $this->cas_uri, false);
if (!empty($this->cas_certificate_path)) {
phpCAS::setCasServerCACert($this->cas_certificate_path);
} else {
phpCAS::setNoCasServerValidation();
}
/**
* Debug
*/
if ($this->cas_debug_mode) {
// logfile name by date:
$today = getdate();
$file_path = AJXP_DATA_PATH . '/logs/phpcas_' . $today['year'] . '-' . $today['month'] . '-' . $today['mday'] . '.txt';
empty($this->cas_debug_file) ? $file_path : ($file_path = $this->cas_debug_file);
phpCAS::setDebug($file_path);
}
phpCAS::forceAuthentication();
} else {
AJXP_Logger::error(__FUNCTION__, "Could not start phpCAS mode CLIENT, please verify the configuration", "");
return false;
}
break;
case PHPCAS_MODE_PROXY:
/**
* If in login page, user click on login via CAS, the page will be reload with manuallyredirectocas is set.
* Or force redirect to cas login page even the force redirect is set in configuration of this module
*
*/
if ($this->checkConfigurationForProxyMode()) {
AJXP_Logger::info(__FUNCTION__, "Start phpCAS mode Proxy: ", "sucessfully");
/**
* init phpCAS in mode proxy
*/
phpCAS::proxy(CAS_VERSION_2_0, $this->cas_server, $this->cas_port, $this->cas_uri, false);
if (!empty($this->cas_certificate_path)) {
phpCAS::setCasServerCACert($this->cas_certificate_path);
} else {
phpCAS::setNoCasServerValidation();
}
/**
* Debug
*/
if ($this->cas_debug_mode) {
// logfile name by date:
$today = getdate();
$file_path = AJXP_DATA_PATH . '/logs/phpcas_' . $today['year'] . '-' . $today['month'] . '-' . $today['mday'] . '.txt';
empty($this->cas_debug_file) ? $file_path : ($file_path = $this->cas_debug_file);
phpCAS::setDebug($file_path);
}
if (!empty($this->cas_setFixedCallbackURL)) {
phpCAS::setFixedCallbackURL($this->cas_setFixedCallbackURL);
}
//
/**
* PTG storage
*/
$this->setPTGStorage();
phpCAS::forceAuthentication();
/**
* Get proxy ticket (PT) for SAMBA to authentication at CAS via pam_cas
* In fact, we can use any other service. Of course, it should be enabled in CAS
*
*/
$err_code = null;
$serviceURL = $this->cas_proxied_service;
AJXP_Logger::debug(__FUNCTION__, "Try to get proxy ticket for service: ", $serviceURL);
$res = phpCAS::serviceSMB($serviceURL, $err_code);
if (!empty($res)) {
$_SESSION['PROXYTICKET'] = $res;
AJXP_Logger::info(__FUNCTION__, "Get Proxy ticket successfully ", "");
} else {
AJXP_Logger::info(__FUNCTION__, "Could not get Proxy ticket. ", "");
}
break;
} else {
AJXP_Logger::error(__FUNCTION__, "Could not start phpCAS mode PROXY, please verify the configuration", "");
return false;
}
default:
return false;
break;
}
AJXP_Logger::debug(__FUNCTION__, "Call phpCAS::getUser() after forceAuthentication ", "");
$cas_user = phpCAS::getUser();
if (!AuthService::userExists($cas_user) && $this->is_AutoCreateUser) {
AuthService::createUser($cas_user, openssl_random_pseudo_bytes(20));
}
if (AuthService::userExists($cas_user)) {
$res = AuthService::logUser($cas_user, "", true);
if ($res > 0) {
AJXP_Safe::storeCredentials($cas_user, $_SESSION['PROXYTICKET']);
$_SESSION['LOGGED_IN_BY_CAS'] = true;
if (!empty($this->cas_additional_role)) {
$userObj = ConfService::getConfStorageImpl()->createUserObject($cas_user);
$roles = $userObj->getRoles();
$cas_RoleID = $this->cas_additional_role;
$userObj->addRole(AuthService::getRole($cas_RoleID, true));
AuthService::updateUser($userObj);
}
return true;
}
}
return false;
}
/**
* Connect to the CAS (clientcas connection or proxycas connection)
*
*/
function connectCAS()
{
global $PHPCAS_CLIENT;
if (!is_object($PHPCAS_CLIENT)) {
// Make sure phpCAS doesn't try to start a new PHP session when connecting to the CAS server.
if ($this->config->proxycas) {
phpCAS::proxy($this->config->casversion, $this->config->hostname, (int) $this->config->port, $this->config->baseuri, false);
} else {
phpCAS::client($this->config->casversion, $this->config->hostname, (int) $this->config->port, $this->config->baseuri, false);
}
}
if ($this->config->certificate_check && $this->config->certificate_path) {
phpCAS::setCasServerCACert($this->config->certificate_path);
} else {
// Don't try to validate the server SSL credentials
phpCAS::setNoCasServerValidation();
}
}
/**
* Connect to the cas (clientcas connection or proxycas connection
*
* This function is called from admin/auth.php
*
*/
function connectCAS()
{
global $PHPCAS_CLIENT;
// mode proxy CAS
if (!is_object($PHPCAS_CLIENT)) {
if ($this->config->proxycas) {
phpCAS::proxy($this->config->casversion, $this->config->hostname, (int) $this->config->port, $this->config->baseuri);
} else {
phpCAS::client($this->config->casversion, $this->config->hostname, (int) $this->config->port, $this->config->baseuri);
}
}
}
/**
* Initialize CAS client
*
*/
private function cas_init() {
if (!$this->cas_inited) {
// retrieve configurations
$cfg = rcmail::get_instance()->config->all();
// include phpCAS
require_once('/usr/share/php/CAS/CAS.php');
phpCAS::setDebug('/var/log/lcs/casdebug.log');
// initialize CAS client
if ($cfg['cas_proxy']) {
phpCAS::proxy(CAS_VERSION_2_0, $cfg['cas_hostname'], $cfg['cas_port'], $cfg['cas_uri'], false);
// set URL for PGT callback
phpCAS::setFixedCallbackURL($this->generate_url(array('action' => 'pgtcallback')));
// set PGT storage
#phpCAS::setPGTStorageFile('xml', $cfg['cas_pgt_dir']);
phpCAS::setPGTStorageFile($cfg['cas_pgt_dir']);
}
else {
phpCAS::client(CAS_VERSION_2_0, $cfg['cas_hostname'], $cfg['cas_port'], $cfg['cas_uri'], false);
}
// set service URL for authorization with CAS server
phpCAS::setFixedServiceURL($this->generate_url(array('action' => 'login', 'task' => 'mail')));
// set SSL validation for the CAS server
if ($cfg['cas_validation'] == 'self') {
phpCAS::setCasServerCert($cfg['cas_cert']);
}
else if ($cfg['cas_validation'] == 'ca') {
phpCAS::setCasServerCACert($cfg['cas_cert']);
}
else {
phpCAS::setNoCasServerValidation();
}
// set login and logout URLs of the CAS server
phpCAS::setServerLoginURL($cfg['cas_login_url']);
phpCAS::setServerLogoutURL($cfg['cas_logout_url']);
$this->cas_inited = true;
}
}
/**
* Initializes the authority objects based on an associative array of arguments
* @param array $args an associate array of arguments. The argument list is dependent on the authority
*
* General - Required keys:
* TITLE => The human readable title of the AuthorityImage
* INDEX => The tag used to identify this authority @see AuthenticationAuthority::getAuthenticationAuthority
*
* General - Optional keys:
* LOGGEDIN_IMAGE_URL => a url to an image/badge that is placed next to the user name when logged in
*
* CAS - Required keys:
* CAS_PROTOCOL => The protocol to use. Should be equivalent to one of the phpCAS constants, e.g. "2.0":
* CAS_VERSION_1_0 => '1.0', CAS_VERSION_2_0 => '2.0', SAML_VERSION_1_1 => 'S1'
* CAS_HOST => The host name of the CAS server, e.g. "cas.example.edu"
* CAS_PORT => The port the CAS server is listening on, e.g. "443"
* CAS_PATH => The path of the CAS application, e.g. "/cas/"
* CAS_CA_CERT => The filesystem path to a CA certificate that will be used to validate the authenticity
* of the CAS server, e.g. "/etc/tls/pki/certs/my_ca_cert.crt". If empty, no certificate
* validation will be performed (not recommended for production).
*
* CAS - Optional keys:
* ATTRA_EMAIL => Attribute name for the user's email adress, e.g. "email". This only applies if your
* CAS server returns attributes in a SAML-1.1 or CAS-2.0 response.
* ATTRA_FIRST_NAME => Attribute name for the user's first name, e.g. "givename". This only applies if your
* CAS server returns attributes in a SAML-1.1 or CAS-2.0 response.
* ATTRA_LAST_NAME => Attribute name for the user's last name, e.g. "surname". This only applies if your
* CAS server returns attributes in a SAML-1.1 or CAS-2.0 response.
* ATTRA_FULL_NAME => Attribute name for the user's full name, e.g. "displayname". This only applies if your
* CAS server returns attributes in a SAML-1.1 or CAS-2.0 response.
* ATTRA_MEMBER_OF => Attribute name for the user's groups, e.g. "memberof". This only applies if your
* CAS server returns attributes in a SAML-1.1 or CAS-2.0 response.
*
* NOTE: Any subclass MUST call parent::init($args) to ensure proper operation
*
*/
public function init($args)
{
parent::init($args);
// include the PHPCAS library
if (empty($args['CAS_PHPCAS_PATH'])) {
require_once 'CAS.php';
} else {
require_once $args['CAS_PHPCAS_PATH'] . '/CAS.php';
}
if (!empty($args['CAS_DEBUG_LOG'])) {
phpCAS::setDebug($args['CAS_DEBUG_LOG']);
}
if (empty($args['CAS_PROTOCOL'])) {
throw new KurogoConfigurationException('CAS_PROTOCOL value not set for ' . $this->AuthorityTitle);
}
if (empty($args['CAS_HOST'])) {
throw new KurogoConfigurationException('CAS_HOST value not set for ' . $this->AuthorityTitle);
}
if (empty($args['CAS_PORT'])) {
throw new KurogoConfigurationException('CAS_PORT value not set for ' . $this->AuthorityTitle);
}
if (empty($args['CAS_PATH'])) {
throw new KurogoConfigurationException('CAS_PATH value not set for ' . $this->AuthorityTitle);
}
if (empty($args['CAS_PROXY_INIT'])) {
phpCAS::client($args['CAS_PROTOCOL'], $args['CAS_HOST'], intval($args['CAS_PORT']), $args['CAS_PATH'], false);
} else {
phpCAS::proxy($args['CAS_PROTOCOL'], $args['CAS_HOST'], intval($args['CAS_PORT']), $args['CAS_PATH'], false);
if (!empty($args['CAS_PROXY_TICKET_PATH']) && !empty($args['CAS_PROXY_TICKET_DB_DSN'])) {
throw new KurogoConfigurationException('Only one of CAS_PROXY_TICKET_PATH or CAS_PROXY_TICKET_DB_DSN may be set for ' . $this->AuthorityTitle);
}
if (!empty($args['CAS_PROXY_TICKET_PATH'])) {
if (version_compare(PHPCAS_VERSION, '1.3', '>=')) {
phpCAS::setPGTStorageFile($args['CAS_PROXY_TICKET_PATH']);
} else {
phpCAS::setPGTStorageFile('', $args['CAS_PROXY_TICKET_PATH']);
}
}
if (!empty($args['CAS_PROXY_TICKET_DB_DSN'])) {
$user = $pass = $table = $driver_opts = '';
if (!empty($args['CAS_PROXY_TICKET_DB_USER'])) {
$user = $args['CAS_PROXY_TICKET_DB_USER'];
}
if (!empty($args['CAS_PROXY_TICKET_DB_PASS'])) {
$pass = $args['CAS_PROXY_TICKET_DB_PASS'];
}
if (!empty($args['CAS_PROXY_TICKET_DB_TABLE'])) {
$table = $args['CAS_PROXY_TICKET_DB_TABLE'];
}
if (!empty($args['CAS_PROXY_TICKET_DB_DRIVER_OPTS'])) {
$driver_opts = $args['CAS_PROXY_TICKET_DB_DRIVER_OPTS'];
}
phpCAS::setPGTStorageDb($args['CAS_PROXY_TICKET_DB_DSN'], $user, $pass, $table, $driver_opts);
}
if (!empty($args['CAS_PROXY_FIXED_CALLBACK_URL'])) {
phpCAS::setFixedCallbackURL($args['CAS_PROXY_FIXED_CALLBACK_URL']);
}
}
if (empty($args['CAS_CA_CERT'])) {
phpCAS::setNoCasServerValidation();
} else {
phpCAS::setCasServerCACert($args['CAS_CA_CERT']);
}
// Record any attribute mapping configured.
if (!empty($args['ATTRA_EMAIL'])) {
CASUser::mapAttribute('Email', $args['ATTRA_EMAIL']);
}
if (!empty($args['ATTRA_FIRST_NAME'])) {
CASUser::mapAttribute('FirstName', $args['ATTRA_FIRST_NAME']);
}
if (!empty($args['ATTRA_LAST_NAME'])) {
CASUser::mapAttribute('LastName', $args['ATTRA_LAST_NAME']);
}
if (!empty($args['ATTRA_FULL_NAME'])) {
CASUser::mapAttribute('FullName', $args['ATTRA_FULL_NAME']);
}
// Store an attribute for group membership if configured.
if (!empty($args['ATTRA_MEMBER_OF'])) {
CASUser::mapAttribute('MemberOf', $args['ATTRA_MEMBER_OF']);
}
}
/**
* Connect to the cas (clientcas connection or proxycas connection
*
* This function is called from admin/auth.php
*
*/
function connectCAS()
{
global $PHPCAS_CLIENT;
// mode proxy CAS
if (!is_object($PHPCAS_CLIENT)) {
// Make sure phpCAS doesn't try to start a new PHP session when connecting to the CAS server.
if ($this->config->proxycas) {
phpCAS::proxy($this->config->casversion, $this->config->hostname, (int) $this->config->port, $this->config->baseuri, false);
} else {
phpCAS::client($this->config->casversion, $this->config->hostname, (int) $this->config->port, $this->config->baseuri, false);
}
}
}
