Set no SSL validation for the CAS server.
| public static setNoCasServerValidation ( ) : void | ||
| return | void | |
function checkAndSetUserSession()
{
// store session data
if (!isset($_SESSION['user'])) {
$_SESSION['user'] = null;
}
if (isset($_REQUEST['login']) or isset($_REQUEST['logout'])) {
// initialize phpCAS
phpCAS::client(CAS_VERSION_2_0, 'login.kth.se', 443, '');
//phpCAS::proxy(CAS_VERSION_2_0,'login.kth.se',443,'');
phpCAS::setNoCasServerValidation();
// If you want the redirect back from the login server to enter your application by some
// specfic URL rather than just back to the current request URI, call setFixedCallbackURL.
//phpCAS::setFixedCallbackURL('http://xml.csc.kth.se/~wiiala/DM2517/project/php/index.php');
// force CAS authentication
phpCAS::forceAuthentication();
// at this step, the user has been authenticated by the CAS server
// and the user's login name can be read with phpCAS::getUser().
$_SESSION['user'] = phpCAS::getUser();
//Logga ut och redirecta till vår standardsida
if (isset($_REQUEST['logout'])) {
unset($_SESSION['user']);
phpCAS::logoutWithRedirectService('http://kth.kribba.com/');
}
}
}
function check_cas_result($config)
{
require_once dirname(__DIR__) . '/vendor/autoload.php';
try {
$cas_version = $config->cas_version ? $config->cas_version : CAS_VERSION_2_0;
// phpCAS::setDebug();
phpCAS::client($cas_version, $config->cashostname, (int) $config->casport, $config->casbaseuri, false);
// don't automatically clear tickets from the url, we're taking care of that
phpCAS::setNoClearTicketsFromUrl();
// if a certificate is provided, use it, otherwise don't
if ($config->cas_server_ca_cert_path != "") {
// here we sould set the server certificate for production
// '/etc/pki/tls/certs/DigiCertCA.crt'
phpCAS::setCasServerCACert($config->cas_server_ca_cert_path);
} else {
// if you want to skip ssl verification
if ($config->cas_server_no_validation) {
phpCAS::setNoCasServerValidation();
}
}
// check authentication; returns true/false
if (phpCAS::checkAuthentication()) {
// grab username
$NetUsername = phpCAS::getUser();
return $NetUsername;
} else {
return false;
}
} catch (Exception $e) {
error_log("CAS ERROR: " . $e->getMessage());
register_error($e->getMessage());
return false;
}
}
function metodillo()
{
$sSQL = "SELECT * FROM PM_PARAMETERS WHERE PRM_ID = 'CAS_URL' ";
$aResSQL = executeQuery($sSQL);
if (count($aResSQL)) {
$sURL = $aResSQL[1]['PRM_VALUE'];
$sURI = $aResSQL[1]['PRM_VALUE_2'];
$res = false;
$RBAC = RBAC::getSingleton();
$RBAC->initRBAC();
require_once 'CAS-1.2.2/CAS.php';
phpCAS::client(CAS_VERSION_2_0, $sURL, 443, $sURI, false);
phpCAS::setNoCasServerValidation();
phpCAS::forceAuthentication();
if (phpCAS::isAuthenticated() == true) {
$sCasUser = phpCAS::getUser();
$sSQL = "SELECT USR_UID FROM USERS WHERE USR_USERNAME = '******' ";
$aResSQL = executeQuery($sSQL);
if (count($aResSQL)) {
$nUserId = $aResSQL[1]['USR_UID'];
$RBAC->singleSignOn = true;
$RBAC->userObj->fields['USR_UID'] = $nUserId;
$RBAC->userObj->fields['USR_USERNAME'] = $sCasUser;
$res = true;
} else {
$res = false;
}
} else {
$res = false;
}
} else {
$res = false;
}
return $res;
}
public function get_login()
{
Logger::debug('main', 'AuthMethod_CAS::get_login()');
if (!isset($_SESSION['backup_sso']) || !is_array($_SESSION['backup_sso'])) {
$_SESSION['backup_sso'] = array();
}
foreach ($_REQUEST as $k => $v) {
$_SESSION['backup_sso'][$k] = $v;
}
$buf = $this->prefs->get('AuthMethod', 'CAS');
$CAS_server_url = $buf['user_authenticate_cas_server_url'];
if (!isset($CAS_server_url) || $CAS_server_url == '') {
Logger::error('main', 'AuthMethod_CAS::get_login() - Unable to find CAS server url in Preferences');
return NULL;
}
phpCAS::client(CAS_VERSION_2_0, parse_url($CAS_server_url, PHP_URL_HOST), parse_url($CAS_server_url, PHP_URL_PORT), parse_url($CAS_server_url, PHP_URL_PATH));
Logger::debug('main', 'AuthMethod_CAS::get_login() - Parsing URL - Host:"' . parse_url($CAS_server_url, PHP_URL_HOST) . '" Port:"' . parse_url($CAS_server_url, PHP_URL_PORT) . '" Path:"' . parse_url($CAS_server_url, PHP_URL_PATH) . '"');
phpCAS::setNoCasServerValidation();
if (!phpCAS::forceAuthentication()) {
Logger::error('main', 'AuthMethod_CAS::get_login() - phpCAS::forceAuthentication failed');
return NULL;
}
if (!phpCAS::isAuthenticated()) {
Logger::error('main', 'AuthMethod_CAS::get_login() - phpCAS::isAuthenticated failed');
return NULL;
}
$this->login = phpCAS::getUser();
foreach ($_SESSION['backup_sso'] as $k => $v) {
if (isset($_REQUEST[$k])) {
continue;
}
$_REQUEST[$k] = $v;
}
return $this->login;
}
public function __construct()
{
// These are default values for the first login and should be changed via GUI
$CAS_HOSTNAME = 'your.domain.org';
$CAS_PORT = '443';
$CAS_PATH = '/cas';
$this->autocreate = OCP\Config::getAppValue('user_cas', 'cas_autocreate', true);
$this->updateUserData = OCP\Config::getAppValue('user_cas', 'cas_update_user_data', true);
$this->defaultGroup = OCP\Config::getAppValue('user_cas', 'cas_default_group', '');
$this->protectedGroups = explode(',', str_replace(' ', '', OCP\Config::getAppValue('user_cas', 'cas_protected_groups', '')));
$this->mailMapping = OCP\Config::getAppValue('user_cas', 'cas_email_mapping', '');
$this->displayNameMapping = OCP\Config::getAppValue('user_cas', 'cas_displayName_mapping', '');
$this->groupMapping = OCP\Config::getAppValue('user_cas', 'cas_group_mapping', '');
$casVersion = OCP\Config::getAppValue('user_cas', 'cas_server_version', '2.0');
$casHostname = OCP\Config::getAppValue('user_cas', 'cas_server_hostname', $CAS_HOSTNAME);
$casPort = OCP\Config::getAppValue('user_cas', 'cas_server_port', $CAS_PORT);
$casPath = OCP\Config::getAppValue('user_cas', 'cas_server_path', $CAS_PATH);
$casCertPath = OCP\Config::getAppValue('user_cas', 'cas_cert_path', '');
global $initialized_cas;
if (!$initialized_cas) {
phpCAS::client($casVersion, $casHostname, (int) $casPort, $casPath, false);
if (!empty($casCertPath)) {
phpCAS::setCasServerCACert($casCertPath);
} else {
phpCAS::setNoCasServerValidation();
}
$initialized_cas = true;
}
}
private function init_cas_client()
{
if (class_exists('phpCAS')) {
return true;
}
require getConfig('casldap_phpcas_path');
$cas_debug_file = getConfig('cas_debug_file_path');
if (!empty($cas_debug_file)) {
phpCAS::setDebug($cas_debug_file);
}
$cas_host = getConfig('cas_host');
$cas_port = getConfig('cas_port') or 443;
$cas_context = getConfig('cas_context');
switch (getConfig('cas_version')) {
case 1:
$cas_version = CAS_VERSION_1_0;
break;
case 2:
$cas_version = CAS_VERSION_2_0;
break;
case 3:
$cas_version = CAS_VERSION_3_0;
break;
default:
$cas_version = CAS_VERSION_2_0;
break;
}
phpCAS::client($cas_version, $cas_host, intval($cas_port), $cas_context);
$cas_server_ca_cert_path = getConfig('cas_server_ca_cert_path');
if ($cas_server_ca_cert_path) {
phpCAS::setCasServerCACert($cas_server_ca_cert_path);
} else {
phpCAS::setNoCasServerValidation();
}
}
public function execute($filterChain)
{
$user = $this->getContext()->getUser();
// We put an LDAP object in the context in order to reuse it later
$this->getContext()->set('ldap', new uapvLdap());
// Filters can be called several times (because of internal forwards)
// Authentication is only done the first time
if ($this->isFirstCall() && (sfConfig::get('app_cas_server_force_authentication', false) || !$user->isAuthenticated())) {
// phpCAS is not php5-compliant, we remove php warnings and strict errors
$errorReporting = ini_get('error_reporting');
error_reporting($errorReporting & ~E_STRICT & ~E_NOTICE);
if (sfConfig::get('app_cas_server_debug', false)) {
phpCAS::setDebug();
}
// see /tmp/phpCAS.log
phpCAS::client(sfConfig::get('app_cas_server_version', CAS_VERSION_2_0), sfConfig::get('app_cas_server_host', 'localhost'), sfConfig::get('app_cas_server_port', 443), sfConfig::get('app_cas_server_path', ''), false);
// Don't call session_start again,
// symfony already did it
//phpCAS::handleLogoutRequests ();
phpCAS::setNoCasServerValidation();
phpCAS::forceAuthentication();
// if necessary the user will be
// redirected to the cas server
// At this point the user is authenticated, we log him in
$user->signIn(phpCAS::getUser());
// Previous settings can now be restored
error_reporting($errorReporting);
}
// "credential" verification
parent::execute($filterChain);
}
/**
* Initialize the class, this must be called before anything else
* @param $config
* @param bool $changeSessionID Allow phpCAS to change the session_id (Single Sign Out/handleLogoutRequests is based on that change)
* @param $debugLog Set to a path to enable debug log
*/
public static function init($config, $changeSessionID = true, $debugLog = null)
{
if ($debugLog != null) {
phpCAS::setDebug($debugLog);
}
phpCAS::client(CAS_VERSION_2_0, $config['site'], $config['port'], "cas", $changeSessionID);
self::$config = $config;
$private_key = null;
if (isset($config['private_key'])) {
$key = static::resolve_filename($config['private_key']);
$private_key = openssl_get_privatekey("file:///{$key}");
if ($private_key === false) {
throw new NXAuthError("Failed to open private key {$key}");
}
}
if (isset($config['ca_cert']) && $config['ca_cert'] != null) {
self::$ca_cert = static::resolve_filename($config['ca_cert']);
phpCAS::setCasServerCACert(self::$ca_cert);
} else {
phpCAS::setNoCasServerValidation();
// Disable curl ssl verification
phpCAS::setExtraCurlOption(CURLOPT_SSL_VERIFYHOST, 0);
phpCAS::setExtraCurlOption(CURLOPT_SSL_VERIFYPEER, 0);
}
NXAPI::init(array('private_key' => $private_key, 'key_id' => $config['key_id'], 'url' => "https://" . $config['site'], 'ca_cert' => self::$ca_cert));
}
/**
* Attempts to authenticate users via CAS
*/
public function index()
{
// If they don't have CAS configured, send them onto the application's
// internal authentication system
if (!defined('CAS')) {
header('Location: ' . BASE_URL . '/login/login?return_url=' . $this->return_url);
exit;
}
require_once CAS . '/CAS.php';
\phpCAS::client(CAS_VERSION_2_0, CAS_SERVER, 443, CAS_URI, false);
\phpCAS::setNoCasServerValidation();
\phpCAS::forceAuthentication();
// at this step, the user has been authenticated by the CAS server
// and the user's login name can be read with phpCAS::getUser().
// They may be authenticated according to CAS,
// but that doesn't mean they have person record
// and even if they have a person record, they may not
// have a user account for that person record.
try {
$_SESSION['USER'] = new Person(\phpCAS::getUser());
header("Location: {$this->return_url}");
exit;
} catch (\Exception $e) {
$_SESSION['errorMessages'][] = $e;
}
$this->template->blocks[] = new Block('loginForm.inc', array('return_url' => $this->return_url));
}
public function __construct()
{
$setup = self::loadSetup();
$this->client = phpCAS::client(CAS_VERSION_2_0, $setup['host'], $setup['port'], $setup['context']);
// For simplicities sake at the moment we are not validating the server auth.
phpCAS::setNoCasServerValidation();
phpCAS::setPostAuthenticateCallback(array($this, 'loginCallback'));
}
public function __construct()
{
\phpCAS::setDebug();
\phpCAS::client(CAS_VERSION_2_0, "itebeta.baidu.com", 443, "");
\phpCAS::setNoCasServerValidation();
\phpCAS::forceAuthentication();
$this->username = \phpCAS::getUser();
}
private function prepare()
{
\phpCAS::client(CAS_VERSION_2_0, $this->casUrl, $this->casPort, $this->casUri, false);
//\phpCAS::setDebug('/tmp/cas.log');
\phpCAS::setNoCasServerValidation();
//\phpCAS::setSingleSignoutCallback(array($this, 'casSingleSignOut'));
//\phpCAS::setPostAuthenticateCallback(array($this, 'casPostAuth'));
\phpCAS::handleLogoutRequests(true, $this->casAllowedIpClients);
}
public function init($options)
{
parent::init($options);
$this->cas_server = $this->getOption("CAS_SERVER");
$this->cas_port = $this->getOption("CAS_PORT");
$this->cas_uri = $this->getOption("CAS_URI");
phpCAS::client(CAS_VERSION_1_0, $this->cas_server, $this->cas_port, $this->cas_uri, false);
phpCAS::setNoCasServerValidation();
}
function initPhpCAS($host, $port, $context, $CA_certificate_file)
{
phpCAS::client(SAML_VERSION_1_1, $host, intval($port), $context, false);
if ($CA_certificate_file) {
phpCAS::setCasServerCACert($CA_certificate_file);
} else {
phpCAS::setNoCasServerValidation();
}
//phpCAS::setLang(PHPCAS_LANG_FRENCH);
}
public function __construct()
{
parent::__construct();
$this->load->database();
$this->load->library('grocery_CRUD');
include_once 'CAS.php';
phpCAS::client('2.0', 'cas.uhp-nancy.fr', 443, '/cas', false);
phpCAS::setNoCasServerValidation();
phpCAS::handleLogoutRequests(false);
}
function check_auth()
{
if (!isset($GLOBALS['PHPCAS_CLIENT'])) {
phpCAS::client(CAS_VERSION_2_0, 'cas.byu.edu', 443, 'cas');
//phpCAS::setCasServerCACert("../CAS/cas_ca.pem");
phpCAS::setNoCasServerValidation();
phpCAS::setDebug("cas_error.txt");
phpCAS::handleLogoutRequests(true, array('cas.byu.edu', 'cas1.byu.edu', 'cas2.byu.edu', 'cas3.byu.edu'));
}
return phpCAS::isAuthenticated();
}
/**
* Stores the configuration. Calls the parent configuration first,
* then does additional operations.
*
* @param object Properties $configuration
* @return object
* @access public
* @since 3/24/05
*/
function assignConfiguration(Properties $configuration)
{
parent::assignConfiguration($configuration);
$format = $configuration->getProperty('DISPLAY_NAME_FORMAT');
ArgumentValidator::validate($format, RegexValidatorRule::getRule('/\\[\\[([^]]+)\\]\\]/'));
$this->displayNameFormat = $format;
if ($debug = $configuration->getProperty('CAS_DEBUG_PATH')) {
ArgumentValidator::validate($debug, StringValidatorRule::getRule());
phpCAS::setDebug($debug);
}
$host = $configuration->getProperty('CAS_HOST');
ArgumentValidator::validate($host, RegexValidatorRule::getRule('/^[a-z0-9]+\\.[a-z0-9]+.[a-z]+$/'));
$port = $configuration->getProperty('CAS_PORT');
ArgumentValidator::validate($port, RegexValidatorRule::getRule('/^[0-9]+$/'));
$path = $configuration->getProperty('CAS_PATH');
ArgumentValidator::validate($path, RegexValidatorRule::getRule('/^\\/.*$/'));
phpCAS::client(CAS_VERSION_2_0, $host, intval($port), $path, false);
if ($cert = $configuration->getProperty('CAS_CERT')) {
phpCAS::setCasServerCACert($cert);
} else {
phpCAS::setNoCasServerValidation();
}
// Allow group lookup via a CASDirectory:
// https://mediawiki.middlebury.edu/wiki/LIS/CAS_Directory
$dirUrl = $configuration->getProperty('CASDIRECTORY_BASE_URL');
ArgumentValidator::validate($dirUrl, StringValidatorRule::getRule());
$this->directoryUrl = $dirUrl;
// set the callback URL for the PGT to be sent to. This must be an https url
// whose certificate is trusted by CAS.
// $callbackUrl = $configuration->getProperty('CALLBACK_URL');
// ArgumentValidator::validate($callbackUrl, RegexValidatorRule::getRule('/^https:\/\/.*$/'));
// phpCAS::setFixedCallbackURL($callbackUrl);
$adminAccess = $configuration->getProperty('CASDIRECTORY_ADMIN_ACCESS');
ArgumentValidator::validate($adminAccess, StringValidatorRule::getRule());
$this->adminAccess = $adminAccess;
$classRoot = $configuration->getProperty('CASDIRECTORY_CLASS_ROOT');
if ($classRoot) {
ArgumentValidator::validate($classRoot, StringValidatorRule::getRule());
$this->classRoot = $classRoot;
} else {
$this->classRoot = null;
}
$groupIdRegex = $configuration->getProperty('CASDIRECTORY_GROUP_ID_REGEX');
if ($groupIdRegex) {
ArgumentValidator::validate($groupIdRegex, StringValidatorRule::getRule());
$this->groupIdRegex = $groupIdRegex;
} else {
$this->groupIdRegex = null;
}
// Root Groups to expose
ArgumentValidator::validate($configuration->getProperty('ROOT_GROUPS'), ArrayValidatorRuleWithRule::getRule(StringValidatorRule::getRule()));
$this->rootGroups = array_unique($configuration->getProperty('ROOT_GROUPS'));
}
public static function init()
{
if (self::$_init) {
return true;
}
$config = new \Yaf\Config\Ini(APPLICATION_CONFIG_PATH . '/phpcas.ini', \Yaf\ENVIRON);
phpCAS::setDebug('');
phpCAS::client($config->cas_version, $config->cas_host, intval($config->cas_port), $config->cas_context);
phpCAS::setNoCasServerValidation();
phpCAS::handleLogoutRequests(false);
self::$_init = true;
return true;
}
protected function initializeCASClient()
{
if (!phpCAS::isInitialized()) {
// Set debug mode
phpCAS::setDebug(false);
//Initialize phpCAS
phpCAS::client(CAS_VERSION_2_0, Configure::read('user_config.cas.hostname'), Configure::read('user_config.cas.port'), Configure::read('user_config.cas.uri'), true);
phpCAS::setFixedServiceURL($this->loginRedirectURL());
// No SSL validation for the CAS server
phpCAS::setNoCasServerValidation();
}
return true;
}
function __construct()
{
if (!self::$initialized) {
global $cas_cfg;
phpCAS::client(CAS_VERSION_2_0, $cas_cfg['host'], $cas_cfg['port'], $cas_cfg['context']);
// Perform SSL validation only if server_ca_cert path is provided.
if (isset($cas_cfg['server_ca_cert'])) {
phpCAS::setCasServerCACert($cas_cfg['server_ca_cert']);
} else {
phpCAS::setNoCasServerValidation();
}
self::$initialized = true;
}
}
function __construct($collection, $settings)
{
$this->_Collection = $collection;
if (Configure::read('CAS.debug_log_enabled')) {
phpCAS::setDebug(TMP . 'phpCas.log.txt');
}
phpCAS::client(CAS_VERSION_2_0, Configure::read('CAS.hostname'), Configure::read('CAS.port'), Configure::read('CAS.uri'));
$certServer = Configure::read('CAS.cert_path');
if (empty($certServer)) {
phpCAS::setNoCasServerValidation();
} else {
phpCAS::setCasServerCACert($certServer);
}
}
private function setCASSettings()
{
if ($this->options->IsCasDebugOn()) {
phpCAS::setDebug($this->options->DebugFile());
}
phpCAS::client($this->options->CasVersion(), $this->options->HostName(), $this->options->Port(), $this->options->ServerUri(), $this->options->ChangeSessionId());
if ($this->options->CasHandlesLogouts()) {
phpCAS::handleLogoutRequests(true, $this->options->LogoutServers());
}
if ($this->options->HasCertificate()) {
phpCAS::setCasServerCACert($this->options->Certificate());
}
phpCAS::setNoCasServerValidation();
}
function __construct()
{
if (!self::$initialized) {
global $cas_cfg;
phpCAS::client(CAS_VERSION_2_0, $cas_cfg['host'], $cas_cfg['port'], $cas_cfg['context']);
// Perform SSL validation only if server_ca_cert path is provided.
if (isset($cas_cfg['server_ca_cert'])) {
phpCAS::setCasServerCACert($cas_cfg['server_ca_cert']);
} else {
phpCAS::setNoCasServerValidation();
}
setcookie('org.springframework.web.servlet.i18n.CookieLocaleResolver.LOCALE', explode('_', setlocale(LC_ALL, '0'))[0], 0, '/');
self::$initialized = true;
}
}
/**
* Redirect the user to a login page if he isn't logged in.
*
* @return void
*/
protected function _doSecure()
{
// phpCAS is not php5-compliant, we disable error reporting
$errorReporting = ini_get('error_reporting');
error_reporting(0);
$this->initCasClient();
phpCAS::setNoCasServerValidation();
phpCAS::forceAuthentication();
// if necessary the user will be
// redirected to the cas server
// At this point the user is authenticated, we log him in
$this->setUserId(phpCAS::getUser());
// Previous settings can now be restored
error_reporting($errorReporting);
}
/**
* Logout execution method. Initializes CAS client and force logout if required before returning to parent logout method.
*
* @param mixed $url Optional URL to redirect the user to after logout
* @return string AuthComponent::$loginAction
* @see AuthComponent::$loginAction
* @access public
*/
function logout()
{
// Set debug mode
phpCAS::setDebug(false);
//Initialize phpCAS
phpCAS::client(CAS_VERSION_2_0, Configure::read('CAS.hostname'), Configure::read('CAS.port'), Configure::read('CAS.uri'), true);
// No SSL validation for the CAS server
phpCAS::setNoCasServerValidation();
// Force CAS logout if required
if (phpCAS::isAuthenticated()) {
phpCAS::logout(array('url' => 'http://www.cakephp.org'));
// Provide login url for your application
}
return parent::logout();
}
function setup()
{
//Only setup if we haven't already
global $PHPCAS_CLIENT;
if (!is_object($PHPCAS_CLIENT)) {
phpCAS::setDebug("/var/www/campus/dev.intranet.campusforchrist.org/cas.log");
phpCAS::proxy(SITE_CAS_VERSION, SITE_CAS_HOSTNAME, SITE_CAS_PORT, SITE_CAS_PATH, SITE_CAS_SESSION);
phpCAS::setFixedCallbackURL(SITE_CAS_CALLBACK);
//No SSL
phpCAS::setNoCasServerValidation();
phpCAS::setPGTStorageFile('xml', SITE_CAS_PGT_STORE);
//session_save_path());
return true;
}
return false;
}
protected function casUser()
{
$cas_host = \Config::get('app.cas_host');
$cas_context = \Config::get('app.cas_context');
$cas_port = \Config::get('app.cas_port');
\phpCAS::setDebug();
\phpCAS::client(CAS_VERSION_2_0, $cas_host, $cas_port, $cas_context);
\phpCAS::setNoCasServerValidation();
if (\phpCAS::isAuthenticated()) {
$attributes = array('id' => \phpCAS::getUser(), 'name' => \phpCAS::getUser());
return new GenericUser($attributes);
} else {
\phpCAS::setServerURL(\Config::get('app.url'));
\phpCAS::forceAuthentication();
}
return null;
}
public static function InitCAS()
{
if (!self::$_InitCAS) {
$aliasName = OCP\Config::getAppValue('user_cas', 'cas_aliasName', '');
$casVersion = OCP\Config::getAppValue('user_cas', 'cas_server_version', '2.0');
$casHostname = OCP\Config::getAppValue('user_cas', 'cas_server_hostname', 'ident.domain.fr');
$casPort = OCP\Config::getAppValue('user_cas', 'cas_server_port', '443');
$casPath = OCP\Config::getAppValue('user_cas', 'cas_server_path', '/cas');
phpCAS::client($casVersion, $casHostname, (int) $casPort, $casPath, false);
if ($aliasName) {
phpCAS::setFixedServiceURL($aliasName);
}
phpCAS::setNoCasServerValidation();
self::$_InitCAS = true;
}
return self::$_InitCAS;
}
function handle($args)
{
parent::handle($args);
if (common_is_real_login()) {
// TRANS: Client error displayed when trying to log in while already logged on.
$this->clientError(_m('Already logged in.'));
} else {
global $casSettings;
phpCAS::client(CAS_VERSION_2_0, $casSettings['server'], $casSettings['port'], $casSettings['path'], false);
phpCAS::setNoCasServerValidation();
phpCAS::handleLogoutRequests();
phpCAS::forceAuthentication();
global $casTempPassword;
$casTempPassword = common_good_rand(16);
$user = common_check_user(phpCAS::getUser(), $casTempPassword);
if (!$user) {
// TRANS: Server error displayed when trying to log in with incorrect username or password.
$this->serverError(_m('Incorrect username or password.'));
return;
}
// success!
if (!common_set_user($user)) {
// TRANS: Server error displayed when login fails in CAS authentication plugin.
$this->serverError(_m('Error setting user. You are probably not authorized.'));
return;
}
common_real_login(true);
$url = common_get_returnto();
if ($url) {
// We don't have to return to it again
common_set_returnto(null);
} else {
if (common_config('site', 'private') && $casSettings['takeOverLogin']) {
//SSO users expect to just go to the URL they entered
//if we don't have a returnto set, the user entered the
//main StatusNet url, so send them there.
$url = common_local_url('public');
} else {
//With normal logins (regular form-based username/password),
//the user would expect to go to their home after logging in.
$url = common_local_url('public', array('nickname' => $user->nickname));
}
}
common_redirect($url, 303);
}
}
/**
* Initializes the authority objects based on an associative array of arguments
* @param array $args an associate array of arguments. The argument list is dependent on the authority
*
* General - Required keys:
* TITLE => The human readable title of the AuthorityImage
* INDEX => The tag used to identify this authority @see AuthenticationAuthority::getAuthenticationAuthority
*
* General - Optional keys:
* LOGGEDIN_IMAGE_URL => a url to an image/badge that is placed next to the user name when logged in
*
* CAS - Required keys:
* CAS_PROTOCOL => The protocol to use. Should be equivalent to one of the phpCAS constants, e.g. "2.0":
* CAS_VERSION_1_0 => '1.0', CAS_VERSION_2_0 => '2.0', SAML_VERSION_1_1 => 'S1'
* CAS_HOST => The host name of the CAS server, e.g. "cas.example.edu"
* CAS_PORT => The port the CAS server is listening on, e.g. "443"
* CAS_PATH => The path of the CAS application, e.g. "/cas/"
* CAS_CA_CERT => The filesystem path to a CA certificate that will be used to validate the authenticity
* of the CAS server, e.g. "/etc/tls/pki/certs/my_ca_cert.crt". If empty, no certificate
* validation will be performed (not recommended for production).
*
* CAS - Optional keys:
* ATTRA_EMAIL => Attribute name for the user's email adress, e.g. "email". This only applies if your
* CAS server returns attributes in a SAML-1.1 or CAS-2.0 response.
* ATTRA_FIRST_NAME => Attribute name for the user's first name, e.g. "givename". This only applies if your
* CAS server returns attributes in a SAML-1.1 or CAS-2.0 response.
* ATTRA_LAST_NAME => Attribute name for the user's last name, e.g. "surname". This only applies if your
* CAS server returns attributes in a SAML-1.1 or CAS-2.0 response.
* ATTRA_FULL_NAME => Attribute name for the user's full name, e.g. "displayname". This only applies if your
* CAS server returns attributes in a SAML-1.1 or CAS-2.0 response.
* ATTRA_MEMBER_OF => Attribute name for the user's groups, e.g. "memberof". This only applies if your
* CAS server returns attributes in a SAML-1.1 or CAS-2.0 response.
*
* NOTE: Any subclass MUST call parent::init($args) to ensure proper operation
*
*/
public function init($args)
{
parent::init($args);
// include the PHPCAS library
if (empty($args['CAS_PHPCAS_PATH'])) {
require_once 'CAS.php';
} else {
require_once $args['CAS_PHPCAS_PATH'] . '/CAS.php';
}
if (empty($args['CAS_PROTOCOL'])) {
throw new KurogoConfigurationException('CAS_PROTOCOL value not set for ' . $this->AuthorityTitle);
}
if (empty($args['CAS_HOST'])) {
throw new KurogoConfigurationException('CAS_HOST value not set for ' . $this->AuthorityTitle);
}
if (empty($args['CAS_PORT'])) {
throw new KurogoConfigurationException('CAS_PORT value not set for ' . $this->AuthorityTitle);
}
if (empty($args['CAS_PATH'])) {
throw new KurogoConfigurationException('CAS_PATH value not set for ' . $this->AuthorityTitle);
}
phpCAS::client($args['CAS_PROTOCOL'], $args['CAS_HOST'], intval($args['CAS_PORT']), $args['CAS_PATH'], false);
if (empty($args['CAS_CA_CERT'])) {
phpCAS::setNoCasServerValidation();
} else {
phpCAS::setCasServerCACert($args['CAS_CA_CERT']);
}
// Record any attribute mapping configured.
if (!empty($args['ATTRA_EMAIL'])) {
CASUser::mapAttribute('Email', $args['ATTRA_EMAIL']);
}
if (!empty($args['ATTRA_FIRST_NAME'])) {
CASUser::mapAttribute('FirstName', $args['ATTRA_FIRST_NAME']);
}
if (!empty($args['ATTRA_LAST_NAME'])) {
CASUser::mapAttribute('LastName', $args['ATTRA_LAST_NAME']);
}
if (!empty($args['ATTRA_FULL_NAME'])) {
CASUser::mapAttribute('FullName', $args['ATTRA_FULL_NAME']);
}
// Store an attribute for group membership if configured.
if (!empty($args['ATTRA_MEMBER_OF'])) {
CASUser::mapAttribute('MemberOf', $args['ATTRA_MEMBER_OF']);
}
}
