/**
* This method will parse the DOM and pull out the attributes from the XML
* payload and put them into an array, then put the array into the session.
*
* @param string $success_elements payload of the response
*
* @return bool true when successfull, halt otherwise by calling
* CAS_Client::_authError().
*/
private function _readExtraAttributesCas20($success_elements)
{
phpCAS::traceBegin();
$extra_attributes = array();
// "Jasig Style" Attributes:
//
// <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
// <cas:authenticationSuccess>
// <cas:user>jsmith</cas:user>
// <cas:attributes>
// <cas:attraStyle>RubyCAS</cas:attraStyle>
// <cas:surname>Smith</cas:surname>
// <cas:givenName>John</cas:givenName>
// <cas:memberOf>CN=Staff,OU=Groups,DC=example,DC=edu</cas:memberOf>
// <cas:memberOf>CN=Spanish Department,OU=Departments,OU=Groups,DC=example,DC=edu</cas:memberOf>
// </cas:attributes>
// <cas:proxyGrantingTicket>PGTIOU-84678-8a9d2sfa23casd</cas:proxyGrantingTicket>
// </cas:authenticationSuccess>
// </cas:serviceResponse>
//
if ($success_elements->item(0)->getElementsByTagName("attributes")->length != 0) {
$attr_nodes = $success_elements->item(0)->getElementsByTagName("attributes");
phpCas::trace("Found nested jasig style attributes");
if ($attr_nodes->item(0)->hasChildNodes()) {
// Nested Attributes
foreach ($attr_nodes->item(0)->childNodes as $attr_child) {
phpCas::trace("Attribute [" . $attr_child->localName . "] = " . $attr_child->nodeValue);
$this->_addAttributeToArray($extra_attributes, $attr_child->localName, $attr_child->nodeValue);
}
}
} else {
// "RubyCAS Style" attributes
//
// <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
// <cas:authenticationSuccess>
// <cas:user>jsmith</cas:user>
//
// <cas:attraStyle>RubyCAS</cas:attraStyle>
// <cas:surname>Smith</cas:surname>
// <cas:givenName>John</cas:givenName>
// <cas:memberOf>CN=Staff,OU=Groups,DC=example,DC=edu</cas:memberOf>
// <cas:memberOf>CN=Spanish Department,OU=Departments,OU=Groups,DC=example,DC=edu</cas:memberOf>
//
// <cas:proxyGrantingTicket>PGTIOU-84678-8a9d2sfa23casd</cas:proxyGrantingTicket>
// </cas:authenticationSuccess>
// </cas:serviceResponse>
//
phpCas::trace("Testing for rubycas style attributes");
$childnodes = $success_elements->item(0)->childNodes;
foreach ($childnodes as $attr_node) {
switch ($attr_node->localName) {
case 'user':
case 'proxies':
case 'proxyGrantingTicket':
continue;
default:
if (strlen(trim($attr_node->nodeValue))) {
phpCas::trace("Attribute [" . $attr_node->localName . "] = " . $attr_node->nodeValue);
$this->_addAttributeToArray($extra_attributes, $attr_node->localName, $attr_node->nodeValue);
}
}
}
}
// "Name-Value" attributes.
//
// Attribute format from these mailing list thread:
// http://jasig.275507.n4.nabble.com/CAS-attributes-and-how-they-appear-in-the-CAS-response-td264272.html
// Note: This is a less widely used format, but in use by at least two institutions.
//
// <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
// <cas:authenticationSuccess>
// <cas:user>jsmith</cas:user>
//
// <cas:attribute name='attraStyle' value='Name-Value' />
// <cas:attribute name='surname' value='Smith' />
// <cas:attribute name='givenName' value='John' />
// <cas:attribute name='memberOf' value='CN=Staff,OU=Groups,DC=example,DC=edu' />
// <cas:attribute name='memberOf' value='CN=Spanish Department,OU=Departments,OU=Groups,DC=example,DC=edu' />
//
// <cas:proxyGrantingTicket>PGTIOU-84678-8a9d2sfa23casd</cas:proxyGrantingTicket>
// </cas:authenticationSuccess>
// </cas:serviceResponse>
//
if (!count($extra_attributes) && $success_elements->item(0)->getElementsByTagName("attribute")->length != 0) {
$attr_nodes = $success_elements->item(0)->getElementsByTagName("attribute");
$firstAttr = $attr_nodes->item(0);
if (!$firstAttr->hasChildNodes() && $firstAttr->hasAttribute('name') && $firstAttr->hasAttribute('value')) {
phpCas::trace("Found Name-Value style attributes");
// Nested Attributes
foreach ($attr_nodes as $attr_node) {
if ($attr_node->hasAttribute('name') && $attr_node->hasAttribute('value')) {
phpCas::trace("Attribute [" . $attr_node->getAttribute('name') . "] = " . $attr_node->getAttribute('value'));
$this->_addAttributeToArray($extra_attributes, $attr_node->getAttribute('name'), $attr_node->getAttribute('value'));
}
}
}
}
$this->setAttributes($extra_attributes);
phpCAS::traceEnd();
return true;
}
/**
* This method tells if the user has already been (previously) authenticated
* by looking into the session variables.
*
* @note This function switches to callback mode when needed.
*
* @return TRUE when the user has already been authenticated; FALSE otherwise.
*
* @private
*/
function wasPreviouslyAuthenticated()
{
$cas = new phpCas();
$cas->traceBegin();
if ($this->isCallbackMode()) {
$this->callback();
}
$auth = FALSE;
if ($this->isProxy()) {
// CAS proxy: username and PGT must be present
if ($this->isSessionAuthenticated() && !empty($_SESSION['phpCAS']['pgt'])) {
// authentication already done
$this->setUser($_SESSION['phpCAS']['user']);
$this->setPGT($_SESSION['phpCAS']['pgt']);
$cas->trace('user = `' . $_SESSION['phpCAS']['user'] . '\', PGT = `' . $_SESSION['phpCAS']['pgt'] . '\'');
$auth = TRUE;
} elseif ($this->isSessionAuthenticated() && empty($_SESSION['phpCAS']['pgt'])) {
// these two variables should be empty or not empty at the same time
$cas->trace('username found (`' . $_SESSION['phpCAS']['user'] . '\') but PGT is empty');
// unset all tickets to enforce authentication
unset($_SESSION['phpCAS']);
$this->setST('');
$this->setPT('');
} elseif (!$this->isSessionAuthenticated() && !empty($_SESSION['phpCAS']['pgt'])) {
// these two variables should be empty or not empty at the same time
$cas->trace('PGT found (`' . $_SESSION['phpCAS']['pgt'] . '\') but username is empty');
// unset all tickets to enforce authentication
unset($_SESSION['phpCAS']);
$this->setST('');
$this->setPT('');
} else {
$cas->trace('neither user not PGT found');
}
} else {
// `simple' CAS client (not a proxy): username must be present
if ($this->isSessionAuthenticated()) {
// authentication already done
$this->setUser($_SESSION['phpCAS']['user']);
$cas->trace('user = `' . $_SESSION['phpCAS']['user'] . '\'');
$auth = TRUE;
} else {
$cas->trace('no user found');
}
}
$cas->traceEnd($auth);
return $auth;
}
