* Incomming parameters:
* service
* renew
* gateway
*
*/
if (!array_key_exists('service', $_GET)) {
throw new Exception('Required URL query parameter [service] not provided. (CAS Server)');
}
$service = $_GET['service'];
$forceAuthn = isset($_GET['renew']) && $_GET['renew'];
$isPassive = isset($_GET['gateway']) && $_GET['gateway'];
$config = SimpleSAML_Configuration::getInstance();
$casconfig = SimpleSAML_Configuration::getConfig('module_casserver.php');
$legal_service_urls = $casconfig->getValue('legal_service_urls');
if (!checkServiceURL($service, $legal_service_urls)) {
throw new Exception('Service parameter provided to CAS server is not listed as a legal service: [service] = ' . $service);
}
$auth = $casconfig->getValue('auth', 'saml2');
if (!in_array($auth, array('saml2', 'shib13'))) {
throw new Exception('CAS Service configured to use [auth] = ' . $auth . ' only [saml2,shib13] is legal.');
}
$as = new SimpleSAML_Auth_Simple($auth);
if (!$as->isAuthenticated()) {
$params = array('ForceAuthn' => $forceAuthn, 'isPassive' => $isPassive);
$as->login($params);
}
$attributes = $as->getAttributes();
$path = $casconfig->resolvePath($casconfig->getValue('ticketcache', '/tmp'));
$ticket = str_replace('_', 'ST-', SimpleSAML_Utilities::generateID());
storeTicket($ticket, $path, array('service' => $service, 'forceAuthn' => $forceAuthn, 'attributes' => $attributes, 'proxies' => array(), 'validbefore' => time() + 5));
if (!is_null($sessionTicket) && $ticketFactory->isSessionTicket($sessionTicket) && !$ticketFactory->isExpired($sessionTicket)) {
$proxyTicket = $ticketFactory->createProxyTicket(array('service' => $_GET['targetService'], 'forceAuthn' => $proxyGrantingTicket['forceAuthn'], 'attributes' => $proxyGrantingTicket['attributes'], 'proxies' => $proxyGrantingTicket['proxies'], 'sessionId' => $proxyGrantingTicket['sessionId']));
$ticketStore->addTicket($proxyTicket);
echo $protocol->getProxySuccessResponse($proxyTicket['id']);
} else {
$message = 'Ticket ' . var_export($_GET['pgt'], true) . ' has expired';
SimpleSAML_Logger::debug('casserver:' . $message);
echo $protocol->getProxyFailureResponse('BAD_PGT', $message);
}
} elseif (!$ticketFactory->isProxyGrantingTicket($proxyGrantingTicket)) {
$message = 'Not a valid proxy granting ticket id: ' . var_export($_GET['pgt'], true);
SimpleSAML_Logger::debug('casserver:' . $message);
echo $protocol->getProxyFailureResponse('BAD_PGT', $message);
} else {
$message = 'Ticket ' . var_export($_GET['pgt'], true) . ' not recognized';
SimpleSAML_Logger::debug('casserver:' . $message);
echo $protocol->getProxyFailureResponse('BAD_PGT', $message);
}
} elseif (!array_key_exists('targetService', $_GET)) {
$message = 'Missing target service parameter [targetService]';
SimpleSAML_Logger::debug('casserver:' . $message);
echo $protocol->getProxyFailureResponse('INVALID_REQUEST', $message);
} elseif (!checkServiceURL(sanitize($_GET['targetService']), $legal_target_service_urls)) {
$message = 'Target service parameter not listed as a legal service: [targetService] = ' . var_export($_GET['targetService'], true);
SimpleSAML_Logger::debug('casserver:' . $message);
echo $protocol->getProxyFailureResponse('INVALID_REQUEST', $message);
} else {
$message = 'Missing proxy granting ticket parameter: [pgt]';
SimpleSAML_Logger::debug('casserver:' . $message);
echo $protocol->getProxyFailureResponse('INVALID_REQUEST', $message);
}
require 'tickets.php';
/*
* Incoming parameters:
* targetService
* ptg
*
*/
if (array_key_exists('targetService', $_GET)) {
$targetService = $_GET['targetService'];
$pgt = $_GET['pgt'];
} else {
throw new Exception('Required URL query parameter [targetService] not provided. (CAS Server)');
}
$casconfig = SimpleSAML_Configuration::getConfig('module_casserver.php');
$legal_service_urls = $casconfig->getValue('legal_service_urls');
if (!checkServiceURL($targetService, $legal_service_urls)) {
throw new Exception('Service parameter provided to CAS server is not listed as a legal service: [service] = ' . $service);
}
$path = $casconfig->resolvePath($casconfig->getValue('ticketcache', 'ticketcache'));
$ticket = retrieveTicket($pgt, $path, false);
if ($ticket['validbefore'] > time()) {
$pt = str_replace('_', 'PT-', SimpleSAML\Utils\Random::generateID());
storeTicket($pt, $path, array('service' => $targetService, 'forceAuthn' => false, 'attributes' => $ticket['attributes'], 'proxies' => $ticket['proxies'], 'validbefore' => time() + 5));
print <<<eox
<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
<cas:proxySuccess>
<cas:proxyTicket>{$pt}</cas:proxyTicket>
</cas:proxySuccess>
</cas:serviceResponse>
eox;
} else {
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*
* Incoming parameters:
* service
* renew
* gateway
* entityId
* scope
* language
*/
require_once 'utility/urlUtils.php';
$forceAuthn = isset($_GET['renew']) && $_GET['renew'];
$isPassive = isset($_GET['gateway']) && $_GET['gateway'];
$casconfig = SimpleSAML_Configuration::getConfig('module_casserver.php');
$legal_service_urls = $casconfig->getValue('legal_service_urls');
if (isset($_GET['service']) && !checkServiceURL(sanitize($_GET['service']), $legal_service_urls)) {
$message = 'Service parameter provided to CAS server is not listed as a legal service: [service] = ' . var_export($_GET['service'], true);
SimpleSAML_Logger::debug('casserver:' . $message);
throw new Exception($message);
}
$as = new SimpleSAML_Auth_Simple($casconfig->getValue('authsource'));
if (array_key_exists('scope', $_GET) && is_string($_GET['scope'])) {
$scopes = $casconfig->getValue('scopes', array());
if (array_key_exists($_GET['scope'], $scopes)) {
$idpList = $scopes[$_GET['scope']];
} else {
$message = 'Scope parameter provided to CAS server is not listed as legal scope: [scope] = ' . var_export($_GET['scope'], true);
SimpleSAML_Logger::debug('casserver:' . $message);
throw new Exception($message);
}
}
