Set the login URL of the CAS server.
public static setServerLoginURL ( string $url = '' ) : void | ||
$url | string | the login URL |
return | void |
public function auth($isRedirect = true) { // 判断是否为退出操作 if ($this->ctrl == 'index' && $this->act == 'logout') { $this->_logout(); } elseif ($this->ctrl == 'index' && $this->act == 'synlogout') { $this->_synlogout(); } else { if ($isRedirect) { phpCAS::setServerLoginURL($this->loginUrl()); phpCAS::forceAuthentication(); $this->casInfo = $this->_getUser(); if ($backurl = $this->request->getQuery('backurl')) { $backurl = 'http://' . $this->cfg['host'] . ':' . $this->cfg['port'] . '/index/sessid?backurl=' . urlencode($backurl) . '&st=' . session_id(); $this->response->redirect($backurl); return; } if ($this->isAdmin && !$this->_checkPerm()) { exit('无权限访问'); } } } }
// //////////////////////////////////////////////////////////////////////////////////////////////////// if ($connexion_mode == 'cas') { // Pour tester, cette méthode statique créé un fichier de log sur ce qui se passe avec CAS if (DEBUG_PHPCAS) { if (HEBERGEUR_INSTALLATION == 'mono-structure' || !PHPCAS_ETABL_ID_LISTING || strpos(PHPCAS_ETABL_ID_LISTING, ',' . $BASE . ',') !== FALSE) { $fichier_nom_debut = 'debugcas_' . $BASE; $fichier_nom_fin = fabriquer_fin_nom_fichier__pseudo_alea($fichier_nom_debut); phpCAS::setDebug(PHPCAS_CHEMIN_LOGS . $fichier_nom_debut . '_' . $fichier_nom_fin . '.txt'); } } // Initialiser la connexion avec CAS ; le premier argument est la version du protocole CAS ; le dernier argument indique qu'on utilise la session existante phpCAS::client(CAS_VERSION_2_0, $cas_serveur_host, (int) $cas_serveur_port, $cas_serveur_root, FALSE); phpCAS::setLang(PHPCAS_LANG_FRENCH); // Surcharge éventuelle des URL if ($cas_serveur_url_login) { phpCAS::setServerLoginURL($cas_serveur_url_login); } if ($cas_serveur_url_logout) { phpCAS::setServerLogoutURL($cas_serveur_url_logout); } if ($cas_serveur_url_validate) { phpCAS::setServerServiceValidateURL($cas_serveur_url_validate); } // Suite à des attaques DDOS, Kosmos a décidé en avril 2015 de filtrer les requêtes en bloquant toutes celles sans User-Agent. // C'est idiot car cette valeur n'est pas fiable, n'importe qui peut présenter n'importe quel User-Agent ! // En attendant qu'ils appliquent un remède plus intelligent, et au cas où un autre prestataire aurait la même mauvaise idée, on envoie un User-Agent bidon (défini dans le loader)... phpCAS::setExtraCurlOption(CURLOPT_USERAGENT, CURL_AGENT); // Appliquer un proxy si défini par le webmestre ; voir cURL::get_contents() pour les commentaires. if (defined('SERVEUR_PROXY_USED') && SERVEUR_PROXY_USED) { phpCAS::setExtraCurlOption(CURLOPT_PROXY, SERVEUR_PROXY_NAME); phpCAS::setExtraCurlOption(CURLOPT_PROXYPORT, (int) SERVEUR_PROXY_PORT);
/** * Initialize CAS client * */ private function cas_init() { if (!$this->cas_inited) { // retrieve configurations $cfg = rcmail::get_instance()->config->all(); // include phpCAS require_once('/usr/share/php/CAS/CAS.php'); phpCAS::setDebug('/var/log/lcs/casdebug.log'); // initialize CAS client if ($cfg['cas_proxy']) { phpCAS::proxy(CAS_VERSION_2_0, $cfg['cas_hostname'], $cfg['cas_port'], $cfg['cas_uri'], false); // set URL for PGT callback phpCAS::setFixedCallbackURL($this->generate_url(array('action' => 'pgtcallback'))); // set PGT storage #phpCAS::setPGTStorageFile('xml', $cfg['cas_pgt_dir']); phpCAS::setPGTStorageFile($cfg['cas_pgt_dir']); } else { phpCAS::client(CAS_VERSION_2_0, $cfg['cas_hostname'], $cfg['cas_port'], $cfg['cas_uri'], false); } // set service URL for authorization with CAS server phpCAS::setFixedServiceURL($this->generate_url(array('action' => 'login', 'task' => 'mail'))); // set SSL validation for the CAS server if ($cfg['cas_validation'] == 'self') { phpCAS::setCasServerCert($cfg['cas_cert']); } else if ($cfg['cas_validation'] == 'ca') { phpCAS::setCasServerCACert($cfg['cas_cert']); } else { phpCAS::setNoCasServerValidation(); } // set login and logout URLs of the CAS server phpCAS::setServerLoginURL($cfg['cas_login_url']); phpCAS::setServerLogoutURL($cfg['cas_logout_url']); $this->cas_inited = true; } }
/** * Modify phpCAS authentication properties. * * This is called after phpCAS has been configured with the basic server * properties, but before phpCAS::forceAuthentication() is called. * * Users will generally not need to implement this hook, as most phpCAS * configuration options are already provided in the CAS module UI. * * There are no parameters, instead the module should directly call the * functions in the phpCAS namespace. */ function hook_cas_phpcas_alter() { // Set a custom server login URL. phpCAS::setServerLoginURL('https://login.example.com/cas/login'); }
/** * @todo make this options usable. * @todo move to other class * * @param string $providerName defined in Settings.yaml * * @throws \TYPO3\Flow\Exception * * @return void */ private function setOptionalClientSettings($providerName) { $casClientSettings = $this->getClientSettingsByProviderName($providerName); try { if (!empty($casClientSettings['serverLoginURL'])) { \phpCAS::setServerLoginURL($casClientSettings['serverLoginURL']); } if (!empty($casClientSettings['serverLogoutURL'])) { \phpCAS::setServerLogoutURL($casClientSettings['serverLogoutURL']); } if (!empty($casClientSettings['serverProxyValidateURL'])) { \phpCAS::setServerProxyValidateURL($casClientSettings['serverProxyValidateURL']); } if (!empty($casClientSettings['serverSamlValidateURL'])) { \phpCAS::setServerSamlValidateURL($casClientSettings['serverSamlValidateURL']); } if (!empty($casClientSettings['serverServiceValidateURL'])) { \phpCAS::setServerServiceValidateURL($casClientSettings['serverServiceValidateURL']); } // since CAS 4.0 disbled if (!empty($casClientSettings['singleSignoutCallback'])) { \phpCAS::setSingleSignoutCallback($casClientSettings['singleSignoutCallback']); } } catch (\Exception $exc) { throw new \TYPO3\Flow\Exception('Can not set some optianal property in Jasigs phpCAS broken on: ' . $exc->getCode() . ' with message: ' . $exc->getMessage(), 1372519681); } }
/** * Sets the URL to login to the CAS server. * * @param string $url The CAS url * * @return string */ public function setLoginUrl($url = '') { if (empty($url)) { $url = $this->getUrl(); $url .= substr($url, -1) == '/' ? 'login?' : '/login?'; $queryParams = array($this->getServiceParam() => $this->getService(), "ssokey" => $this->getApiKey(), "extraParams" => $this->getExtraParams(), "sign" => $this->getSign(), "source" => $this->getSource(), 'redirect_uri' => $this->getRedirectUri()); $url .= http_build_query($queryParams); } $this->_loginUrl = $url; // set login and logout URLs of the CAS server phpCAS::setServerLoginURL($this->_loginUrl); }
protected function iniciar_pedido_cas() { $this->instanciar_cliente_cas(); phpCAS::setExtraCurlOption(CURLOPT_SSLVERSION, 3); // Se genera la URL de servicio $param = array(); if (isset($this->parametros_url) && is_array($this->parametros_url)) { $param = $this->parametros_url; } $url = $this->generar_url($param); phpCAS::setFixedServiceURL($url); // Tipo de auth if (toba::instalacion()->es_produccion()) { phpCAS::setCasServerCACert($this->archivo_certificado, $this->validar_cn); } else { phpCAS::setNoCasServerValidation(); } phpCAS::setServerLoginURL(''); /** Llamada principal al authentificación de CAS, si no estás autenticado te redirecciona ahí adentro y no sigue ejecutando Si pasa está función significa que estás autenticado **/ phpCAS::forceAuthentication(); }
/** * Checks to see if boilerkey is required, and if so, is present * * @param string $return the return location * @return bool **/ private function checkBoilerkey($return = '') { // If boilerkey isn't required, just return true for our check if (!$this->isBoilerkeyRequired()) { return true; } // Check the last auth time for boilerkey $lastAuth = phpCAS::getAttribute('boilerkeyauthtime'); // If there is a last auth time, we just have to make sure it's not // above the configurable threshold if (isset($lastAuth) && !empty($lastAuth)) { $current = time(); $lastAuth = strtotime($lastAuth); // Take the absolute value just in case system times are slightly out of sync $diff = abs($current - $lastAuth); if ($diff / 60 < $this->params->get('boilerkey_timeout', 15)) { return true; } } // We either don't have a cas session with boilerkey, or it's too old. // So we essentially make them reauth. $return = !empty($return) ? '&return=' . base64_encode($return) : ''; $loginUrl = 'https://www.purdue.edu/apps/account/cas/logout?reauthWithBoilerkeyService='; // Not sure why we need to encode twice. I think somewhere along the lines, the CAS server // removes the encoding once. $loginUrl .= urlencode(urlencode(self::getRedirectUri('pucas') . $return)); // Kill the session var holding the CAS ticket, otherwise it will find the old session // and never actually redirect to the CAS server logout/login page unset($_SESSION['phpCAS']); phpCAS::setServerLoginURL($loginUrl); phpCAS::forceAuthentication(); }