static function casLoginProcess() { global $config, $message, $ui; self::init(); /* Reset error messages */ $message = ''; //~ phpCAS::setDebug(); // Initialize phpCAS phpCAS::client(CAS_VERSION_2_0, $config->get_cfg_value('casHost', 'localhost'), (int) $config->get_cfg_value('casPort', 443), $config->get_cfg_value('casContext', '')); // Set the CA certificate that is the issuer of the cert phpCAS::setCasServerCACert($config->get_cfg_value('casServerCaCertPath')); //~ phpCAS::setNoCasServerValidation(); // force CAS authentication phpCAS::forceAuthentication(); self::$username = phpCAS::getUser(); $ldap = $config->get_ldap_link(); $ldap->cd($config->current['BASE']); $verify_attr = explode(',', $config->get_cfg_value('loginAttribute', 'uid')); $filter = ''; foreach ($verify_attr as $attr) { $filter .= '(' . $attr . '=' . self::$username . ')'; } $ldap->search('(&(|' . $filter . ')(objectClass=inetOrgPerson))'); $attrs = $ldap->fetch(); if ($ldap->count() < 1) { msg_dialog::display(_('Error'), sprintf(_('CAS user "%s" could not be found in the LDAP'), self::$username), FATAL_ERROR_DIALOG); exit; } elseif ($ldap->count() > 1) { msg_dialog::display(_('Error'), sprintf(_('CAS user "%s" match several users in the LDAP'), self::$username), FATAL_ERROR_DIALOG); exit; } $ui = new userinfo($config, $attrs['dn']); $ui->loadACL(); $success = self::runSteps(array('loginAndCheckExpired', 'runSchemaCheck', 'checkForLockingBranch')); if ($success) { /* Everything went well, redirect to main.php */ self::redirect(); } }