/* Load simpleSAMLphp, configuration and metadata */
    $casconfig = SimpleSAML_Configuration::getConfig('module_casserver.php');
    $path = $casconfig->resolvePath($casconfig->getValue('ticketcache', 'ticketcache'));
    $ticketcontent = retrieveTicket($ticket, $path);
    $usernamefield = $casconfig->getValue('attrname', 'eduPersonPrincipalName');
    $dosendattributes = $casconfig->getValue('attributes', FALSE);
    $attributes = $ticketcontent['attributes'];
    $pgtiouxml = "";
    if ($ticketcontent['service'] == $service && $ticketcontent['forceAuthn'] == $forceAuthn && array_key_exists($usernamefield, $attributes) && $ticketcontent['validbefore'] > time()) {
        if (isset($_GET['pgtUrl'])) {
            $pgtUrl = $_GET['pgtUrl'];
            $pgtiou = str_replace('_', 'PGTIOU-', SimpleSAML_Utilities::generateID());
            $pgt = str_replace('_', 'PGT-', SimpleSAML_Utilities::generateID());
            $content = array('attributes' => $attributes, 'forceAuthn' => false, 'proxies' => array_merge(array($service), $ticketcontent['proxies']), 'validbefore' => time() + 60);
            SimpleSAML_Utilities::fetch($pgtUrl . '?pgtIou=' . $pgtiou . '&pgtId=' . $pgt);
            storeTicket($pgt, $path, $content);
            $pgtiouxml = "\n<cas:proxyGrantingTicket>{$pgtiou}</cas:proxyGrantingTicket>\n";
        }
        $proxiesxml = join("\n", array_map(create_function('$a', 'return "<cas:proxy>$a</cas:proxy>";'), $ticketcontent['proxies']));
        if ($proxiesxml) {
            $proxiesxml = "<cas:proxies>\n{$proxiesxml}\n</cas:proxies>\n";
        }
        returnResponse('YES', $function, $attributes[$usernamefield][0], $dosendattributes ? $attributes : array(), $pgtiouxml . $proxiesxml);
    } else {
        returnResponse('NO', $function);
    }
} catch (Exception $e) {
    returnResponse('NO', $function, $e->getMessage());
}
function returnResponse($value, $function, $usrname = '', $attributes = array(), $xtraxml = "")
{
Esempio n. 2
0
if (array_key_exists('targetService', $_GET)) {
    $targetService = $_GET['targetService'];
    $pgt = $_GET['pgt'];
} else {
    throw new Exception('Required URL query parameter [targetService] not provided. (CAS Server)');
}
$casconfig = SimpleSAML_Configuration::getConfig('module_casserver.php');
$legal_service_urls = $casconfig->getValue('legal_service_urls');
if (!checkServiceURL($targetService, $legal_service_urls)) {
    throw new Exception('Service parameter provided to CAS server is not listed as a legal service: [service] = ' . $service);
}
$path = $casconfig->resolvePath($casconfig->getValue('ticketcache', 'ticketcache'));
$ticket = retrieveTicket($pgt, $path, false);
if ($ticket['validbefore'] > time()) {
    $pt = str_replace('_', 'PT-', SimpleSAML\Utils\Random::generateID());
    storeTicket($pt, $path, array('service' => $targetService, 'forceAuthn' => false, 'attributes' => $ticket['attributes'], 'proxies' => $ticket['proxies'], 'validbefore' => time() + 5));
    print <<<eox
<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
    <cas:proxySuccess>
        <cas:proxyTicket>{$pt}</cas:proxyTicket>
    </cas:proxySuccess>
</cas:serviceResponse>
eox;
} else {
    print <<<eox
<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
    <cas:proxyFailure code="INVALID_REQUEST">
        Proxygranting ticket to old - ssp casserver only supports shortlived (30 secs) pgts.
    </cas:proxyFailure>
</cas:serviceResponse>
eox;
Esempio n. 3
0
 *  service
 *  renew
 *  gateway
 *  
 */
if (!array_key_exists('service', $_GET)) {
    throw new Exception('Required URL query parameter [service] not provided. (CAS Server)');
}
$service = $_GET['service'];
$forceAuthn = isset($_GET['renew']) && $_GET['renew'];
$isPassive = isset($_GET['gateway']) && $_GET['gateway'];
$config = SimpleSAML_Configuration::getInstance();
$casconfig = SimpleSAML_Configuration::getConfig('module_casserver.php');
$legal_service_urls = $casconfig->getValue('legal_service_urls');
if (!checkServiceURL($service, $legal_service_urls)) {
    throw new Exception('Service parameter provided to CAS server is not listed as a legal service: [service] = ' . $service);
}
$auth = $casconfig->getValue('auth', 'saml2');
if (!in_array($auth, array('saml2', 'shib13'))) {
    throw new Exception('CAS Service configured to use [auth] = ' . $auth . ' only [saml2,shib13] is legal.');
}
$as = new SimpleSAML_Auth_Simple($auth);
if (!$as->isAuthenticated()) {
    $params = array('ForceAuthn' => $forceAuthn, 'isPassive' => $isPassive);
    $as->login($params);
}
$attributes = $as->getAttributes();
$path = $casconfig->resolvePath($casconfig->getValue('ticketcache', '/tmp'));
$ticket = str_replace('_', 'ST-', SimpleSAML_Utilities::generateID());
storeTicket($ticket, $path, array('service' => $service, 'forceAuthn' => $forceAuthn, 'attributes' => $attributes, 'proxies' => array(), 'validbefore' => time() + 5));
SimpleSAML_Utilities::redirectTrustedURL(SimpleSAML_Utilities::addURLparameter($service, array('ticket' => $ticket)));
Esempio n. 4
0
$session = SimpleSAML_Session::getInstance();
$legal_service_urls = $casconfig->getValue('legal_service_urls');
if (!checkServiceURL($service, $legal_service_urls)) {
    throw new Exception('Service parameter provided to CAS server is not listed as a legal service: [service] = ' . $service);
}
$auth = $casconfig->getValue('auth', 'saml2');
if (!in_array($auth, array('saml2', 'shib13'))) {
    throw new Exception('CAS Service configured to use [auth] = ' . $auth . ' only [saml2,shib13] is legal.');
}
if (!$session->isValid($auth)) {
    SimpleSAML_Utilities::redirect('/' . $config->getBaseURL() . $auth . '/sp/initSSO.php', array('RelayState' => SimpleSAML_Utilities::selfURL()));
}
$attributes = $session->getAttributes();
$path = $casconfig->resolvePath($casconfig->getValue('ticketcache', 'ticketcache'));
$ticket = SimpleSAML_Utilities::generateID();
storeTicket($ticket, $path, $attributes);
// $test = retrieveTicket($ticket, $path);
SimpleSAML_Utilities::redirect(SimpleSAML_Utilities::addURLparameter($service, array('ticket' => $ticket)));
function storeTicket($ticket, $path, &$value)
{
    if (!is_dir($path)) {
        throw new Exception('Directory for CAS Server ticket storage [' . $path . '] does not exists. ');
    }
    if (!is_writable($path)) {
        throw new Exception('Directory for CAS Server ticket storage [' . $path . '] is not writable. ');
    }
    $filename = $path . '/' . $ticket;
    file_put_contents($filename, serialize($value));
}
function retrieveTicket($ticket, $path)
{