Enable verbose errors messages in the website output
This is a security relevant since internal status info may leak an may
help an attacker. Default is therefore false
| public static setVerbose ( boolean $verbose ) : void | ||
| $verbose | boolean | enable verbose output |
| return | void | |
public function __construct(array $options = array())
{
$this->options = $options;
\phpCAS::getVersion();
\phpCAS::setDebug('/tmp/cas-log.log');
\phpCAS::setVerbose(true);
$this->client = new \CAS_Client(SAML_VERSION_1_1, false, $this->options['webnet.sso_auth.client.option.cas_host.value'], $this->options['webnet.sso_auth.client.option.cas_port.value'], $this->options['webnet.sso_auth.client.option.cas_context.value']);
$this->client->setNoCasServerValidation();
$this->client->handleLogoutRequests(false, false);
}
* @file example_logout.php * @category Authentication * @package PhpCAS * @author Joachim Fritschi <*****@*****.**> * @author Adam Franco <*****@*****.**> * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 * @link https://wiki.jasig.org/display/CASC/phpCAS */ // Load the settings from the central config file require_once 'config.php'; // Load the CAS lib require_once $phpcas_path . '/CAS.php'; // Enable debugging phpCAS::setDebug(); // Enable verbose error messages. Disable in production! phpCAS::setVerbose(true); // Initialize phpCAS phpCAS::client(CAS_VERSION_2_0, $cas_host, $cas_port, $cas_context); // For production use set the CA certificate that is the issuer of the cert // on the CAS server and uncomment the line below // phpCAS::setCasServerCACert($cas_server_ca_cert_path); // For quick testing you can disable SSL validation of the CAS server. // THIS SETTING IS NOT RECOMMENDED FOR PRODUCTION. // VALIDATING THE CAS SERVER IS CRUCIAL TO THE SECURITY OF THE CAS PROTOCOL! phpCAS::setNoCasServerValidation(); // handle incoming logout requests phpCAS::handleLogoutRequests(); // Or as an advanced featue handle SAML logout requests that emanate from the // CAS host exclusively. // Failure to restrict SAML logout requests to authorized hosts could // allow denial of service attacks where at the least the server is
* @file example_hardening.php * @category Authentication * @package PhpCAS * @author Joachim Fritschi <*****@*****.**> * @author Adam Franco <*****@*****.**> * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 * @link https://wiki.jasig.org/display/CASC/phpCAS */ // Load the settings from the central config file require_once 'config.php'; // Load the CAS lib require_once $phpcas_path . '/CAS.php'; // Enable debugging phpCAS::setDebug(); // Enable verbose error messages. Disable in production! phpCAS::setVerbose(false); // Harden session cookie to prevent some attacks on the cookie (e.g. XSS) session_set_cookie_params($client_lifetime, $client_path, $client_domain, $client_secure, $client_httpOnly); // Initialize phpCAS phpCAS::client(SAML_VERSION_1_1, $cas_host, $cas_port, $cas_context); // For production use set the CA certificate that is the issuer of the cert // on the CAS server and uncomment the line below phpCAS::setCasServerCACert($cas_server_ca_cert_path); // For quick testing you can disable SSL validation of the CAS server. // THIS SETTING IS NOT RECOMMENDED FOR PRODUCTION. // VALIDATING THE CAS SERVER IS CRUCIAL TO THE SECURITY OF THE CAS PROTOCOL! // phpCAS::setNoCasServerValidation(); // Handle SAML logout requests that emanate from the CAS host exclusively. // Failure to restrict SAML logout requests to authorized hosts could // allow denial of service attacks where at the least the server is // tied up parsing bogus XML messages.
