This method is called to force authentication if the user was not already
authenticated. If the user is not authenticated, halt by redirecting to
the CAS server.
public static forceAuthentication ( ) : boolean | ||
리턴 | boolean | Authentication |
function checkAndSetUserSession() { // store session data if (!isset($_SESSION['user'])) { $_SESSION['user'] = null; } if (isset($_REQUEST['login']) or isset($_REQUEST['logout'])) { // initialize phpCAS phpCAS::client(CAS_VERSION_2_0, 'login.kth.se', 443, ''); //phpCAS::proxy(CAS_VERSION_2_0,'login.kth.se',443,''); phpCAS::setNoCasServerValidation(); // If you want the redirect back from the login server to enter your application by some // specfic URL rather than just back to the current request URI, call setFixedCallbackURL. //phpCAS::setFixedCallbackURL('http://xml.csc.kth.se/~wiiala/DM2517/project/php/index.php'); // force CAS authentication phpCAS::forceAuthentication(); // at this step, the user has been authenticated by the CAS server // and the user's login name can be read with phpCAS::getUser(). $_SESSION['user'] = phpCAS::getUser(); //Logga ut och redirecta till vår standardsida if (isset($_REQUEST['logout'])) { unset($_SESSION['user']); phpCAS::logoutWithRedirectService('http://kth.kribba.com/'); } } }
public function get_login() { Logger::debug('main', 'AuthMethod_CAS::get_login()'); if (!isset($_SESSION['backup_sso']) || !is_array($_SESSION['backup_sso'])) { $_SESSION['backup_sso'] = array(); } foreach ($_REQUEST as $k => $v) { $_SESSION['backup_sso'][$k] = $v; } $buf = $this->prefs->get('AuthMethod', 'CAS'); $CAS_server_url = $buf['user_authenticate_cas_server_url']; if (!isset($CAS_server_url) || $CAS_server_url == '') { Logger::error('main', 'AuthMethod_CAS::get_login() - Unable to find CAS server url in Preferences'); return NULL; } phpCAS::client(CAS_VERSION_2_0, parse_url($CAS_server_url, PHP_URL_HOST), parse_url($CAS_server_url, PHP_URL_PORT), parse_url($CAS_server_url, PHP_URL_PATH)); Logger::debug('main', 'AuthMethod_CAS::get_login() - Parsing URL - Host:"' . parse_url($CAS_server_url, PHP_URL_HOST) . '" Port:"' . parse_url($CAS_server_url, PHP_URL_PORT) . '" Path:"' . parse_url($CAS_server_url, PHP_URL_PATH) . '"'); phpCAS::setNoCasServerValidation(); if (!phpCAS::forceAuthentication()) { Logger::error('main', 'AuthMethod_CAS::get_login() - phpCAS::forceAuthentication failed'); return NULL; } if (!phpCAS::isAuthenticated()) { Logger::error('main', 'AuthMethod_CAS::get_login() - phpCAS::isAuthenticated failed'); return NULL; } $this->login = phpCAS::getUser(); foreach ($_SESSION['backup_sso'] as $k => $v) { if (isset($_REQUEST[$k])) { continue; } $_REQUEST[$k] = $v; } return $this->login; }
public function execute($filterChain) { $user = $this->getContext()->getUser(); // We put an LDAP object in the context in order to reuse it later $this->getContext()->set('ldap', new uapvLdap()); // Filters can be called several times (because of internal forwards) // Authentication is only done the first time if ($this->isFirstCall() && (sfConfig::get('app_cas_server_force_authentication', false) || !$user->isAuthenticated())) { // phpCAS is not php5-compliant, we remove php warnings and strict errors $errorReporting = ini_get('error_reporting'); error_reporting($errorReporting & ~E_STRICT & ~E_NOTICE); if (sfConfig::get('app_cas_server_debug', false)) { phpCAS::setDebug(); } // see /tmp/phpCAS.log phpCAS::client(sfConfig::get('app_cas_server_version', CAS_VERSION_2_0), sfConfig::get('app_cas_server_host', 'localhost'), sfConfig::get('app_cas_server_port', 443), sfConfig::get('app_cas_server_path', ''), false); // Don't call session_start again, // symfony already did it //phpCAS::handleLogoutRequests (); phpCAS::setNoCasServerValidation(); phpCAS::forceAuthentication(); // if necessary the user will be // redirected to the cas server // At this point the user is authenticated, we log him in $user->signIn(phpCAS::getUser()); // Previous settings can now be restored error_reporting($errorReporting); } // "credential" verification parent::execute($filterChain); }
function forceAuth() { if (!phpCAS::isAuthenticated()) { // If they're not currently logged in, take them to the RPI CAS page phpCAS::forceAuthentication(); } }
function force_login() { if (!isset($GLOBALS['PHPCAS_CLIENT'])) { check_auth(); } phpCAS::forceAuthentication(); }
function metodillo() { $sSQL = "SELECT * FROM PM_PARAMETERS WHERE PRM_ID = 'CAS_URL' "; $aResSQL = executeQuery($sSQL); if (count($aResSQL)) { $sURL = $aResSQL[1]['PRM_VALUE']; $sURI = $aResSQL[1]['PRM_VALUE_2']; $res = false; $RBAC = RBAC::getSingleton(); $RBAC->initRBAC(); require_once 'CAS-1.2.2/CAS.php'; phpCAS::client(CAS_VERSION_2_0, $sURL, 443, $sURI, false); phpCAS::setNoCasServerValidation(); phpCAS::forceAuthentication(); if (phpCAS::isAuthenticated() == true) { $sCasUser = phpCAS::getUser(); $sSQL = "SELECT USR_UID FROM USERS WHERE USR_USERNAME = '******' "; $aResSQL = executeQuery($sSQL); if (count($aResSQL)) { $nUserId = $aResSQL[1]['USR_UID']; $RBAC->singleSignOn = true; $RBAC->userObj->fields['USR_UID'] = $nUserId; $RBAC->userObj->fields['USR_USERNAME'] = $sCasUser; $res = true; } else { $res = false; } } else { $res = false; } } else { $res = false; } return $res; }
public function beforeLogin() { // configure phpCAS $cas_host = $this->get('casAuthServer'); $cas_context = $this->get('casAuthUri'); $cas_port = (int) $this->get('casAuthPort'); // import phpCAS lib $basedir = dirname(__FILE__); Yii::setPathOfAlias('myplugin', $basedir); Yii::import('myplugin.third_party.CAS.*'); require_once 'third_party/CAS/CAS.php'; // Initialize phpCAS phpCAS::client(CAS_VERSION_2_0, $cas_host, $cas_port, $cas_context, false); // disable SSL validation of the CAS server phpCAS::setNoCasServerValidation(); //force CAS authentication phpCAS::forceAuthentication(); $this->setUsername(phpCAS::getUser()); $oUser = $this->api->getUserByName($this->getUserName()); if ($oUser || $this->get('autoCreate')) { // User authenticated and found. Cas become the authentication system $this->getEvent()->set('default', get_class($this)); $this->setAuthPlugin(); // This plugin handles authentication, halt further execution of auth plugins } elseif ($this->get('is_default', null, null)) { // Fall back to another authentication mecanism throw new CHttpException(401, 'Wrong credentials for LimeSurvey administration.'); } }
/** * Attempts to authenticate users via CAS */ public function index() { // If they don't have CAS configured, send them onto the application's // internal authentication system if (!defined('CAS')) { header('Location: ' . BASE_URL . '/login/login?return_url=' . $this->return_url); exit; } require_once CAS . '/CAS.php'; \phpCAS::client(CAS_VERSION_2_0, CAS_SERVER, 443, CAS_URI, false); \phpCAS::setNoCasServerValidation(); \phpCAS::forceAuthentication(); // at this step, the user has been authenticated by the CAS server // and the user's login name can be read with phpCAS::getUser(). // They may be authenticated according to CAS, // but that doesn't mean they have person record // and even if they have a person record, they may not // have a user account for that person record. try { $_SESSION['USER'] = new Person(\phpCAS::getUser()); header("Location: {$this->return_url}"); exit; } catch (\Exception $e) { $_SESSION['errorMessages'][] = $e; } $this->template->blocks[] = new Block('loginForm.inc', array('return_url' => $this->return_url)); }
public function beforeLogin() { if (!is_null($this->api->getRequest()->getParam('noAuthCAS')) || $this->api->getRequest()->getIsPostRequest()) { # Local authentication forced through 'noAuthCAS' url parameter $this->getEvent()->set('default', "Authdb"); } else { // configure phpCAS $cas_host = $this->get('casAuthServer'); $cas_context = $this->get('casAuthUri'); $cas_port = (int) $this->get('casAuthPort'); $cas_version = $this->get('casVersion'); // import phpCAS lib $basedir = dirname(__FILE__); Yii::setPathOfAlias('myplugin', $basedir); Yii::import('myplugin.third_party.CAS.CAS', true); // Initialize phpCAS phpCAS::client($cas_version, $cas_host, $cas_port, $cas_context, false); // disable SSL validation of the CAS server phpCAS::setNoCasServerValidation(); //force CAS authentication phpCAS::forceAuthentication(); $this->setUsername(phpCAS::getUser()); $oUser = $this->api->getUserByName($this->getUserName()); if ($oUser || (int) $this->get('autoCreate') > 0) { // User authenticated and found. Cas become the authentication system $this->getEvent()->set('default', get_class($this)); $this->setAuthPlugin(); // This plugin handles authentication, halt further execution of auth plugins } elseif ($this->get('is_default', null, null)) { // Fall back to another authentication mecanism throw new CHttpException(401, 'Wrong credentials for LimeSurvey administration.'); } } }
/** * Main execution method. Initializes CAS client and force authentication if required before passing user to parent startup method. * * @param object $controller A reference to the instantiating controller object * @return boolean * @access public */ function startup(&$controller) { // CAS authentication required if user is not logged in //debug($controller);exit; //if (!$this->user()) { if (!isset($this->request->query['ticket'])) { // Set debug mode phpCAS::setDebug(false); //if(!empty(phpCAS::getUser())) // debug($this); //Initialize phpCAS //debug(isset($this->request->query['ticket'])); phpCAS::client(CAS_VERSION_2_0, Configure::read('CAS.hostname'), Configure::read('CAS.port'), Configure::read('CAS.uri')); // No SSL validation for the CAS server phpCAS::setNoCasServerValidation(); // Force CAS authentication if required phpCAS::forceAuthentication(); //debug();exit; $model =& $this->getModel(); $controller->data[$model->alias][$this->fields['username']] = phpCAS::getUser(); $controller->data[$model->alias][$this->fields['password']] = 'a'; //$this->User->['username']=phpCAS::getUser(); //$this->User->['password']='******'; } return parent::startup($controller); //$this->redirect(array('controller'=>'User','action'=>'login')); }
function forceAuth() { if (!CASUser::isAuthenticated()) { phpCAS::forceAuthentication(); return false; } return true; }
public function checkAuthentication() { if (phpCAS::isAuthenticated() && !AuthCookie::hasAuthCookie()) { $this->loginCallback(); } // force CAS authentication phpCAS::forceAuthentication(); }
public function __construct() { \phpCAS::setDebug(); \phpCAS::client(CAS_VERSION_2_0, "itebeta.baidu.com", 443, ""); \phpCAS::setNoCasServerValidation(); \phpCAS::forceAuthentication(); $this->username = \phpCAS::getUser(); }
public function checkAuthentication() { if (phpCAS::isAuthenticated() && !Auth::isValidCookie(Auth::getCookieInfo(APP_COOKIE))) { $this->loginCallback(); } // force CAS authentication $auth = phpCAS::forceAuthentication(); }
public static function login() { if (self::$_user) { return self::$_user; } self::init(); phpCAS::forceAuthentication(); session_write_close(); return phpCAS::getUser(); }
public function Validate($username, $password) { try { phpCAS::forceAuthentication(); } catch (Exception $ex) { Log::Error('CAS exception: %s', $ex); return false; } return true; }
/** * This function returns false if the used auth method cannot be * done without user action (ie needs filling login/password in the * form...). If it can be done automatically (SSL, CAS, etc...), then * try to authenticate the user, and return the username if it succeeds, * false otherwise). * * @returns The username if the authentification succeeds, false if * it fails or is not applicable. */ function autoAuth() { // Instanciate phpCAS include_once 'CAS/CAS.php'; phpCAS::client(CAS_VERSION_2_0, $this->casServerHostname, $this->casServerPort, $this->casServerURI); // Do CAS authentication (force it) phpCAS::forceAuthentication(); // If the CAS authentification was successful, phpCAS will get us back // here and return the user login. Just what we needed ! return phpCAS::getUser(); }
public function checkPassword($uid, $password) { if (!phpCAS::forceAuthentication()) { return false; } $uid = phpCAS::getUser(); if ($uid === false) { OCP\Util::writeLog('user_cas', 'phpCAS return no user !', OCP\Util::ERROR); return false; } return $uid; }
public function authenticate(CakeRequest $request, CakeResponse $response) { $user = $this->getUser(); // CAS authentication required if user is not logged in if (!$user) { $this->initializeCASClient(); // Force CAS authentication if required phpCAS::forceAuthentication(); $user = $this->getUser(); } return $user; }
public function Validate($username, $password) { try { if ($_GET["doCAS"] == 1) { phpCAS::forceAuthentication(); } else { return parent::Validate($username, $password); } } catch (Exception $ex) { Log::Error('CAS exception: %s', $ex); return false; } return true; }
public function preLogUser($sessionId) { if ($_GET['get_action'] == "logout") { phpCAS::logout(); return; } phpCAS::forceAuthentication(); $cas_user = phpCAS::getUser(); if (!$this->userExists($cas_user) && $this->autoCreateUser()) { $this->createUser($cas_user, openssl_random_pseudo_bytes(20)); } if ($this->userExists($cas_user)) { AuthService::logUser($cas_user, "", true); } }
/** * Try to login with the CAS server */ public function login() { sfCAS::initPhpCAS(); phpCAS::forceAuthentication(); $username = phpCAS::getUser(); $data = sfGuardUserTable::getInstance()->findOneBy('username', $username); if (!$data || $data->getPassword() == NULL && !$data->getIsActive()) { $data = $this->registerUser($username, $data); } if ($data) { $this->signin($data, false); } else { die('Unauthorized.'); } }
/** * Redirect the user to a login page if he isn't logged in. * * @return void */ protected function _doSecure() { // phpCAS is not php5-compliant, we disable error reporting $errorReporting = ini_get('error_reporting'); error_reporting(0); $this->initCasClient(); phpCAS::setNoCasServerValidation(); phpCAS::forceAuthentication(); // if necessary the user will be // redirected to the cas server // At this point the user is authenticated, we log him in $this->setUserId(phpCAS::getUser()); // Previous settings can now be restored error_reporting($errorReporting); }
protected function casUser() { $cas_host = \Config::get('app.cas_host'); $cas_context = \Config::get('app.cas_context'); $cas_port = \Config::get('app.cas_port'); \phpCAS::setDebug(); \phpCAS::client(CAS_VERSION_2_0, $cas_host, $cas_port, $cas_context); \phpCAS::setNoCasServerValidation(); if (\phpCAS::isAuthenticated()) { $attributes = array('id' => \phpCAS::getUser(), 'name' => \phpCAS::getUser()); return new GenericUser($attributes); } else { \phpCAS::setServerURL(\Config::get('app.url')); \phpCAS::forceAuthentication(); } return null; }
function handle($args) { parent::handle($args); if (common_is_real_login()) { // TRANS: Client error displayed when trying to log in while already logged on. $this->clientError(_m('Already logged in.')); } else { global $casSettings; phpCAS::client(CAS_VERSION_2_0, $casSettings['server'], $casSettings['port'], $casSettings['path'], false); phpCAS::setNoCasServerValidation(); phpCAS::handleLogoutRequests(); phpCAS::forceAuthentication(); global $casTempPassword; $casTempPassword = common_good_rand(16); $user = common_check_user(phpCAS::getUser(), $casTempPassword); if (!$user) { // TRANS: Server error displayed when trying to log in with incorrect username or password. $this->serverError(_m('Incorrect username or password.')); return; } // success! if (!common_set_user($user)) { // TRANS: Server error displayed when login fails in CAS authentication plugin. $this->serverError(_m('Error setting user. You are probably not authorized.')); return; } common_real_login(true); $url = common_get_returnto(); if ($url) { // We don't have to return to it again common_set_returnto(null); } else { if (common_config('site', 'private') && $casSettings['takeOverLogin']) { //SSO users expect to just go to the URL they entered //if we don't have a returnto set, the user entered the //main StatusNet url, so send them there. $url = common_local_url('public'); } else { //With normal logins (regular form-based username/password), //the user would expect to go to their home after logging in. $url = common_local_url('public', array('nickname' => $user->nickname)); } } common_redirect($url, 303); } }
protected function _findUser($u = null, $p = null) { phpCAS::forceAuthentication(); $username = phpCAS::getUser(); $userModel = $this->settings['userModel']; list($plugin, $model) = pluginSplit($userModel); $fields = $this->settings['fields']; $conditions = array($model . '.' . $fields['username'] => $username); if (!empty($this->settings['scope'])) { $conditions = array_merge($conditions, $this->settings['scope']); } $result = ClassRegistry::init($userModel)->find('first', array('conditions' => $conditions, 'recursive' => 0)); if (empty($result) || empty($result[$model])) { return false; } return $result[$model]; }
function authCAS($config) { require_once dirname(__FILE__) . '/CAS/CAS.php'; // get module configuration $cas_validate = true; $cas_version = CAS_VERSION_2_0; $cas_language = 'english'; // phpCAS::setDebug(); phpCAS::client($cas_version, $config->cashostname, (int) $config->casport, $config->casbaseuri, false); phpCAS::setLang($cas_language); error_log("CAS: Entering"); $check = phpCAS::isSessionAuthenticated(); phpCAS::forceAuthentication(); $NetUsername = phpCAS::getUser(); //this stores their network user id error_log("CAS: Exiting {$NetUsername}"); return $NetUsername; }
public function __construct() { parent::__construct(); // $this->load->helper('url'); // $this->cismarty->assign("baseurl", base_url()); $this->cismarty->assign("curruser", ""); // $this->cismarty->assign("module", "manage"); //return; require_once 'lib/phpcas/CAS.php'; phpCAS::setDebug(); /* phpCAS::client(CAS_VERSION_2_0, $this->config->item('cas_host'), $this->config->item('cas_port'), $this->config->item('cas_context')); $this->load->library("session"); */ //phpCAS::client(CAS_VERSION_2_0,'uuap.baidu.com',80,''); phpCAS::client(CAS_VERSION_2_0, 'itebeta.baidu.com', 443, ''); $_SESSION['CAS_USER_LEVEL'] = 2; phpCAS::setNoCasServerValidation(); phpCAS::forceAuthentication(); if (isset($_REQUEST['logout'])) { phpCAS::logout(); } $this->cismarty->assign("curruser", phpCAS::getUser()); $this->currUser = phpCAS::getUser(); /* $sessionPid = $this->session->userdata('productid'); if (isset($_REQUEST['productid'])) { $this->session->set_userdata('productid', $_REQUEST['productid']); } $this->currProductId = $this->session->userdata('productid'); if (empty($this->currProductId)) { $this->currProductId = 1; } $this->cismarty->assign('productid', $this->currProductId); $this->cismarty->assign("module", strtolower(get_class($this))); $this->load->model('product_model'); $products = $this->product_model->getProducts(); $currProduct = $this->product_model->getProduct($this->currProductId); $this->currDbInfo = $currProduct->dbinfo; $this->cismarty->assign("products", $products); $this->cismarty->assign('product', $this->product_model->getProduct($this->currProductId)); */ }
/** * Displays the login page */ public function actionLogin() { Yii::import('application.vendors.CAS.*'); include_once 'CAS/Autoload.php'; spl_autoload_unregister(array('YiiBase', 'autoload')); spl_autoload_register(array('YiiBase', 'autoload')); include_once 'CAS.php'; phpCAS::setDebug(); phpCAS::client(CAS_VERSION_2_0, 'sso.ui.ac.id', 443, 'cas'); phpCAS::setNoCasServerValidation(); phpCAS::forceAuthentication(); phpCAS::checkAuthentication(); $username = phpCAS::getUser(); $identity = new UserIdentity($username); if ($identity->authenticate()) { Yii::app()->user->login($identity); } $this->redirect(array('home/index')); }
public function FilterApplicationConfig(&$oConfig) { $sCasHost = \trim($this->Config()->Get('plugin', 'cas_server_host', '')); $iCasPort = $this->Config()->Get('plugin', 'cas_server_port', 8443); phpCAS::setDebug('/tmp/phpCAS-rl.log'); // Schrijft debug informatie naar een log-file // Parameters: CAS version, CAS server url, CAS server port, CAS server URI (same as host), // boolean indicating session start, communication protocol (SAML) between application and CAS server phpCAS::client(CAS_VERSION_3_0, $sCasHost, $iCasPort, '', true, 'saml'); // Server from which logout requests are sent // phpCAS::handleLogoutRequests(true, array('cas1.ugent.be','cas2.ugent.be','cas3.ugent.be','cas4.ugent.be','cas5.ugent.be','cas6.ugent.be')); phpCAS::handleLogoutRequests(true, array('http://localhost:8080/php_cas_login/home.html')); // Path to the "trusted certificate authorities" file: // phpCAS::setCasServerCACert('/etc/ssl/certs/ca-certificates.crt'); // No server verification (less safe!): phpCAS::setNoCasServerValidation(); // The actual user authentication phpCAS::forceAuthentication(); $this->oAccountManagementProvider = $this->AccountManagementProvider($oConfig); }