function checkAndSetUserSession() { // store session data if (!isset($_SESSION['user'])) { $_SESSION['user'] = null; } if (isset($_REQUEST['login']) or isset($_REQUEST['logout'])) { // initialize phpCAS phpCAS::client(CAS_VERSION_2_0, 'login.kth.se', 443, ''); //phpCAS::proxy(CAS_VERSION_2_0,'login.kth.se',443,''); phpCAS::setNoCasServerValidation(); // If you want the redirect back from the login server to enter your application by some // specfic URL rather than just back to the current request URI, call setFixedCallbackURL. //phpCAS::setFixedCallbackURL('http://xml.csc.kth.se/~wiiala/DM2517/project/php/index.php'); // force CAS authentication phpCAS::forceAuthentication(); // at this step, the user has been authenticated by the CAS server // and the user's login name can be read with phpCAS::getUser(). $_SESSION['user'] = phpCAS::getUser(); //Logga ut och redirecta till vår standardsida if (isset($_REQUEST['logout'])) { unset($_SESSION['user']); phpCAS::logoutWithRedirectService('http://kth.kribba.com/'); } } }
function check_cas_result($config) { require_once dirname(__DIR__) . '/vendor/autoload.php'; try { $cas_version = $config->cas_version ? $config->cas_version : CAS_VERSION_2_0; // phpCAS::setDebug(); phpCAS::client($cas_version, $config->cashostname, (int) $config->casport, $config->casbaseuri, false); // don't automatically clear tickets from the url, we're taking care of that phpCAS::setNoClearTicketsFromUrl(); // if a certificate is provided, use it, otherwise don't if ($config->cas_server_ca_cert_path != "") { // here we sould set the server certificate for production // '/etc/pki/tls/certs/DigiCertCA.crt' phpCAS::setCasServerCACert($config->cas_server_ca_cert_path); } else { // if you want to skip ssl verification if ($config->cas_server_no_validation) { phpCAS::setNoCasServerValidation(); } } // check authentication; returns true/false if (phpCAS::checkAuthentication()) { // grab username $NetUsername = phpCAS::getUser(); return $NetUsername; } else { return false; } } catch (Exception $e) { error_log("CAS ERROR: " . $e->getMessage()); register_error($e->getMessage()); return false; } }
function metodillo() { $sSQL = "SELECT * FROM PM_PARAMETERS WHERE PRM_ID = 'CAS_URL' "; $aResSQL = executeQuery($sSQL); if (count($aResSQL)) { $sURL = $aResSQL[1]['PRM_VALUE']; $sURI = $aResSQL[1]['PRM_VALUE_2']; $res = false; $RBAC = RBAC::getSingleton(); $RBAC->initRBAC(); require_once 'CAS-1.2.2/CAS.php'; phpCAS::client(CAS_VERSION_2_0, $sURL, 443, $sURI, false); phpCAS::setNoCasServerValidation(); phpCAS::forceAuthentication(); if (phpCAS::isAuthenticated() == true) { $sCasUser = phpCAS::getUser(); $sSQL = "SELECT USR_UID FROM USERS WHERE USR_USERNAME = '******' "; $aResSQL = executeQuery($sSQL); if (count($aResSQL)) { $nUserId = $aResSQL[1]['USR_UID']; $RBAC->singleSignOn = true; $RBAC->userObj->fields['USR_UID'] = $nUserId; $RBAC->userObj->fields['USR_USERNAME'] = $sCasUser; $res = true; } else { $res = false; } } else { $res = false; } } else { $res = false; } return $res; }
public function get_login() { Logger::debug('main', 'AuthMethod_CAS::get_login()'); if (!isset($_SESSION['backup_sso']) || !is_array($_SESSION['backup_sso'])) { $_SESSION['backup_sso'] = array(); } foreach ($_REQUEST as $k => $v) { $_SESSION['backup_sso'][$k] = $v; } $buf = $this->prefs->get('AuthMethod', 'CAS'); $CAS_server_url = $buf['user_authenticate_cas_server_url']; if (!isset($CAS_server_url) || $CAS_server_url == '') { Logger::error('main', 'AuthMethod_CAS::get_login() - Unable to find CAS server url in Preferences'); return NULL; } phpCAS::client(CAS_VERSION_2_0, parse_url($CAS_server_url, PHP_URL_HOST), parse_url($CAS_server_url, PHP_URL_PORT), parse_url($CAS_server_url, PHP_URL_PATH)); Logger::debug('main', 'AuthMethod_CAS::get_login() - Parsing URL - Host:"' . parse_url($CAS_server_url, PHP_URL_HOST) . '" Port:"' . parse_url($CAS_server_url, PHP_URL_PORT) . '" Path:"' . parse_url($CAS_server_url, PHP_URL_PATH) . '"'); phpCAS::setNoCasServerValidation(); if (!phpCAS::forceAuthentication()) { Logger::error('main', 'AuthMethod_CAS::get_login() - phpCAS::forceAuthentication failed'); return NULL; } if (!phpCAS::isAuthenticated()) { Logger::error('main', 'AuthMethod_CAS::get_login() - phpCAS::isAuthenticated failed'); return NULL; } $this->login = phpCAS::getUser(); foreach ($_SESSION['backup_sso'] as $k => $v) { if (isset($_REQUEST[$k])) { continue; } $_REQUEST[$k] = $v; } return $this->login; }
public function __construct() { // These are default values for the first login and should be changed via GUI $CAS_HOSTNAME = 'your.domain.org'; $CAS_PORT = '443'; $CAS_PATH = '/cas'; $this->autocreate = OCP\Config::getAppValue('user_cas', 'cas_autocreate', true); $this->updateUserData = OCP\Config::getAppValue('user_cas', 'cas_update_user_data', true); $this->defaultGroup = OCP\Config::getAppValue('user_cas', 'cas_default_group', ''); $this->protectedGroups = explode(',', str_replace(' ', '', OCP\Config::getAppValue('user_cas', 'cas_protected_groups', ''))); $this->mailMapping = OCP\Config::getAppValue('user_cas', 'cas_email_mapping', ''); $this->displayNameMapping = OCP\Config::getAppValue('user_cas', 'cas_displayName_mapping', ''); $this->groupMapping = OCP\Config::getAppValue('user_cas', 'cas_group_mapping', ''); $casVersion = OCP\Config::getAppValue('user_cas', 'cas_server_version', '2.0'); $casHostname = OCP\Config::getAppValue('user_cas', 'cas_server_hostname', $CAS_HOSTNAME); $casPort = OCP\Config::getAppValue('user_cas', 'cas_server_port', $CAS_PORT); $casPath = OCP\Config::getAppValue('user_cas', 'cas_server_path', $CAS_PATH); $casCertPath = OCP\Config::getAppValue('user_cas', 'cas_cert_path', ''); global $initialized_cas; if (!$initialized_cas) { phpCAS::client($casVersion, $casHostname, (int) $casPort, $casPath, false); if (!empty($casCertPath)) { phpCAS::setCasServerCACert($casCertPath); } else { phpCAS::setNoCasServerValidation(); } $initialized_cas = true; } }
private function init_cas_client() { if (class_exists('phpCAS')) { return true; } require getConfig('casldap_phpcas_path'); $cas_debug_file = getConfig('cas_debug_file_path'); if (!empty($cas_debug_file)) { phpCAS::setDebug($cas_debug_file); } $cas_host = getConfig('cas_host'); $cas_port = getConfig('cas_port') or 443; $cas_context = getConfig('cas_context'); switch (getConfig('cas_version')) { case 1: $cas_version = CAS_VERSION_1_0; break; case 2: $cas_version = CAS_VERSION_2_0; break; case 3: $cas_version = CAS_VERSION_3_0; break; default: $cas_version = CAS_VERSION_2_0; break; } phpCAS::client($cas_version, $cas_host, intval($cas_port), $cas_context); $cas_server_ca_cert_path = getConfig('cas_server_ca_cert_path'); if ($cas_server_ca_cert_path) { phpCAS::setCasServerCACert($cas_server_ca_cert_path); } else { phpCAS::setNoCasServerValidation(); } }
public function execute($filterChain) { $user = $this->getContext()->getUser(); // We put an LDAP object in the context in order to reuse it later $this->getContext()->set('ldap', new uapvLdap()); // Filters can be called several times (because of internal forwards) // Authentication is only done the first time if ($this->isFirstCall() && (sfConfig::get('app_cas_server_force_authentication', false) || !$user->isAuthenticated())) { // phpCAS is not php5-compliant, we remove php warnings and strict errors $errorReporting = ini_get('error_reporting'); error_reporting($errorReporting & ~E_STRICT & ~E_NOTICE); if (sfConfig::get('app_cas_server_debug', false)) { phpCAS::setDebug(); } // see /tmp/phpCAS.log phpCAS::client(sfConfig::get('app_cas_server_version', CAS_VERSION_2_0), sfConfig::get('app_cas_server_host', 'localhost'), sfConfig::get('app_cas_server_port', 443), sfConfig::get('app_cas_server_path', ''), false); // Don't call session_start again, // symfony already did it //phpCAS::handleLogoutRequests (); phpCAS::setNoCasServerValidation(); phpCAS::forceAuthentication(); // if necessary the user will be // redirected to the cas server // At this point the user is authenticated, we log him in $user->signIn(phpCAS::getUser()); // Previous settings can now be restored error_reporting($errorReporting); } // "credential" verification parent::execute($filterChain); }
/** * Initialize the class, this must be called before anything else * @param $config * @param bool $changeSessionID Allow phpCAS to change the session_id (Single Sign Out/handleLogoutRequests is based on that change) * @param $debugLog Set to a path to enable debug log */ public static function init($config, $changeSessionID = true, $debugLog = null) { if ($debugLog != null) { phpCAS::setDebug($debugLog); } phpCAS::client(CAS_VERSION_2_0, $config['site'], $config['port'], "cas", $changeSessionID); self::$config = $config; $private_key = null; if (isset($config['private_key'])) { $key = static::resolve_filename($config['private_key']); $private_key = openssl_get_privatekey("file:///{$key}"); if ($private_key === false) { throw new NXAuthError("Failed to open private key {$key}"); } } if (isset($config['ca_cert']) && $config['ca_cert'] != null) { self::$ca_cert = static::resolve_filename($config['ca_cert']); phpCAS::setCasServerCACert(self::$ca_cert); } else { phpCAS::setNoCasServerValidation(); // Disable curl ssl verification phpCAS::setExtraCurlOption(CURLOPT_SSL_VERIFYHOST, 0); phpCAS::setExtraCurlOption(CURLOPT_SSL_VERIFYPEER, 0); } NXAPI::init(array('private_key' => $private_key, 'key_id' => $config['key_id'], 'url' => "https://" . $config['site'], 'ca_cert' => self::$ca_cert)); }
/** * Attempts to authenticate users via CAS */ public function index() { // If they don't have CAS configured, send them onto the application's // internal authentication system if (!defined('CAS')) { header('Location: ' . BASE_URL . '/login/login?return_url=' . $this->return_url); exit; } require_once CAS . '/CAS.php'; \phpCAS::client(CAS_VERSION_2_0, CAS_SERVER, 443, CAS_URI, false); \phpCAS::setNoCasServerValidation(); \phpCAS::forceAuthentication(); // at this step, the user has been authenticated by the CAS server // and the user's login name can be read with phpCAS::getUser(). // They may be authenticated according to CAS, // but that doesn't mean they have person record // and even if they have a person record, they may not // have a user account for that person record. try { $_SESSION['USER'] = new Person(\phpCAS::getUser()); header("Location: {$this->return_url}"); exit; } catch (\Exception $e) { $_SESSION['errorMessages'][] = $e; } $this->template->blocks[] = new Block('loginForm.inc', array('return_url' => $this->return_url)); }
public function __construct() { $setup = self::loadSetup(); $this->client = phpCAS::client(CAS_VERSION_2_0, $setup['host'], $setup['port'], $setup['context']); // For simplicities sake at the moment we are not validating the server auth. phpCAS::setNoCasServerValidation(); phpCAS::setPostAuthenticateCallback(array($this, 'loginCallback')); }
public function __construct() { \phpCAS::setDebug(); \phpCAS::client(CAS_VERSION_2_0, "itebeta.baidu.com", 443, ""); \phpCAS::setNoCasServerValidation(); \phpCAS::forceAuthentication(); $this->username = \phpCAS::getUser(); }
private function prepare() { \phpCAS::client(CAS_VERSION_2_0, $this->casUrl, $this->casPort, $this->casUri, false); //\phpCAS::setDebug('/tmp/cas.log'); \phpCAS::setNoCasServerValidation(); //\phpCAS::setSingleSignoutCallback(array($this, 'casSingleSignOut')); //\phpCAS::setPostAuthenticateCallback(array($this, 'casPostAuth')); \phpCAS::handleLogoutRequests(true, $this->casAllowedIpClients); }
public function init($options) { parent::init($options); $this->cas_server = $this->getOption("CAS_SERVER"); $this->cas_port = $this->getOption("CAS_PORT"); $this->cas_uri = $this->getOption("CAS_URI"); phpCAS::client(CAS_VERSION_1_0, $this->cas_server, $this->cas_port, $this->cas_uri, false); phpCAS::setNoCasServerValidation(); }
function initPhpCAS($host, $port, $context, $CA_certificate_file) { phpCAS::client(SAML_VERSION_1_1, $host, intval($port), $context, false); if ($CA_certificate_file) { phpCAS::setCasServerCACert($CA_certificate_file); } else { phpCAS::setNoCasServerValidation(); } //phpCAS::setLang(PHPCAS_LANG_FRENCH); }
public function __construct() { parent::__construct(); $this->load->database(); $this->load->library('grocery_CRUD'); include_once 'CAS.php'; phpCAS::client('2.0', 'cas.uhp-nancy.fr', 443, '/cas', false); phpCAS::setNoCasServerValidation(); phpCAS::handleLogoutRequests(false); }
function check_auth() { if (!isset($GLOBALS['PHPCAS_CLIENT'])) { phpCAS::client(CAS_VERSION_2_0, 'cas.byu.edu', 443, 'cas'); //phpCAS::setCasServerCACert("../CAS/cas_ca.pem"); phpCAS::setNoCasServerValidation(); phpCAS::setDebug("cas_error.txt"); phpCAS::handleLogoutRequests(true, array('cas.byu.edu', 'cas1.byu.edu', 'cas2.byu.edu', 'cas3.byu.edu')); } return phpCAS::isAuthenticated(); }
/** * Stores the configuration. Calls the parent configuration first, * then does additional operations. * * @param object Properties $configuration * @return object * @access public * @since 3/24/05 */ function assignConfiguration(Properties $configuration) { parent::assignConfiguration($configuration); $format = $configuration->getProperty('DISPLAY_NAME_FORMAT'); ArgumentValidator::validate($format, RegexValidatorRule::getRule('/\\[\\[([^]]+)\\]\\]/')); $this->displayNameFormat = $format; if ($debug = $configuration->getProperty('CAS_DEBUG_PATH')) { ArgumentValidator::validate($debug, StringValidatorRule::getRule()); phpCAS::setDebug($debug); } $host = $configuration->getProperty('CAS_HOST'); ArgumentValidator::validate($host, RegexValidatorRule::getRule('/^[a-z0-9]+\\.[a-z0-9]+.[a-z]+$/')); $port = $configuration->getProperty('CAS_PORT'); ArgumentValidator::validate($port, RegexValidatorRule::getRule('/^[0-9]+$/')); $path = $configuration->getProperty('CAS_PATH'); ArgumentValidator::validate($path, RegexValidatorRule::getRule('/^\\/.*$/')); phpCAS::client(CAS_VERSION_2_0, $host, intval($port), $path, false); if ($cert = $configuration->getProperty('CAS_CERT')) { phpCAS::setCasServerCACert($cert); } else { phpCAS::setNoCasServerValidation(); } // Allow group lookup via a CASDirectory: // https://mediawiki.middlebury.edu/wiki/LIS/CAS_Directory $dirUrl = $configuration->getProperty('CASDIRECTORY_BASE_URL'); ArgumentValidator::validate($dirUrl, StringValidatorRule::getRule()); $this->directoryUrl = $dirUrl; // set the callback URL for the PGT to be sent to. This must be an https url // whose certificate is trusted by CAS. // $callbackUrl = $configuration->getProperty('CALLBACK_URL'); // ArgumentValidator::validate($callbackUrl, RegexValidatorRule::getRule('/^https:\/\/.*$/')); // phpCAS::setFixedCallbackURL($callbackUrl); $adminAccess = $configuration->getProperty('CASDIRECTORY_ADMIN_ACCESS'); ArgumentValidator::validate($adminAccess, StringValidatorRule::getRule()); $this->adminAccess = $adminAccess; $classRoot = $configuration->getProperty('CASDIRECTORY_CLASS_ROOT'); if ($classRoot) { ArgumentValidator::validate($classRoot, StringValidatorRule::getRule()); $this->classRoot = $classRoot; } else { $this->classRoot = null; } $groupIdRegex = $configuration->getProperty('CASDIRECTORY_GROUP_ID_REGEX'); if ($groupIdRegex) { ArgumentValidator::validate($groupIdRegex, StringValidatorRule::getRule()); $this->groupIdRegex = $groupIdRegex; } else { $this->groupIdRegex = null; } // Root Groups to expose ArgumentValidator::validate($configuration->getProperty('ROOT_GROUPS'), ArrayValidatorRuleWithRule::getRule(StringValidatorRule::getRule())); $this->rootGroups = array_unique($configuration->getProperty('ROOT_GROUPS')); }
public static function init() { if (self::$_init) { return true; } $config = new \Yaf\Config\Ini(APPLICATION_CONFIG_PATH . '/phpcas.ini', \Yaf\ENVIRON); phpCAS::setDebug(''); phpCAS::client($config->cas_version, $config->cas_host, intval($config->cas_port), $config->cas_context); phpCAS::setNoCasServerValidation(); phpCAS::handleLogoutRequests(false); self::$_init = true; return true; }
protected function initializeCASClient() { if (!phpCAS::isInitialized()) { // Set debug mode phpCAS::setDebug(false); //Initialize phpCAS phpCAS::client(CAS_VERSION_2_0, Configure::read('user_config.cas.hostname'), Configure::read('user_config.cas.port'), Configure::read('user_config.cas.uri'), true); phpCAS::setFixedServiceURL($this->loginRedirectURL()); // No SSL validation for the CAS server phpCAS::setNoCasServerValidation(); } return true; }
function __construct() { if (!self::$initialized) { global $cas_cfg; phpCAS::client(CAS_VERSION_2_0, $cas_cfg['host'], $cas_cfg['port'], $cas_cfg['context']); // Perform SSL validation only if server_ca_cert path is provided. if (isset($cas_cfg['server_ca_cert'])) { phpCAS::setCasServerCACert($cas_cfg['server_ca_cert']); } else { phpCAS::setNoCasServerValidation(); } self::$initialized = true; } }
function __construct($collection, $settings) { $this->_Collection = $collection; if (Configure::read('CAS.debug_log_enabled')) { phpCAS::setDebug(TMP . 'phpCas.log.txt'); } phpCAS::client(CAS_VERSION_2_0, Configure::read('CAS.hostname'), Configure::read('CAS.port'), Configure::read('CAS.uri')); $certServer = Configure::read('CAS.cert_path'); if (empty($certServer)) { phpCAS::setNoCasServerValidation(); } else { phpCAS::setCasServerCACert($certServer); } }
private function setCASSettings() { if ($this->options->IsCasDebugOn()) { phpCAS::setDebug($this->options->DebugFile()); } phpCAS::client($this->options->CasVersion(), $this->options->HostName(), $this->options->Port(), $this->options->ServerUri(), $this->options->ChangeSessionId()); if ($this->options->CasHandlesLogouts()) { phpCAS::handleLogoutRequests(true, $this->options->LogoutServers()); } if ($this->options->HasCertificate()) { phpCAS::setCasServerCACert($this->options->Certificate()); } phpCAS::setNoCasServerValidation(); }
function __construct() { if (!self::$initialized) { global $cas_cfg; phpCAS::client(CAS_VERSION_2_0, $cas_cfg['host'], $cas_cfg['port'], $cas_cfg['context']); // Perform SSL validation only if server_ca_cert path is provided. if (isset($cas_cfg['server_ca_cert'])) { phpCAS::setCasServerCACert($cas_cfg['server_ca_cert']); } else { phpCAS::setNoCasServerValidation(); } setcookie('org.springframework.web.servlet.i18n.CookieLocaleResolver.LOCALE', explode('_', setlocale(LC_ALL, '0'))[0], 0, '/'); self::$initialized = true; } }
/** * Redirect the user to a login page if he isn't logged in. * * @return void */ protected function _doSecure() { // phpCAS is not php5-compliant, we disable error reporting $errorReporting = ini_get('error_reporting'); error_reporting(0); $this->initCasClient(); phpCAS::setNoCasServerValidation(); phpCAS::forceAuthentication(); // if necessary the user will be // redirected to the cas server // At this point the user is authenticated, we log him in $this->setUserId(phpCAS::getUser()); // Previous settings can now be restored error_reporting($errorReporting); }
/** * Logout execution method. Initializes CAS client and force logout if required before returning to parent logout method. * * @param mixed $url Optional URL to redirect the user to after logout * @return string AuthComponent::$loginAction * @see AuthComponent::$loginAction * @access public */ function logout() { // Set debug mode phpCAS::setDebug(false); //Initialize phpCAS phpCAS::client(CAS_VERSION_2_0, Configure::read('CAS.hostname'), Configure::read('CAS.port'), Configure::read('CAS.uri'), true); // No SSL validation for the CAS server phpCAS::setNoCasServerValidation(); // Force CAS logout if required if (phpCAS::isAuthenticated()) { phpCAS::logout(array('url' => 'http://www.cakephp.org')); // Provide login url for your application } return parent::logout(); }
function setup() { //Only setup if we haven't already global $PHPCAS_CLIENT; if (!is_object($PHPCAS_CLIENT)) { phpCAS::setDebug("/var/www/campus/dev.intranet.campusforchrist.org/cas.log"); phpCAS::proxy(SITE_CAS_VERSION, SITE_CAS_HOSTNAME, SITE_CAS_PORT, SITE_CAS_PATH, SITE_CAS_SESSION); phpCAS::setFixedCallbackURL(SITE_CAS_CALLBACK); //No SSL phpCAS::setNoCasServerValidation(); phpCAS::setPGTStorageFile('xml', SITE_CAS_PGT_STORE); //session_save_path()); return true; } return false; }
protected function casUser() { $cas_host = \Config::get('app.cas_host'); $cas_context = \Config::get('app.cas_context'); $cas_port = \Config::get('app.cas_port'); \phpCAS::setDebug(); \phpCAS::client(CAS_VERSION_2_0, $cas_host, $cas_port, $cas_context); \phpCAS::setNoCasServerValidation(); if (\phpCAS::isAuthenticated()) { $attributes = array('id' => \phpCAS::getUser(), 'name' => \phpCAS::getUser()); return new GenericUser($attributes); } else { \phpCAS::setServerURL(\Config::get('app.url')); \phpCAS::forceAuthentication(); } return null; }
public static function InitCAS() { if (!self::$_InitCAS) { $aliasName = OCP\Config::getAppValue('user_cas', 'cas_aliasName', ''); $casVersion = OCP\Config::getAppValue('user_cas', 'cas_server_version', '2.0'); $casHostname = OCP\Config::getAppValue('user_cas', 'cas_server_hostname', 'ident.domain.fr'); $casPort = OCP\Config::getAppValue('user_cas', 'cas_server_port', '443'); $casPath = OCP\Config::getAppValue('user_cas', 'cas_server_path', '/cas'); phpCAS::client($casVersion, $casHostname, (int) $casPort, $casPath, false); if ($aliasName) { phpCAS::setFixedServiceURL($aliasName); } phpCAS::setNoCasServerValidation(); self::$_InitCAS = true; } return self::$_InitCAS; }
function handle($args) { parent::handle($args); if (common_is_real_login()) { // TRANS: Client error displayed when trying to log in while already logged on. $this->clientError(_m('Already logged in.')); } else { global $casSettings; phpCAS::client(CAS_VERSION_2_0, $casSettings['server'], $casSettings['port'], $casSettings['path'], false); phpCAS::setNoCasServerValidation(); phpCAS::handleLogoutRequests(); phpCAS::forceAuthentication(); global $casTempPassword; $casTempPassword = common_good_rand(16); $user = common_check_user(phpCAS::getUser(), $casTempPassword); if (!$user) { // TRANS: Server error displayed when trying to log in with incorrect username or password. $this->serverError(_m('Incorrect username or password.')); return; } // success! if (!common_set_user($user)) { // TRANS: Server error displayed when login fails in CAS authentication plugin. $this->serverError(_m('Error setting user. You are probably not authorized.')); return; } common_real_login(true); $url = common_get_returnto(); if ($url) { // We don't have to return to it again common_set_returnto(null); } else { if (common_config('site', 'private') && $casSettings['takeOverLogin']) { //SSO users expect to just go to the URL they entered //if we don't have a returnto set, the user entered the //main StatusNet url, so send them there. $url = common_local_url('public'); } else { //With normal logins (regular form-based username/password), //the user would expect to go to their home after logging in. $url = common_local_url('public', array('nickname' => $user->nickname)); } } common_redirect($url, 303); } }
/** * Initializes the authority objects based on an associative array of arguments * @param array $args an associate array of arguments. The argument list is dependent on the authority * * General - Required keys: * TITLE => The human readable title of the AuthorityImage * INDEX => The tag used to identify this authority @see AuthenticationAuthority::getAuthenticationAuthority * * General - Optional keys: * LOGGEDIN_IMAGE_URL => a url to an image/badge that is placed next to the user name when logged in * * CAS - Required keys: * CAS_PROTOCOL => The protocol to use. Should be equivalent to one of the phpCAS constants, e.g. "2.0": * CAS_VERSION_1_0 => '1.0', CAS_VERSION_2_0 => '2.0', SAML_VERSION_1_1 => 'S1' * CAS_HOST => The host name of the CAS server, e.g. "cas.example.edu" * CAS_PORT => The port the CAS server is listening on, e.g. "443" * CAS_PATH => The path of the CAS application, e.g. "/cas/" * CAS_CA_CERT => The filesystem path to a CA certificate that will be used to validate the authenticity * of the CAS server, e.g. "/etc/tls/pki/certs/my_ca_cert.crt". If empty, no certificate * validation will be performed (not recommended for production). * * CAS - Optional keys: * ATTRA_EMAIL => Attribute name for the user's email adress, e.g. "email". This only applies if your * CAS server returns attributes in a SAML-1.1 or CAS-2.0 response. * ATTRA_FIRST_NAME => Attribute name for the user's first name, e.g. "givename". This only applies if your * CAS server returns attributes in a SAML-1.1 or CAS-2.0 response. * ATTRA_LAST_NAME => Attribute name for the user's last name, e.g. "surname". This only applies if your * CAS server returns attributes in a SAML-1.1 or CAS-2.0 response. * ATTRA_FULL_NAME => Attribute name for the user's full name, e.g. "displayname". This only applies if your * CAS server returns attributes in a SAML-1.1 or CAS-2.0 response. * ATTRA_MEMBER_OF => Attribute name for the user's groups, e.g. "memberof". This only applies if your * CAS server returns attributes in a SAML-1.1 or CAS-2.0 response. * * NOTE: Any subclass MUST call parent::init($args) to ensure proper operation * */ public function init($args) { parent::init($args); // include the PHPCAS library if (empty($args['CAS_PHPCAS_PATH'])) { require_once 'CAS.php'; } else { require_once $args['CAS_PHPCAS_PATH'] . '/CAS.php'; } if (empty($args['CAS_PROTOCOL'])) { throw new KurogoConfigurationException('CAS_PROTOCOL value not set for ' . $this->AuthorityTitle); } if (empty($args['CAS_HOST'])) { throw new KurogoConfigurationException('CAS_HOST value not set for ' . $this->AuthorityTitle); } if (empty($args['CAS_PORT'])) { throw new KurogoConfigurationException('CAS_PORT value not set for ' . $this->AuthorityTitle); } if (empty($args['CAS_PATH'])) { throw new KurogoConfigurationException('CAS_PATH value not set for ' . $this->AuthorityTitle); } phpCAS::client($args['CAS_PROTOCOL'], $args['CAS_HOST'], intval($args['CAS_PORT']), $args['CAS_PATH'], false); if (empty($args['CAS_CA_CERT'])) { phpCAS::setNoCasServerValidation(); } else { phpCAS::setCasServerCACert($args['CAS_CA_CERT']); } // Record any attribute mapping configured. if (!empty($args['ATTRA_EMAIL'])) { CASUser::mapAttribute('Email', $args['ATTRA_EMAIL']); } if (!empty($args['ATTRA_FIRST_NAME'])) { CASUser::mapAttribute('FirstName', $args['ATTRA_FIRST_NAME']); } if (!empty($args['ATTRA_LAST_NAME'])) { CASUser::mapAttribute('LastName', $args['ATTRA_LAST_NAME']); } if (!empty($args['ATTRA_FULL_NAME'])) { CASUser::mapAttribute('FullName', $args['ATTRA_FULL_NAME']); } // Store an attribute for group membership if configured. if (!empty($args['ATTRA_MEMBER_OF'])) { CASUser::mapAttribute('MemberOf', $args['ATTRA_MEMBER_OF']); } }