Answer the CAS_ProxyChain_AllowedList object for this client.
| public getAllowedProxyChains ( ) : CAS_ProxyChain_AllowedList | ||
| return | CAS_ProxyChain_AllowedList | |
/**
* Wrong order of valid regexp
*
* @return void
*
* @expectedException CAS_AuthenticationException
* @outputBuffering enabled
*/
public function testAllowedProxiesRegexpFailureWrongOrder()
{
$this->object->setTicket('ST-123456-asdfasdfasgww2323radf3');
$this->object->getAllowedProxyChains()->allowProxyChain(new CAS_ProxyChain(array('/^https\\:\\/\\/anotherdomain.org\\/mysite\\/test2$/', '/http\\:\\/\\/firstproxy\\.com.*$/')));
$result = $this->object->validateCAS20($url, $text_response, $tree_response);
$this->assertFalse($result);
}
private function initializeCAS()
{
$casClient = new \CAS_Client(CAS_VERSION_2_0, true, Config::get('cas.hostname'), Config::get('cas.port'), Config::get('cas.context'));
$casClient->setNoCasServerValidation();
if (true === Config::get('pgtservice.enabled', false)) {
$casClient->setCallbackURL(Config::get('pgtservice.callback'));
$casClient->setPGTStorage(new ProxyTicketServiceStorage($casClient));
} else {
if (false !== Config::get('redis.hostname', false)) {
$casClient->setCallbackURL($this->url->getURL() . '/callback.php');
$redis = new \Redis();
$redis->connect(Config::get('redis.hostname'), Config::get('redis.port', 6379), 2, null, 100);
$redis->setOption(\Redis::OPT_SERIALIZER, \Redis::SERIALIZER_PHP);
$redis->setOption(\Redis::OPT_PREFIX, Config::get('application.project_name') . ':PHPCAS_TICKET_STORAGE:');
$redis->select((int) Config::get('redis.hostname', 2));
$casClient->setPGTStorage(new RedisTicketStorage($casClient, $redis));
} else {
$casClient->setCallbackURL($this->url->getURL() . '/callback.php');
$casClient->setPGTStorageFile(session_save_path());
// Handle logout requests but do not validate the server
$casClient->handleLogoutRequests(false);
}
}
// Accept all proxy chains
$casClient->getAllowedProxyChains()->allowProxyChain(new \CAS_ProxyChain_Any());
return $casClient;
}
/**
* If you want your service to be proxied you have to enable it (default
* disabled) and define an accepable list of proxies that are allowed to
* proxy your service.
*
* Add each allowed proxy definition object. For the normal CAS_ProxyChain
* class, the constructor takes an array of proxies to match. The list is in
* reverse just as seen from the service. Proxies have to be defined in reverse
* from the service to the user. If a user hits service A and gets proxied via
* B to service C the list of acceptable on C would be array(B,A). The definition
* of an individual proxy can be either a string or a regexp (preg_match is used)
* that will be matched against the proxy list supplied by the cas server
* when validating the proxy tickets. The strings are compared starting from
* the beginning and must fully match with the proxies in the list.
* Example:
* phpCAS::allowProxyChain(new CAS_ProxyChain(array(
* 'https://app.example.com/'
* )));
* phpCAS::allowProxyChain(new CAS_ProxyChain(array(
* '/^https:\/\/app[0-9]\.example\.com\/rest\//',
* 'http://client.example.com/'
* )));
*
* For quick testing or in certain production screnarios you might want to
* allow allow any other valid service to proxy your service. To do so, add
* the "Any" chain:
* phpcas::allowProxyChain(new CAS_ProxyChain_Any);
* THIS SETTING IS HOWEVER NOT RECOMMENDED FOR PRODUCTION AND HAS SECURITY
* IMPLICATIONS: YOU ARE ALLOWING ANY SERVICE TO ACT ON BEHALF OF A USER
* ON THIS SERVICE.
*
* @param CAS_ProxyChain_Interface $proxy_chain A proxy-chain that will be
* matched against the proxies requesting access
*
* @return void
*/
public static function allowProxyChain(CAS_ProxyChain_Interface $proxy_chain)
{
phpCAS::traceBegin();
phpCAS::_validateClientExists();
if (self::$_PHPCAS_CLIENT->getServerVersion() !== CAS_VERSION_2_0 && self::$_PHPCAS_CLIENT->getServerVersion() !== CAS_VERSION_3_0) {
phpCAS::error('this method can only be used with the cas 2.0/3.0 protocols');
}
self::$_PHPCAS_CLIENT->getAllowedProxyChains()->allowProxyChain($proxy_chain);
phpCAS::traceEnd();
}
