/** * This method is used to print the HTML output when the user was not * authenticated. * * @param CAS_Client $client phpcas client * @param string $failure the failure that occured * @param string $cas_url the URL the CAS server was asked for * @param bool $no_response the response from the CAS server (other * parameters are ignored if TRUE) * @param bool $bad_response bad response from the CAS server ($err_code * and $err_msg ignored if TRUE) * @param string $cas_response the response of the CAS server * @param int $err_code the error code given by the CAS server * @param string $err_msg the error message given by the CAS server */ public function __construct($client, $failure, $cas_url, $no_response, $bad_response = '', $cas_response = '', $err_code = '', $err_msg = '') { phpCAS::traceBegin(); $lang = $client->getLangObj(); $client->printHTMLHeader($lang->getAuthenticationFailed()); printf($lang->getYouWereNotAuthenticated(), htmlentities($client->getURL()), $_SERVER['SERVER_ADMIN']); phpCAS::trace('CAS URL: ' . $cas_url); phpCAS::trace('Authentication failure: ' . $failure); if ($no_response) { phpCAS::trace('Reason: no response from the CAS server'); } else { if ($bad_response) { phpCAS::trace('Reason: bad response from the CAS server'); } else { switch ($client->getServerVersion()) { case CAS_VERSION_1_0: phpCAS::trace('Reason: CAS error'); break; case CAS_VERSION_2_0: if (empty($err_code)) { phpCAS::trace('Reason: no CAS error'); } else { phpCAS::trace('Reason: [' . $err_code . '] CAS error: ' . $err_msg); } break; } } phpCAS::trace('CAS response: ' . $cas_response); } $client->printHTMLFooter(); phpCAS::traceExit(); }
/** * If you want your service to be proxied you have to enable it (default * disabled) and define an accepable list of proxies that are allowed to * proxy your service. * * Add each allowed proxy definition object. For the normal CAS_ProxyChain * class, the constructor takes an array of proxies to match. The list is in * reverse just as seen from the service. Proxies have to be defined in reverse * from the service to the user. If a user hits service A and gets proxied via * B to service C the list of acceptable on C would be array(B,A). The definition * of an individual proxy can be either a string or a regexp (preg_match is used) * that will be matched against the proxy list supplied by the cas server * when validating the proxy tickets. The strings are compared starting from * the beginning and must fully match with the proxies in the list. * Example: * phpCAS::allowProxyChain(new CAS_ProxyChain(array( * 'https://app.example.com/' * ))); * phpCAS::allowProxyChain(new CAS_ProxyChain(array( * '/^https:\/\/app[0-9]\.example\.com\/rest\//', * 'http://client.example.com/' * ))); * * For quick testing or in certain production screnarios you might want to * allow allow any other valid service to proxy your service. To do so, add * the "Any" chain: * phpcas::allowProxyChain(new CAS_ProxyChain_Any); * THIS SETTING IS HOWEVER NOT RECOMMENDED FOR PRODUCTION AND HAS SECURITY * IMPLICATIONS: YOU ARE ALLOWING ANY SERVICE TO ACT ON BEHALF OF A USER * ON THIS SERVICE. * * @param CAS_ProxyChain_Interface $proxy_chain A proxy-chain that will be * matched against the proxies requesting access * * @return void */ public static function allowProxyChain(CAS_ProxyChain_Interface $proxy_chain) { phpCAS::traceBegin(); phpCAS::_validateClientExists(); if (self::$_PHPCAS_CLIENT->getServerVersion() !== CAS_VERSION_2_0 && self::$_PHPCAS_CLIENT->getServerVersion() !== CAS_VERSION_3_0) { phpCAS::error('this method can only be used with the cas 2.0/3.0 protocols'); } self::$_PHPCAS_CLIENT->getAllowedProxyChains()->allowProxyChain($proxy_chain); phpCAS::traceEnd(); }