Add each allowed proxy definition object. For the normal CAS_ProxyChain
class, the constructor takes an array of proxies to match. The list is in
reverse just as seen from the service. Proxies have to be defined in reverse
from the service to the user. If a user hits service A and gets proxied via
B to service C the list of acceptable on C would be array(B,A). The definition
of an individual proxy can be either a string or a regexp (preg_match is used)
that will be matched against the proxy list supplied by the cas server
when validating the proxy tickets. The strings are compared starting from
the beginning and must fully match with the proxies in the list.
Example:
phpCAS::allowProxyChain(new CAS_ProxyChain(array(
'https://app.example.com/'
)));
phpCAS::allowProxyChain(new CAS_ProxyChain(array(
'/^https:\/\/app[0-9]\.example\.com\/rest\//',
'http://client.example.com/'
)));
For quick testing or in certain production screnarios you might want to
allow allow any other valid service to proxy your service. To do so, add
the "Any" chain:
phpcas::allowProxyChain(new CAS_ProxyChain_Any);
THIS SETTING IS HOWEVER NOT RECOMMENDED FOR PRODUCTION AND HAS SECURITY
IMPLICATIONS: YOU ARE ALLOWING ANY SERVICE TO ACT ON BEHALF OF A USER
ON THIS SERVICE.
public static allowProxyChain ( CAS_ProxyChain_Interface $proxy_chain ) : void | ||
$proxy_chain | CAS_ProxyChain_Interface | A proxy-chain that will be matched against the proxies requesting access |
return | void |