phpCAS proxy initializer.
public static proxy ( string $server_version, string $server_hostname, string $server_port, string $server_uri, boolean $changeSessionID = true ) : a | ||
$server_version | string | the version of the CAS server |
$server_hostname | string | the hostname of the CAS server |
$server_port | string | the port the CAS server is running on |
$server_uri | string | the URI the CAS server is responding on |
$changeSessionID | boolean | Allow phpCAS to change the session_id (Single Sign Out/handleLogoutRequests is based on that change) |
return | a | newly created CAS_Client object |
/** * Initializes the authority objects based on an associative array of arguments * @param array $args an associate array of arguments. The argument list is dependent on the authority * * General - Required keys: * TITLE => The human readable title of the AuthorityImage * INDEX => The tag used to identify this authority @see AuthenticationAuthority::getAuthenticationAuthority * * General - Optional keys: * LOGGEDIN_IMAGE_URL => a url to an image/badge that is placed next to the user name when logged in * * CAS - Required keys: * CAS_PROTOCOL => The protocol to use. Should be equivalent to one of the phpCAS constants, e.g. "2.0": * CAS_VERSION_1_0 => '1.0', CAS_VERSION_2_0 => '2.0', SAML_VERSION_1_1 => 'S1' * CAS_HOST => The host name of the CAS server, e.g. "cas.example.edu" * CAS_PORT => The port the CAS server is listening on, e.g. "443" * CAS_PATH => The path of the CAS application, e.g. "/cas/" * CAS_CA_CERT => The filesystem path to a CA certificate that will be used to validate the authenticity * of the CAS server, e.g. "/etc/tls/pki/certs/my_ca_cert.crt". If empty, no certificate * validation will be performed (not recommended for production). * * CAS - Optional keys: * ATTRA_EMAIL => Attribute name for the user's email adress, e.g. "email". This only applies if your * CAS server returns attributes in a SAML-1.1 or CAS-2.0 response. * ATTRA_FIRST_NAME => Attribute name for the user's first name, e.g. "givename". This only applies if your * CAS server returns attributes in a SAML-1.1 or CAS-2.0 response. * ATTRA_LAST_NAME => Attribute name for the user's last name, e.g. "surname". This only applies if your * CAS server returns attributes in a SAML-1.1 or CAS-2.0 response. * ATTRA_FULL_NAME => Attribute name for the user's full name, e.g. "displayname". This only applies if your * CAS server returns attributes in a SAML-1.1 or CAS-2.0 response. * ATTRA_MEMBER_OF => Attribute name for the user's groups, e.g. "memberof". This only applies if your * CAS server returns attributes in a SAML-1.1 or CAS-2.0 response. * * NOTE: Any subclass MUST call parent::init($args) to ensure proper operation * */ public function init($args) { parent::init($args); // include the PHPCAS library if (empty($args['CAS_PHPCAS_PATH'])) { require_once 'CAS.php'; } else { require_once $args['CAS_PHPCAS_PATH'] . '/CAS.php'; } if (empty($args['CAS_PROTOCOL'])) { throw new KurogoConfigurationException('CAS_PROTOCOL value not set for ' . $this->AuthorityTitle); } if (empty($args['CAS_HOST'])) { throw new KurogoConfigurationException('CAS_HOST value not set for ' . $this->AuthorityTitle); } if (empty($args['CAS_PORT'])) { throw new KurogoConfigurationException('CAS_PORT value not set for ' . $this->AuthorityTitle); } if (empty($args['CAS_PATH'])) { throw new KurogoConfigurationException('CAS_PATH value not set for ' . $this->AuthorityTitle); } if (empty($args['CAS_PROXY_INIT'])) { phpCAS::client($args['CAS_PROTOCOL'], $args['CAS_HOST'], intval($args['CAS_PORT']), $args['CAS_PATH'], false); } else { phpCAS::proxy($args['CAS_PROTOCOL'], $args['CAS_HOST'], intval($args['CAS_PORT']), $args['CAS_PATH'], false); if (!empty($args['CAS_PROXY_TICKET_PATH'])) { phpCAS::setPGTStorageFile('', $args['CAS_PROXY_TICKET_PATH']); } if (!empty($args['CAS_PROXY_FIXED_CALLBACK_URL'])) { phpCAS::setFixedCallbackURL($args['CAS_PROXY_FIXED_CALLBACK_URL']); } } if (empty($args['CAS_CA_CERT'])) { phpCAS::setNoCasServerValidation(); } else { phpCAS::setCasServerCACert($args['CAS_CA_CERT']); } // Record any attribute mapping configured. if (!empty($args['ATTRA_EMAIL'])) { CASUser::mapAttribute('Email', $args['ATTRA_EMAIL']); } if (!empty($args['ATTRA_FIRST_NAME'])) { CASUser::mapAttribute('FirstName', $args['ATTRA_FIRST_NAME']); } if (!empty($args['ATTRA_LAST_NAME'])) { CASUser::mapAttribute('LastName', $args['ATTRA_LAST_NAME']); } if (!empty($args['ATTRA_FULL_NAME'])) { CASUser::mapAttribute('FullName', $args['ATTRA_FULL_NAME']); } // Store an attribute for group membership if configured. if (!empty($args['ATTRA_MEMBER_OF'])) { CASUser::mapAttribute('MemberOf', $args['ATTRA_MEMBER_OF']); } }
function setup() { //Only setup if we haven't already global $PHPCAS_CLIENT; if (!is_object($PHPCAS_CLIENT)) { phpCAS::setDebug("/var/www/campus/dev.intranet.campusforchrist.org/cas.log"); phpCAS::proxy(SITE_CAS_VERSION, SITE_CAS_HOSTNAME, SITE_CAS_PORT, SITE_CAS_PATH, SITE_CAS_SESSION); phpCAS::setFixedCallbackURL(SITE_CAS_CALLBACK); //No SSL phpCAS::setNoCasServerValidation(); phpCAS::setPGTStorageFile('xml', SITE_CAS_PGT_STORE); //session_save_path()); return true; } return false; }
<?php // Example for a proxy with session usage // Load the settings from the central config file include_once 'config.php'; // Load the CAS lib include_once $phpcas_path . '/CAS.php'; // Uncomment to enable debugging phpCAS::setDebug(); // Initialize phpCAS phpCAS::proxy(CAS_VERSION_2_0, $cas_host, $cas_port, $cas_context); // For production use set the CA certificate that is the issuer of the cert // on the CAS server and uncomment the line below // phpCAS::setCasServerCACert($cas_server_ca_cert_path); // For quick testing you can disable SSL validation of the CAS server. // THIS SETTING IS NOT RECOMMENDED FOR PRODUCTION. // VALIDATING THE CAS SERVER IS CRUCIAL TO THE SECURITY OF THE CAS PROTOCOL! phpCAS::setNoCasServerValidation(); // force CAS authentication phpCAS::forceAuthentication(); // at this step, the user has been authenticated by the CAS server // and the user's login name can be read with phpCAS::getUser(). // moreover, a PGT was retrieved from the CAS server that will // permit to gain accesses to new services. ?> <html> <head> <title>phpCAS proxied proxy example (with sessioning)</title> <link rel="stylesheet" type='text/css' href='example.css'/> </head> <body>
$_SESSION['phpCAS']['service_cookies'] = array(); } $sm = $_SESSION['ovd-client']['sessionmanager']; foreach ($sm->get_cookies() as $k => $v) { $cookie = array('domain' => parse_url($sm->get_base_url(), PHP_URL_HOST), 'path' => '/', 'secure' => false, 'name' => $k, 'value' => $v); $_SESSION['phpCAS']['service_cookies'][] = $cookie; } } $port = parse_url($CAS_server_url, PHP_URL_PORT); if (is_null($port)) { if (parse_url($CAS_server_url, PHP_URL_SCHEME) == 'https') { $port = 443; } else { $port = 80; } } $path = !parse_url($CAS_server_url, PHP_URL_PATH) ? '' : parse_url($CAS_server_url, PHP_URL_PATH); phpCAS::proxy(CAS_VERSION_2_0, parse_url($CAS_server_url, PHP_URL_HOST), $port, $path, false); phpCAS::setNoCasServerValidation(); phpCAS::setPGTStorageFile(CAS_PGT_STORAGE_FILE_FORMAT_PLAIN, session_save_path()); phpCAS::setFixedCallbackURL($CAS_callback_url); //HTTPS required, and Apache's CRT must be added in Tomcat's keystore (CAS server) phpCAS::forceAuthentication(); if (!phpCAS::serviceWeb($_SESSION['ovd-client']['sessionmanager_url'] . '/start', $errno, $output)) { $_SESSION['ovd-client']['from_SM_start_XML'] = 'ERROR'; finish(); die; } $_SESSION['ovd-client']['from_SM_start_XML'] = $output; finish(); die;
/** * Connect to the CAS (clientcas connection or proxycas connection) * */ function connectCAS() { global $CFG; static $connected = false; if (!$connected) { // Make sure phpCAS doesn't try to start a new PHP session when connecting to the CAS server. if ($this->config->proxycas) { phpCAS::proxy($this->config->casversion, $this->config->hostname, (int) $this->config->port, $this->config->baseuri, false); } else { phpCAS::client($this->config->casversion, $this->config->hostname, (int) $this->config->port, $this->config->baseuri, false); } $connected = true; } // If Moodle is configured to use a proxy, phpCAS needs some curl options set. if (!empty($CFG->proxyhost) && !is_proxybypass($this->config->hostname)) { phpCAS::setExtraCurlOption(CURLOPT_PROXY, $CFG->proxyhost); if (!empty($CFG->proxyport)) { phpCAS::setExtraCurlOption(CURLOPT_PROXYPORT, $CFG->proxyport); } if (!empty($CFG->proxytype)) { // Only set CURLOPT_PROXYTYPE if it's something other than the curl-default http if ($CFG->proxytype == 'SOCKS5') { phpCAS::setExtraCurlOption(CURLOPT_PROXYTYPE, CURLPROXY_SOCKS5); } } if (!empty($CFG->proxyuser) and !empty($CFG->proxypassword)) { phpCAS::setExtraCurlOption(CURLOPT_PROXYUSERPWD, $CFG->proxyuser . ':' . $CFG->proxypassword); if (defined('CURLOPT_PROXYAUTH')) { // any proxy authentication if PHP 5.1 phpCAS::setExtraCurlOption(CURLOPT_PROXYAUTH, CURLAUTH_BASIC | CURLAUTH_NTLM); } } } if ($this->config->certificate_check && $this->config->certificate_path) { phpCAS::setCasServerCACert($this->config->certificate_path); } else { // Don't try to validate the server SSL credentials phpCAS::setNoCasServerValidation(); } }
<?php // // phpCAS proxied proxy // // import phpCAS lib include_once 'CAS.php'; // set debug mode phpCAS::setDebug(); // initialize phpCAS phpCAS::proxy(CAS_VERSION_2_0, 'sso-cas.univ-rennes1.fr', 443, ''); // no SSL validation for the CAS server phpCAS::setNoCasServerValidation(); // force CAS authentication phpCAS::forceAuthentication(); // at this step, the user has been authenticated by the CAS server // and the user's login name can be read with phpCAS::getUser(). // moreover, a PGT was retrieved from the CAS server that will // permit to gain accesses to new services. $service = 'http://phpcas-test.ifsic.univ-rennes1.fr/examples/example_service.php'; ?> <html> <head> <title>phpCAS proxied proxy example</title> </head> <body> <h1>phpCAS proxied proxy example</h1> <p>the user's login is <b><?php echo phpCAS::getUser(); ?> </b>.</p>
function tryToLogUser(&$httpVars, $isLast = false) { if (isset($_SESSION["CURRENT_MINISITE"])) { return false; } $this->loadConfig(); if (isset($_SESSION['AUTHENTICATE_BY_CAS'])) { $flag = $_SESSION['AUTHENTICATE_BY_CAS']; } else { $flag = 0; } $pgtIou = !empty($httpVars['pgtIou']); $logged = isset($_SESSION['LOGGED_IN_BY_CAS']); $enre = !empty($httpVars['put_action_enable_redirect']); $ticket = !empty($httpVars['ticket']); $pgt = !empty($_SESSION['phpCAS']['pgt']); $clientModeTicketPendding = isset($_SESSION['AUTHENTICATE_BY_CAS_CLIENT_MOD_TICKET_PENDDING']); if ($this->cas_modify_login_page) { if ($flag == 0 && $enre && !$logged && !$pgtIou) { $_SESSION['AUTHENTICATE_BY_CAS'] = 1; } elseif ($flag == 1 && !$enre && !$logged && !$pgtIou && !$ticket && !$pgt) { $_SESSION['AUTHENTICATE_BY_CAS'] = 0; } elseif ($flag == 1 && $enre && !$logged && !$pgtIou) { $_SESSION['AUTHENTICATE_BY_CAS'] = 1; } elseif ($pgtIou || $pgt) { $_SESSION['AUTHENTICATE_BY_CAS'] = 1; } elseif ($ticket) { $_SESSION['AUTHENTICATE_BY_CAS'] = 1; $_SESSION['AUTHENTICATE_BY_CAS_CLIENT_MOD_TICKET_PENDDING'] = 1; } elseif ($logged && $pgtIou) { $_SESSION['AUTHENTICATE_BY_CAS'] = 2; } else { $_SESSION['AUTHENTICATE_BY_CAS'] = 0; } if ($_SESSION['AUTHENTICATE_BY_CAS'] < 1) { if ($clientModeTicketPendding) { unset($_SESSION['AUTHENTICATE_BY_CAS_CLIENT_MOD_TICKET_PENDDING']); } else { return false; } } } /** * Depend on phpCAS mode configuration */ switch ($this->cas_mode) { case PHPCAS_MODE_CLIENT: if ($this->checkConfigurationForClientMode()) { AJXP_Logger::info(__FUNCTION__, "Start phpCAS mode Client: ", "sucessfully"); phpCAS::client(CAS_VERSION_2_0, $this->cas_server, $this->cas_port, $this->cas_uri, false); if (!empty($this->cas_certificate_path)) { phpCAS::setCasServerCACert($this->cas_certificate_path); } else { phpCAS::setNoCasServerValidation(); } /** * Debug */ if ($this->cas_debug_mode) { // logfile name by date: $today = getdate(); $file_path = AJXP_DATA_PATH . '/logs/phpcas_' . $today['year'] . '-' . $today['month'] . '-' . $today['mday'] . '.txt'; empty($this->cas_debug_file) ? $file_path : ($file_path = $this->cas_debug_file); phpCAS::setDebug($file_path); } phpCAS::forceAuthentication(); } else { AJXP_Logger::error(__FUNCTION__, "Could not start phpCAS mode CLIENT, please verify the configuration", ""); return false; } break; case PHPCAS_MODE_PROXY: /** * If in login page, user click on login via CAS, the page will be reload with manuallyredirectocas is set. * Or force redirect to cas login page even the force redirect is set in configuration of this module * */ if ($this->checkConfigurationForProxyMode()) { AJXP_Logger::info(__FUNCTION__, "Start phpCAS mode Proxy: ", "sucessfully"); /** * init phpCAS in mode proxy */ phpCAS::proxy(CAS_VERSION_2_0, $this->cas_server, $this->cas_port, $this->cas_uri, false); if (!empty($this->cas_certificate_path)) { phpCAS::setCasServerCACert($this->cas_certificate_path); } else { phpCAS::setNoCasServerValidation(); } /** * Debug */ if ($this->cas_debug_mode) { // logfile name by date: $today = getdate(); $file_path = AJXP_DATA_PATH . '/logs/phpcas_' . $today['year'] . '-' . $today['month'] . '-' . $today['mday'] . '.txt'; empty($this->cas_debug_file) ? $file_path : ($file_path = $this->cas_debug_file); phpCAS::setDebug($file_path); } if (!empty($this->cas_setFixedCallbackURL)) { phpCAS::setFixedCallbackURL($this->cas_setFixedCallbackURL); } // /** * PTG storage */ $this->setPTGStorage(); phpCAS::forceAuthentication(); /** * Get proxy ticket (PT) for SAMBA to authentication at CAS via pam_cas * In fact, we can use any other service. Of course, it should be enabled in CAS * */ $err_code = null; $serviceURL = $this->cas_proxied_service; AJXP_Logger::debug(__FUNCTION__, "Try to get proxy ticket for service: ", $serviceURL); $res = phpCAS::serviceSMB($serviceURL, $err_code); if (!empty($res)) { $_SESSION['PROXYTICKET'] = $res; AJXP_Logger::info(__FUNCTION__, "Get Proxy ticket successfully ", ""); } else { AJXP_Logger::info(__FUNCTION__, "Could not get Proxy ticket. ", ""); } break; } else { AJXP_Logger::error(__FUNCTION__, "Could not start phpCAS mode PROXY, please verify the configuration", ""); return false; } default: return false; break; } AJXP_Logger::debug(__FUNCTION__, "Call phpCAS::getUser() after forceAuthentication ", ""); $cas_user = phpCAS::getUser(); if (!AuthService::userExists($cas_user) && $this->is_AutoCreateUser) { AuthService::createUser($cas_user, openssl_random_pseudo_bytes(20)); } if (AuthService::userExists($cas_user)) { $res = AuthService::logUser($cas_user, "", true); if ($res > 0) { AJXP_Safe::storeCredentials($cas_user, $_SESSION['PROXYTICKET']); $_SESSION['LOGGED_IN_BY_CAS'] = true; if (!empty($this->cas_additional_role)) { $userObj = ConfService::getConfStorageImpl()->createUserObject($cas_user); $roles = $userObj->getRoles(); $cas_RoleID = $this->cas_additional_role; $userObj->addRole(AuthService::getRole($cas_RoleID, true)); AuthService::updateUser($userObj); } return true; } } return false; }
/** * Connect to the CAS (clientcas connection or proxycas connection) * */ function connectCAS() { global $PHPCAS_CLIENT; if (!is_object($PHPCAS_CLIENT)) { // Make sure phpCAS doesn't try to start a new PHP session when connecting to the CAS server. if ($this->config->proxycas) { phpCAS::proxy($this->config->casversion, $this->config->hostname, (int) $this->config->port, $this->config->baseuri, false); } else { phpCAS::client($this->config->casversion, $this->config->hostname, (int) $this->config->port, $this->config->baseuri, false); } } if ($this->config->certificate_check && $this->config->certificate_path) { phpCAS::setCasServerCACert($this->config->certificate_path); } else { // Don't try to validate the server SSL credentials phpCAS::setNoCasServerValidation(); } }
/** * Connect to the cas (clientcas connection or proxycas connection * * This function is called from admin/auth.php * */ function connectCAS() { global $PHPCAS_CLIENT; // mode proxy CAS if (!is_object($PHPCAS_CLIENT)) { if ($this->config->proxycas) { phpCAS::proxy($this->config->casversion, $this->config->hostname, (int) $this->config->port, $this->config->baseuri); } else { phpCAS::client($this->config->casversion, $this->config->hostname, (int) $this->config->port, $this->config->baseuri); } } }
/** * Initialize CAS client * */ private function cas_init() { if (!$this->cas_inited) { // retrieve configurations $cfg = rcmail::get_instance()->config->all(); // include phpCAS require_once('/usr/share/php/CAS/CAS.php'); phpCAS::setDebug('/var/log/lcs/casdebug.log'); // initialize CAS client if ($cfg['cas_proxy']) { phpCAS::proxy(CAS_VERSION_2_0, $cfg['cas_hostname'], $cfg['cas_port'], $cfg['cas_uri'], false); // set URL for PGT callback phpCAS::setFixedCallbackURL($this->generate_url(array('action' => 'pgtcallback'))); // set PGT storage #phpCAS::setPGTStorageFile('xml', $cfg['cas_pgt_dir']); phpCAS::setPGTStorageFile($cfg['cas_pgt_dir']); } else { phpCAS::client(CAS_VERSION_2_0, $cfg['cas_hostname'], $cfg['cas_port'], $cfg['cas_uri'], false); } // set service URL for authorization with CAS server phpCAS::setFixedServiceURL($this->generate_url(array('action' => 'login', 'task' => 'mail'))); // set SSL validation for the CAS server if ($cfg['cas_validation'] == 'self') { phpCAS::setCasServerCert($cfg['cas_cert']); } else if ($cfg['cas_validation'] == 'ca') { phpCAS::setCasServerCACert($cfg['cas_cert']); } else { phpCAS::setNoCasServerValidation(); } // set login and logout URLs of the CAS server phpCAS::setServerLoginURL($cfg['cas_login_url']); phpCAS::setServerLogoutURL($cfg['cas_logout_url']); $this->cas_inited = true; } }
/** * Initializes the authority objects based on an associative array of arguments * @param array $args an associate array of arguments. The argument list is dependent on the authority * * General - Required keys: * TITLE => The human readable title of the AuthorityImage * INDEX => The tag used to identify this authority @see AuthenticationAuthority::getAuthenticationAuthority * * General - Optional keys: * LOGGEDIN_IMAGE_URL => a url to an image/badge that is placed next to the user name when logged in * * CAS - Required keys: * CAS_PROTOCOL => The protocol to use. Should be equivalent to one of the phpCAS constants, e.g. "2.0": * CAS_VERSION_1_0 => '1.0', CAS_VERSION_2_0 => '2.0', SAML_VERSION_1_1 => 'S1' * CAS_HOST => The host name of the CAS server, e.g. "cas.example.edu" * CAS_PORT => The port the CAS server is listening on, e.g. "443" * CAS_PATH => The path of the CAS application, e.g. "/cas/" * CAS_CA_CERT => The filesystem path to a CA certificate that will be used to validate the authenticity * of the CAS server, e.g. "/etc/tls/pki/certs/my_ca_cert.crt". If empty, no certificate * validation will be performed (not recommended for production). * * CAS - Optional keys: * ATTRA_EMAIL => Attribute name for the user's email adress, e.g. "email". This only applies if your * CAS server returns attributes in a SAML-1.1 or CAS-2.0 response. * ATTRA_FIRST_NAME => Attribute name for the user's first name, e.g. "givename". This only applies if your * CAS server returns attributes in a SAML-1.1 or CAS-2.0 response. * ATTRA_LAST_NAME => Attribute name for the user's last name, e.g. "surname". This only applies if your * CAS server returns attributes in a SAML-1.1 or CAS-2.0 response. * ATTRA_FULL_NAME => Attribute name for the user's full name, e.g. "displayname". This only applies if your * CAS server returns attributes in a SAML-1.1 or CAS-2.0 response. * ATTRA_MEMBER_OF => Attribute name for the user's groups, e.g. "memberof". This only applies if your * CAS server returns attributes in a SAML-1.1 or CAS-2.0 response. * * NOTE: Any subclass MUST call parent::init($args) to ensure proper operation * */ public function init($args) { parent::init($args); // include the PHPCAS library if (empty($args['CAS_PHPCAS_PATH'])) { require_once 'CAS.php'; } else { require_once $args['CAS_PHPCAS_PATH'] . '/CAS.php'; } if (!empty($args['CAS_DEBUG_LOG'])) { phpCAS::setDebug($args['CAS_DEBUG_LOG']); } if (empty($args['CAS_PROTOCOL'])) { throw new KurogoConfigurationException('CAS_PROTOCOL value not set for ' . $this->AuthorityTitle); } if (empty($args['CAS_HOST'])) { throw new KurogoConfigurationException('CAS_HOST value not set for ' . $this->AuthorityTitle); } if (empty($args['CAS_PORT'])) { throw new KurogoConfigurationException('CAS_PORT value not set for ' . $this->AuthorityTitle); } if (empty($args['CAS_PATH'])) { throw new KurogoConfigurationException('CAS_PATH value not set for ' . $this->AuthorityTitle); } if (empty($args['CAS_PROXY_INIT'])) { phpCAS::client($args['CAS_PROTOCOL'], $args['CAS_HOST'], intval($args['CAS_PORT']), $args['CAS_PATH'], false); } else { phpCAS::proxy($args['CAS_PROTOCOL'], $args['CAS_HOST'], intval($args['CAS_PORT']), $args['CAS_PATH'], false); if (!empty($args['CAS_PROXY_TICKET_PATH']) && !empty($args['CAS_PROXY_TICKET_DB_DSN'])) { throw new KurogoConfigurationException('Only one of CAS_PROXY_TICKET_PATH or CAS_PROXY_TICKET_DB_DSN may be set for ' . $this->AuthorityTitle); } if (!empty($args['CAS_PROXY_TICKET_PATH'])) { if (version_compare(PHPCAS_VERSION, '1.3', '>=')) { phpCAS::setPGTStorageFile($args['CAS_PROXY_TICKET_PATH']); } else { phpCAS::setPGTStorageFile('', $args['CAS_PROXY_TICKET_PATH']); } } if (!empty($args['CAS_PROXY_TICKET_DB_DSN'])) { $user = $pass = $table = $driver_opts = ''; if (!empty($args['CAS_PROXY_TICKET_DB_USER'])) { $user = $args['CAS_PROXY_TICKET_DB_USER']; } if (!empty($args['CAS_PROXY_TICKET_DB_PASS'])) { $pass = $args['CAS_PROXY_TICKET_DB_PASS']; } if (!empty($args['CAS_PROXY_TICKET_DB_TABLE'])) { $table = $args['CAS_PROXY_TICKET_DB_TABLE']; } if (!empty($args['CAS_PROXY_TICKET_DB_DRIVER_OPTS'])) { $driver_opts = $args['CAS_PROXY_TICKET_DB_DRIVER_OPTS']; } phpCAS::setPGTStorageDb($args['CAS_PROXY_TICKET_DB_DSN'], $user, $pass, $table, $driver_opts); } if (!empty($args['CAS_PROXY_FIXED_CALLBACK_URL'])) { phpCAS::setFixedCallbackURL($args['CAS_PROXY_FIXED_CALLBACK_URL']); } } if (empty($args['CAS_CA_CERT'])) { phpCAS::setNoCasServerValidation(); } else { phpCAS::setCasServerCACert($args['CAS_CA_CERT']); } // Record any attribute mapping configured. if (!empty($args['ATTRA_EMAIL'])) { CASUser::mapAttribute('Email', $args['ATTRA_EMAIL']); } if (!empty($args['ATTRA_FIRST_NAME'])) { CASUser::mapAttribute('FirstName', $args['ATTRA_FIRST_NAME']); } if (!empty($args['ATTRA_LAST_NAME'])) { CASUser::mapAttribute('LastName', $args['ATTRA_LAST_NAME']); } if (!empty($args['ATTRA_FULL_NAME'])) { CASUser::mapAttribute('FullName', $args['ATTRA_FULL_NAME']); } // Store an attribute for group membership if configured. if (!empty($args['ATTRA_MEMBER_OF'])) { CASUser::mapAttribute('MemberOf', $args['ATTRA_MEMBER_OF']); } }
/** * Connect to the cas (clientcas connection or proxycas connection * * This function is called from admin/auth.php * */ function connectCAS() { global $PHPCAS_CLIENT; // mode proxy CAS if (!is_object($PHPCAS_CLIENT)) { // Make sure phpCAS doesn't try to start a new PHP session when connecting to the CAS server. if ($this->config->proxycas) { phpCAS::proxy($this->config->casversion, $this->config->hostname, (int) $this->config->port, $this->config->baseuri, false); } else { phpCAS::client($this->config->casversion, $this->config->hostname, (int) $this->config->port, $this->config->baseuri, false); } } }