ILIAS  release_5-1 Revision 5.0.0-5477-g43f3e3fab5f
Authentication
+ Collaboration diagram for Authentication:

Functions

 CASClient::setUser ($user)
 This method sets the CAS user's login name. More...
 
 CASClient::getUser ()
 This method returns the CAS user's login name. More...
 
 CASClient::setAttributes ($attributes)
 
 CASClient::getAttributes ()
 
 CASClient::hasAttributes ()
 
 CASClient::hasAttribute ($key)
 
 CASClient::getAttribute ($key)
 
 CASClient::renewAuthentication ()
 This method is called to renew the authentication of the user If the user is authenticated, renew the connection If not, redirect to CAS. More...
 
 CASClient::forceAuthentication ()
 This method is called to be sure that the user is authenticated. More...
 
 CASClient::setCacheTimesForAuthRecheck ($n)
 Set the number of times authentication will be cached before rechecked. More...
 
 CASClient::checkAuthentication ()
 This method is called to check whether the user is authenticated or not. More...
 
 CASClient::isAuthenticated ()
 This method is called to check if the user is authenticated (previously or by tickets given in the URL). More...
 
 CASClient::isSessionAuthenticated ()
 This method tells if the current session is authenticated. More...
 
 CASClient::wasPreviouslyAuthenticated ()
 This method tells if the user has already been (previously) authenticated by looking into the session variables. More...
 
 CASClient::redirectToCas ($gateway=false, $renew=false)
 This method is used to redirect the client to the CAS server. More...
 
 CASClient::logout ($params)
 This method is used to logout from CAS. More...
 
 CASClient::isLogoutRequest ()
 
 CASClient::isLogoutRequestAllowed ()
 
 CASClient::handleLogoutRequests ($check_client=true, $allowed_clients=false)
 This method handles logout requests. More...
 
 CASClient::redirectToCas ($gateway)
 This method is used to redirect the client to the CAS server. More...
 

Variables

 CASClient::$_user
 The Authenticated user. More...
 
 CASClient::$_attributes
 The Authenticated users attributes. More...
 
 CASClient::$_cache_times_for_auth_recheck
 An integer that gives the number of times authentication will be cached before rechecked. More...
 

Detailed Description

Function Documentation

◆ checkAuthentication()

CASClient::checkAuthentication ( )

This method is called to check whether the user is authenticated or not.

Returns
TRUE when the user is authenticated, FALSE otherwise.

Definition at line 924 of file client.php.

925 {
927
928 if ( $this->isAuthenticated() ) {
929 phpCAS::trace('user is authenticated');
930 $res = TRUE;
931 } else if (isset($_SESSION['phpCAS']['auth_checked'])) {
932 // the previous request has redirected the client to the CAS server with gateway=true
933 unset($_SESSION['phpCAS']['auth_checked']);
934 $res = FALSE;
935 } else {
936 // $_SESSION['phpCAS']['auth_checked'] = true;
937 // $this->redirectToCas(TRUE/* gateway */);
938 // // never reached
939 // $res = FALSE;
940 // avoid a check against CAS on every request
941 if (! isset($_SESSION['phpCAS']['unauth_count']) )
942 $_SESSION['phpCAS']['unauth_count'] = -2; // uninitialized
943
944 if (($_SESSION['phpCAS']['unauth_count'] != -2 && $this->_cache_times_for_auth_recheck == -1)
945 || ($_SESSION['phpCAS']['unauth_count'] >= 0 && $_SESSION['phpCAS']['unauth_count'] < $this->_cache_times_for_auth_recheck))
946 {
947 $res = FALSE;
948
949 if ($this->_cache_times_for_auth_recheck != -1)
950 {
951 $_SESSION['phpCAS']['unauth_count']++;
952 phpCAS::trace('user is not authenticated (cached for '.$_SESSION['phpCAS']['unauth_count'].' times of '.$this->_cache_times_for_auth_recheck.')');
953 }
954 else
955 {
956 phpCAS::trace('user is not authenticated (cached for until login pressed)');
957 }
958 }
959 else
960 {
961 $_SESSION['phpCAS']['unauth_count'] = 0;
962 $_SESSION['phpCAS']['auth_checked'] = true;
963 phpCAS::trace('user is not authenticated (cache reset)');
964 $this->redirectToCas(TRUE/* gateway */);
965 // never reached
966 $res = FALSE;
967 }
968 }
970 return $res;
971 }
$_SESSION["AccountId"]
isAuthenticated()
This method is called to check if the user is authenticated (previously or by tickets given in the UR...
Definition: client.php:981
redirectToCas($gateway=false, $renew=false)
This method is used to redirect the client to the CAS server.
Definition: client.php:1133
trace($str)
This method is used to log something in debug mode.
Definition: CAS.php:569
traceBegin()
This method is used to indicate the start of the execution of a function in debug mode.
Definition: CAS.php:577
traceEnd($res='')
This method is used to indicate the end of the execution of a function in debug mode.
Definition: CAS.php:604

References $_SESSION, $res, CASClient\isAuthenticated(), CASClient\redirectToCas(), phpCAS\trace(), phpCAS\traceBegin(), and phpCAS\traceEnd().

+ Here is the call graph for this function:

◆ forceAuthentication()

CASClient::forceAuthentication ( )

This method is called to be sure that the user is authenticated.

When not authenticated, halt by redirecting to the CAS server; otherwise return TRUE.

Returns
TRUE when the user is authenticated; otherwise halt.

Definition at line 878 of file client.php.

879 {
881
882 if ( $this->isAuthenticated() ) {
883 // the user is authenticated, nothing to be done.
884 phpCAS::trace('no need to authenticate');
885 $res = TRUE;
886 } else {
887 // the user is not authenticated, redirect to the CAS server
888 if (isset($_SESSION['phpCAS']['auth_checked'])) {
889 unset($_SESSION['phpCAS']['auth_checked']);
890 }
891 $this->redirectToCas(FALSE/* no gateway */);
892 // never reached
893 $res = FALSE;
894 }
896 return $res;
897 }

References $_SESSION, $res, CASClient\isAuthenticated(), CASClient\redirectToCas(), phpCAS\trace(), phpCAS\traceBegin(), and phpCAS\traceEnd().

+ Here is the call graph for this function:

◆ getAttribute()

CASClient::getAttribute (   $key)

Definition at line 846 of file client.php.

846 {
847 if($this->hasAttribute($key)) {
848 return $this->_attributes[$key];
849 }
850 }
hasAttribute($key)
Definition: client.php:843

References CASClient\hasAttribute().

+ Here is the call graph for this function:

◆ getAttributes()

CASClient::getAttributes ( )

Definition at line 833 of file client.php.

833 {
834 if ( empty($this->_user) ) { // if no user is set, there shouldn't be any attributes also...
835 phpCAS::error('this method should be used only after '.__CLASS__.'::forceAuthentication() or '.__CLASS__.'::isAuthenticated()');
836 }
837 return $this->_attributes;
838 }
$_attributes
The Authenticated users attributes.
Definition: client.php:828
error($msg)
This method is used by interface methods to print an error and where the function was originally call...
Definition: CAS.php:544

References CASClient\$_attributes, and phpCAS\error().

Referenced by CASClient\isAuthenticated().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getUser()

CASClient::getUser ( )

This method returns the CAS user's login name.

Warning
should be called only after CASClient::forceAuthentication() or CASClient::isAuthenticated(), otherwise halt with an error.
Returns
the login name of the authenticated user

Definition at line 805 of file client.php.

806 {
807 if ( empty($this->_user) ) {
808 phpCAS::error('this method should be used only after '.__CLASS__.'::forceAuthentication() or '.__CLASS__.'::isAuthenticated()');
809 }
810 return $this->_user;
811 }
$_user
The Authenticated user.
Definition: client.php:784

References CASClient\$_user, and phpCAS\error().

Referenced by CASClient\isAuthenticated().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ handleLogoutRequests()

CASClient::handleLogoutRequests (   $check_client = true,
  $allowed_clients = false 
)

This method handles logout requests.

Parameters
$check_clienttrue to check the client bofore handling the request, false not to perform any access control. True by default.
$allowed_clientsan array of host names allowed to send logout requests. By default, only the CAs server (declared in the constructor) will be allowed.

Definition at line 1202 of file client.php.

1202 {
1204 if (!$this->isLogoutRequest()) {
1205 phpCAS::log("Not a logout request");
1207 return;
1208 }
1209 if(!$this->_start_session){
1210 phpCAS::log("phpCAS can't handle logout requests if it does not manage the session.");
1211 }
1212 phpCAS::log("Logout requested");
1213 phpCAS::log("SAML REQUEST: ".$_POST['logoutRequest']);
1214 if ($check_client) {
1215 if (!$allowed_clients) {
1216 $allowed_clients = array( $this->getServerHostname() );
1217 }
1218 $client_ip = $_SERVER['REMOTE_ADDR'];
1219 $client = gethostbyaddr($client_ip);
1220 phpCAS::log("Client: ".$client."/".$client_ip);
1221 $allowed = false;
1222 foreach ($allowed_clients as $allowed_client) {
1223 if (($client == $allowed_client) or ($client_ip == $allowed_client)) {
1224 phpCAS::log("Allowed client '".$allowed_client."' matches, logout request is allowed");
1225 $allowed = true;
1226 break;
1227 } else {
1228 phpCAS::log("Allowed client '".$allowed_client."' does not match");
1229 }
1230 }
1231 if (!$allowed) {
1232 phpCAS::error("Unauthorized logout request from client '".$client."'");
1233 printf("Unauthorized!");
1235 exit();
1236 }
1237 } else {
1238 phpCAS::log("No access control set");
1239 }
1240 // Extract the ticket from the SAML Request
1241 preg_match("|<samlp:SessionIndex>(.*)</samlp:SessionIndex>|", $_POST['logoutRequest'], $tick, PREG_OFFSET_CAPTURE, 3);
1242 $wrappedSamlSessionIndex = preg_replace('|<samlp:SessionIndex>|','',$tick[0][0]);
1243 $ticket2logout = preg_replace('|</samlp:SessionIndex>|','',$wrappedSamlSessionIndex);
1244 phpCAS::log("Ticket to logout: ".$ticket2logout);
1245 $session_id = preg_replace('/[^\w]/','',$ticket2logout);
1246 phpCAS::log("Session id: ".$session_id);
1247
1248 // destroy a possible application session created before phpcas
1249 if(session_id()){
1250 session_unset();
1251 session_destroy();
1252 }
1253 // fix session ID
1254 session_id($session_id);
1255 $_COOKIE[session_name()]=$session_id;
1256 $_GET[session_name()]=$session_id;
1257
1258 // Overwrite session
1259 session_start();
1260 session_unset();
1261 session_destroy();
1262 printf("Disconnected!");
1264 exit();
1265 }
$_GET["client_id"]
$_POST['username']
Definition: cron.php:12
$_COOKIE["ilClientId"]
Definition: cron.php:11
isLogoutRequest()
Definition: client.php:1183
getServerHostname()
This method is used to retrieve the hostname of the CAS server.
Definition: client.php:307
traceExit()
This method is used to indicate the end of the execution of the program.
Definition: CAS.php:617
log($str)
Logs a string in debug mode.
Definition: CAS.php:523
exit
Definition: login.php:54
if((!isset($_SERVER['DOCUMENT_ROOT'])) OR(empty($_SERVER['DOCUMENT_ROOT']))) $_SERVER['DOCUMENT_ROOT']

References $_COOKIE, $_GET, $_POST, $_SERVER, $client, phpCAS\error(), exit, CASClient\getServerHostname(), CASClient\isLogoutRequest(), phpCAS\log(), phpCAS\traceBegin(), phpCAS\traceEnd(), and phpCAS\traceExit().

+ Here is the call graph for this function:

◆ hasAttribute()

CASClient::hasAttribute (   $key)

Definition at line 843 of file client.php.

844 { return (is_array($this->_attributes) && array_key_exists($key, $this->_attributes)); }

Referenced by CASClient\getAttribute().

+ Here is the caller graph for this function:

◆ hasAttributes()

CASClient::hasAttributes ( )

Definition at line 840 of file client.php.

841 { return !empty($this->_attributes); }

◆ isAuthenticated()

CASClient::isAuthenticated ( )

This method is called to check if the user is authenticated (previously or by tickets given in the URL).

Returns
TRUE when the user is authenticated. Also may redirect to the same URL without the ticket.

Definition at line 981 of file client.php.

982 {
984 $res = FALSE;
985 $validate_url = '';
986
987 if ( $this->wasPreviouslyAuthenticated() ) {
988 if($this->hasST() || $this->hasPT() || $this->hasSA()){
989 // User has a additional ticket but was already authenticated
990 phpCAS::trace('ticket was present and will be discarded, use renewAuthenticate()');
991 header('Location: '.$this->getURL());
992 phpCAS::log( "Prepare redirect to remove ticket: ".$this->getURL() );
993 }else{
994 // the user has already (previously during the session) been
995 // authenticated, nothing to be done.
996 phpCAS::trace('user was already authenticated, no need to look for tickets');
997 }
998 $res = TRUE;
999 }
1000 else {
1001 if ( $this->hasST() ) {
1002 // if a Service Ticket was given, validate it
1003 phpCAS::trace('ST `'.$this->getST().'\' is present');
1004 $this->validateST($validate_url,$text_response,$tree_response); // if it fails, it halts
1005 phpCAS::trace('ST `'.$this->getST().'\' was validated');
1006 if ( $this->isProxy() ) {
1007 $this->validatePGT($validate_url,$text_response,$tree_response); // idem
1008 phpCAS::trace('PGT `'.$this->getPGT().'\' was validated');
1009 $_SESSION['phpCAS']['pgt'] = $this->getPGT();
1010 }
1011 $_SESSION['phpCAS']['user'] = $this->getUser();
1012 $res = TRUE;
1013 }
1014 elseif ( $this->hasPT() ) {
1015 // if a Proxy Ticket was given, validate it
1016 phpCAS::trace('PT `'.$this->getPT().'\' is present');
1017 $this->validatePT($validate_url,$text_response,$tree_response); // note: if it fails, it halts
1018 phpCAS::trace('PT `'.$this->getPT().'\' was validated');
1019 if ( $this->isProxy() ) {
1020 $this->validatePGT($validate_url,$text_response,$tree_response); // idem
1021 phpCAS::trace('PGT `'.$this->getPGT().'\' was validated');
1022 $_SESSION['phpCAS']['pgt'] = $this->getPGT();
1023 }
1024 $_SESSION['phpCAS']['user'] = $this->getUser();
1025 $res = TRUE;
1026 }
1027 elseif ( $this->hasSA() ) {
1028 // if we have a SAML ticket, validate it.
1029 phpCAS::trace('SA `'.$this->getSA().'\' is present');
1030 $this->validateSA($validate_url,$text_response,$tree_response); // if it fails, it halts
1031 phpCAS::trace('SA `'.$this->getSA().'\' was validated');
1032 $_SESSION['phpCAS']['user'] = $this->getUser();
1033 $_SESSION['phpCAS']['attributes'] = $this->getAttributes();
1034 $res = TRUE;
1035 }
1036 else {
1037 // no ticket given, not authenticated
1038 phpCAS::trace('no ticket found');
1039 }
1040 if ($res) {
1041 // if called with a ticket parameter, we need to redirect to the app without the ticket so that CAS-ification is transparent to the browser (for later POSTS)
1042 // most of the checks and errors should have been made now, so we're safe for redirect without masking error messages.
1043 header('Location: '.$this->getURL());
1044 phpCAS::log( "Prepare redirect to : ".$this->getURL() );
1045 }
1046 }
1047
1049 return $res;
1050 }
The phpCAS class is a simple container for the phpCAS library.
Definition: CAS.php:341
getAttributes()
Definition: client.php:833
getUser()
This method returns the CAS user's login name.
Definition: client.php:805
wasPreviouslyAuthenticated()
This method tells if the user has already been (previously) authenticated by looking into the session...
Definition: client.php:1072
hasST()
This method tells if a Service Ticket was stored.
Definition: client.php:1314
getST()
This method returns the Service Ticket provided in the URL of the request.
Definition: client.php:1298
getURL()
This method returns the URL of the current request (without any ticket CGI parameter).
Definition: client.php:2621
validatePGT(&$validate_url, $text_response, $tree_response)
This method is used to validate a PGT; halt on failure.
Definition: client.php:2007
validatePT(&$validate_url, &$text_response, &$tree_response)
This method is used to validate a ST or PT; halt on failure Used for all CAS 2.0 validations.
Definition: client.php:2506
hasSA()
This method tells if a SAML Ticket was stored.
Definition: client.php:2487
hasPT()
This method tells if a Proxy Ticket was stored.
Definition: client.php:2464
getSA()
This method returns the SAML Ticket provided in the URL of the request.
Definition: client.php:2471
getPT()
This method returns the Proxy Ticket provided in the URL of the request.
Definition: client.php:2445
isProxy()
Tells if a CAS client is a CAS proxy or not.
Definition: client.php:1681
getPGT()
This method returns the Proxy Granting Ticket given by the CAS server.
Definition: client.php:1709

References $_SESSION, $res, CASClient\getAttributes(), CASClient\getPGT(), CASClient\getPT(), CASClient\getSA(), CASClient\getST(), CASClient\getURL(), CASClient\getUser(), CASClient\hasPT(), CASClient\hasSA(), CASClient\hasST(), CASClient\isProxy(), phpCAS\log(), phpCAS\trace(), phpCAS\traceBegin(), phpCAS\traceEnd(), CASClient\validatePGT(), CASClient\validatePT(), and CASClient\wasPreviouslyAuthenticated().

Referenced by CASClient\checkAuthentication(), CASClient\forceAuthentication(), and CASClient\renewAuthentication().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ isLogoutRequest()

CASClient::isLogoutRequest ( )
private
Returns
true if the current request is a logout request.

Definition at line 1183 of file client.php.

1183 {
1184 return !empty($_POST['logoutRequest']);
1185 }

References $_POST.

Referenced by CASClient\CASClient(), and CASClient\handleLogoutRequests().

+ Here is the caller graph for this function:

◆ isLogoutRequestAllowed()

CASClient::isLogoutRequestAllowed ( )
private
Returns
true if a logout request is allowed.

Definition at line 1191 of file client.php.

1191 {
1192 }

◆ isSessionAuthenticated()

CASClient::isSessionAuthenticated ( )

This method tells if the current session is authenticated.

Returns
true if authenticated based soley on $_SESSION variable
Since
0.4.22 by Brendan Arnold

Definition at line 1057 of file client.php.

1058 {
1059 return !empty($_SESSION['phpCAS']['user']);
1060 }

References $_SESSION.

Referenced by CASClient\wasPreviouslyAuthenticated().

+ Here is the caller graph for this function:

◆ logout()

CASClient::logout (   $params)

This method is used to logout from CAS.

@params $params an array that contains the optional url and service parameters that will be passed to the CAS server

Definition at line 1154 of file client.php.

1154 {
1156 $cas_url = $this->getServerLogoutURL();
1157 $paramSeparator = '?';
1158 if (isset($params['url'])) {
1159 $cas_url = $cas_url . $paramSeparator . "url=" . urlencode($params['url']);
1160 $paramSeparator = '&';
1161 }
1162 if (isset($params['service'])) {
1163 $cas_url = $cas_url . $paramSeparator . "service=" . urlencode($params['service']);
1164 }
1165 header('Location: '.$cas_url);
1166 phpCAS::log( "Prepare redirect to : ".$cas_url );
1167
1168 session_unset();
1169 session_destroy();
1170
1172 printf('<p>'.$this->getString(CAS_STR_SHOULD_HAVE_BEEN_REDIRECTED).'</p>',$cas_url);
1173 $this->printHTMLFooter();
1174
1176 exit();
1177 }
$params
Definition: example_049.php:96
getServerLogoutURL()
This method is used to retrieve the logout URL of the CAS server.
Definition: client.php:509
getString($str)
This method returns a string depending on the language.
Definition: client.php:221
printHTMLHeader($title)
This method prints the header of the HTML output (after filtering).
Definition: client.php:108
printHTMLFooter()
This method prints the footer of the HTML output (after filtering).
Definition: client.php:136
const CAS_STR_LOGOUT
Definition: languages.php:17
const CAS_STR_SHOULD_HAVE_BEEN_REDIRECTED
Definition: languages.php:18

References $params, CAS_STR_LOGOUT, CAS_STR_SHOULD_HAVE_BEEN_REDIRECTED, exit, CASClient\getServerLogoutURL(), CASClient\getString(), phpCAS\log(), CASClient\printHTMLFooter(), CASClient\printHTMLHeader(), phpCAS\traceBegin(), and phpCAS\traceExit().

+ Here is the call graph for this function:

◆ redirectToCas() [1/2]

CASClient::redirectToCas (   $gateway)

This method is used to redirect the client to the CAS server.

It is used by CASClient::forceAuthentication() and CASClient::checkAuthentication().

Parameters
$gatewaytrue to check authentication, false to force it

Definition at line 743 of file client.php.

744 {
746 $cas_url = $this->getServerLoginURL($gateway);
747 header('Location: '.$cas_url);
749 printf('<p>'.$this->getString(CAS_STR_SHOULD_HAVE_BEEN_REDIRECTED).'</p>',$cas_url);
750 $this->printHTMLFooter();
752 exit();
753 }
getServerLoginURL($gateway=false, $renew=false)
This method is used to retrieve the login URL of the CAS server.
Definition: client.php:353
const CAS_STR_AUTHENTICATION_WANTED
Definition: languages.php:16

References CAS_STR_AUTHENTICATION_WANTED, CAS_STR_SHOULD_HAVE_BEEN_REDIRECTED, exit, CASClient\getServerLoginURL(), CASClient\getString(), CASClient\printHTMLFooter(), CASClient\printHTMLHeader(), phpCAS\traceBegin(), and phpCAS\traceExit().

+ Here is the call graph for this function:

◆ redirectToCas() [2/2]

CASClient::redirectToCas (   $gateway = false,
  $renew = false 
)

This method is used to redirect the client to the CAS server.

It is used by CASClient::forceAuthentication() and CASClient::checkAuthentication().

Parameters
$gatewaytrue to check authentication, false to force it
$renewtrue to force the authentication with the CAS server

Definition at line 1133 of file client.php.

1133 {
1135 $cas_url = $this->getServerLoginURL($gateway,$renew);
1136 header('Location: '.$cas_url);
1137 phpCAS::log( "Redirect to : ".$cas_url );
1138
1140
1141 printf('<p>'.$this->getString(CAS_STR_SHOULD_HAVE_BEEN_REDIRECTED).'</p>',$cas_url);
1142 $this->printHTMLFooter();
1143
1145 exit();
1146 }

References CAS_STR_AUTHENTICATION_WANTED, CAS_STR_SHOULD_HAVE_BEEN_REDIRECTED, exit, CASClient\getServerLoginURL(), CASClient\getString(), phpCAS\log(), CASClient\printHTMLFooter(), CASClient\printHTMLHeader(), phpCAS\traceBegin(), and phpCAS\traceExit().

Referenced by CASClient\checkAuthentication(), CASClient\forceAuthentication(), and CASClient\renewAuthentication().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ renewAuthentication()

CASClient::renewAuthentication ( )

This method is called to renew the authentication of the user If the user is authenticated, renew the connection If not, redirect to CAS.

Definition at line 858 of file client.php.

858 {
860 // Either way, the user is authenticated by CAS
861 if( isset( $_SESSION['phpCAS']['auth_checked'] ) )
862 unset($_SESSION['phpCAS']['auth_checked']);
863 if ( $this->isAuthenticated() ) {
864 phpCAS::trace('user already authenticated; renew');
865 $this->redirectToCas(false,true);
866 } else {
867 $this->redirectToCas();
868 }
870 }

References $_SESSION, CASClient\isAuthenticated(), CASClient\redirectToCas(), phpCAS\trace(), phpCAS\traceBegin(), and phpCAS\traceEnd().

+ Here is the call graph for this function:

◆ setAttributes()

CASClient::setAttributes (   $attributes)

Definition at line 830 of file client.php.

831 { $this->_attributes = $attributes; }

Referenced by CASClient\wasPreviouslyAuthenticated().

+ Here is the caller graph for this function:

◆ setCacheTimesForAuthRecheck()

CASClient::setCacheTimesForAuthRecheck (   $n)

Set the number of times authentication will be cached before rechecked.

Parameters
$nan integer.

Definition at line 914 of file client.php.

915 {
916 $this->_cache_times_for_auth_recheck = $n;
917 }
$n
Definition: RandomTest.php:80

References $n.

◆ setUser()

CASClient::setUser (   $user)
private

This method sets the CAS user's login name.

Parameters
$userthe login name of the authenticated user.

Definition at line 793 of file client.php.

794 {
795 $this->_user = $user;
796 }

Referenced by CASClient\validateST(), and CASClient\wasPreviouslyAuthenticated().

+ Here is the caller graph for this function:

◆ wasPreviouslyAuthenticated()

CASClient::wasPreviouslyAuthenticated ( )
private

This method tells if the user has already been (previously) authenticated by looking into the session variables.

Note
This function switches to callback mode when needed.
Returns
TRUE when the user has already been authenticated; FALSE otherwise.

Definition at line 1072 of file client.php.

1073 {
1075
1076 if ( $this->isCallbackMode() ) {
1077 $this->callback();
1078 }
1079
1080 $auth = FALSE;
1081
1082 if ( $this->isProxy() ) {
1083 // CAS proxy: username and PGT must be present
1084 if ( $this->isSessionAuthenticated() && !empty($_SESSION['phpCAS']['pgt']) ) {
1085 // authentication already done
1086 $this->setUser($_SESSION['phpCAS']['user']);
1087 $this->setPGT($_SESSION['phpCAS']['pgt']);
1088 phpCAS::trace('user = `'.$_SESSION['phpCAS']['user'].'\', PGT = `'.$_SESSION['phpCAS']['pgt'].'\'');
1089 $auth = TRUE;
1090 } elseif ( $this->isSessionAuthenticated() && empty($_SESSION['phpCAS']['pgt']) ) {
1091 // these two variables should be empty or not empty at the same time
1092 phpCAS::trace('username found (`'.$_SESSION['phpCAS']['user'].'\') but PGT is empty');
1093 // unset all tickets to enforce authentication
1094 unset($_SESSION['phpCAS']);
1095 $this->setST('');
1096 $this->setPT('');
1097 } elseif ( !$this->isSessionAuthenticated() && !empty($_SESSION['phpCAS']['pgt']) ) {
1098 // these two variables should be empty or not empty at the same time
1099 phpCAS::trace('PGT found (`'.$_SESSION['phpCAS']['pgt'].'\') but username is empty');
1100 // unset all tickets to enforce authentication
1101 unset($_SESSION['phpCAS']);
1102 $this->setST('');
1103 $this->setPT('');
1104 } else {
1105 phpCAS::trace('neither user not PGT found');
1106 }
1107 } else {
1108 // `simple' CAS client (not a proxy): username must be present
1109 if ( $this->isSessionAuthenticated() ) {
1110 // authentication already done
1111 $this->setUser($_SESSION['phpCAS']['user']);
1112 if(isset($_SESSION['phpCAS']['attributes'])){
1113 $this->setAttributes($_SESSION['phpCAS']['attributes']);
1114 }
1115 phpCAS::trace('user = `'.$_SESSION['phpCAS']['user'].'\'');
1116 $auth = TRUE;
1117 } else {
1118 phpCAS::trace('no user found');
1119 }
1120 }
1121
1123 return $auth;
1124 }
isSessionAuthenticated()
This method tells if the current session is authenticated.
Definition: client.php:1057
setAttributes($attributes)
Definition: client.php:830
setUser($user)
This method sets the CAS user's login name.
Definition: client.php:793
setST($st)
This method stores the Service Ticket.
Definition: client.php:1306
isCallbackMode()
This method returns TRUE when the CAs client is running i callback mode, FALSE otherwise.
Definition: client.php:1772
callback()
This method is called by CASClient::CASClient() when running in callback mode.
Definition: client.php:1849
setPT($pt)
This method stores the Proxy Ticket.
Definition: client.php:2456
setPGT($pgt)
This method stores the Proxy Granting Ticket.
Definition: client.php:1717

References $_SESSION, $auth, CASClient\callback(), CASClient\isCallbackMode(), CASClient\isProxy(), CASClient\isSessionAuthenticated(), CASClient\setAttributes(), CASClient\setPGT(), CASClient\setPT(), CASClient\setST(), CASClient\setUser(), phpCAS\trace(), phpCAS\traceBegin(), and phpCAS\traceEnd().

Referenced by CASClient\isAuthenticated().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

Variable Documentation

◆ $_attributes

CASClient::$_attributes
private

The Authenticated users attributes.

Written by CASClient::setAttributes(), read by CASClient::getAttributes().

Attention
client applications should use phpCAS::getAttributes().

Definition at line 828 of file client.php.

Referenced by CASClient\getAttributes().

◆ $_cache_times_for_auth_recheck

CASClient::$_cache_times_for_auth_recheck
private

An integer that gives the number of times authentication will be cached before rechecked.

Definition at line 905 of file client.php.

◆ $_user

CASClient::$_user
private

The Authenticated user.

Written by CASClient::setUser(), read by CASClient::getUser().

Attention
client applications should use phpCAS::getUser().

Definition at line 784 of file client.php.

Referenced by CASClient\getUser().