ILIAS  release_5-1 Revision 5.0.0-5477-g43f3e3fab5f
Functions | Variables
Authentication
Implementation
+ Collaboration diagram for Authentication:

Functions

 CASClient::setUser ($user)
 This method sets the CAS user's login name. More...
 
 CASClient::getUser ()
 This method returns the CAS user's login name. More...
 
 CASClient::setAttributes ($attributes)
 
 CASClient::getAttributes ()
 
 CASClient::hasAttributes ()
 
 CASClient::hasAttribute ($key)
 
 CASClient::getAttribute ($key)
 
 CASClient::renewAuthentication ()
 This method is called to renew the authentication of the user If the user is authenticated, renew the connection If not, redirect to CAS. More...
 
 CASClient::forceAuthentication ()
 This method is called to be sure that the user is authenticated. More...
 
 CASClient::setCacheTimesForAuthRecheck ($n)
 Set the number of times authentication will be cached before rechecked. More...
 
 CASClient::checkAuthentication ()
 This method is called to check whether the user is authenticated or not. More...
 
 CASClient::isAuthenticated ()
 This method is called to check if the user is authenticated (previously or by tickets given in the URL). More...
 
 CASClient::isSessionAuthenticated ()
 This method tells if the current session is authenticated. More...
 
 CASClient::wasPreviouslyAuthenticated ()
 This method tells if the user has already been (previously) authenticated by looking into the session variables. More...
 
 CASClient::redirectToCas ($gateway=false, $renew=false)
 This method is used to redirect the client to the CAS server. More...
 
 CASClient::logout ($params)
 This method is used to logout from CAS. More...
 
 CASClient::isLogoutRequest ()
 
 CASClient::isLogoutRequestAllowed ()
 
 CASClient::handleLogoutRequests ($check_client=true, $allowed_clients=false)
 This method handles logout requests. More...
 
 CASClient::redirectToCas ($gateway)
 This method is used to redirect the client to the CAS server. More...
 

Variables

 CASClient::$_user
 The Authenticated user. More...
 
 CASClient::$_attributes
 The Authenticated users attributes. More...
 
 CASClient::$_cache_times_for_auth_recheck
 An integer that gives the number of times authentication will be cached before rechecked. More...
 

Detailed Description

Function Documentation

◆ checkAuthentication()

CASClient::checkAuthentication ( )

This method is called to check whether the user is authenticated or not.

Returns
TRUE when the user is authenticated, FALSE otherwise.

Definition at line 924 of file client.php.

References $_SESSION, $res, CASClient\isAuthenticated(), CASClient\redirectToCas(), phpCAS\trace(), phpCAS\traceBegin(), and phpCAS\traceEnd().

925  {
926  phpCAS::traceBegin();
927 
928  if ( $this->isAuthenticated() ) {
929  phpCAS::trace('user is authenticated');
930  $res = TRUE;
931  } else if (isset($_SESSION['phpCAS']['auth_checked'])) {
932  // the previous request has redirected the client to the CAS server with gateway=true
933  unset($_SESSION['phpCAS']['auth_checked']);
934  $res = FALSE;
935  } else {
936  // $_SESSION['phpCAS']['auth_checked'] = true;
937  // $this->redirectToCas(TRUE/* gateway */);
938  // // never reached
939  // $res = FALSE;
940  // avoid a check against CAS on every request
941  if (! isset($_SESSION['phpCAS']['unauth_count']) )
942  $_SESSION['phpCAS']['unauth_count'] = -2; // uninitialized
943 
944  if (($_SESSION['phpCAS']['unauth_count'] != -2 && $this->_cache_times_for_auth_recheck == -1)
945  || ($_SESSION['phpCAS']['unauth_count'] >= 0 && $_SESSION['phpCAS']['unauth_count'] < $this->_cache_times_for_auth_recheck))
946  {
947  $res = FALSE;
948 
949  if ($this->_cache_times_for_auth_recheck != -1)
950  {
951  $_SESSION['phpCAS']['unauth_count']++;
952  phpCAS::trace('user is not authenticated (cached for '.$_SESSION['phpCAS']['unauth_count'].' times of '.$this->_cache_times_for_auth_recheck.')');
953  }
954  else
955  {
956  phpCAS::trace('user is not authenticated (cached for until login pressed)');
957  }
958  }
959  else
960  {
961  $_SESSION['phpCAS']['unauth_count'] = 0;
962  $_SESSION['phpCAS']['auth_checked'] = true;
963  phpCAS::trace('user is not authenticated (cache reset)');
964  $this->redirectToCas(TRUE/* gateway */);
965  // never reached
966  $res = FALSE;
967  }
968  }
969  phpCAS::traceEnd($res);
970  return $res;
971  }
$_SESSION
$_SESSION["AccountId"]
Definition: cfg.phpunit.template.php:10
phpCAS\traceEnd
traceEnd($res='')
This method is used to indicate the end of the execution of a function in debug mode.
Definition: CAS.php:604
CASClient\redirectToCas
redirectToCas($gateway=false, $renew=false)
This method is used to redirect the client to the CAS server.
Definition: client.php:1133
phpCAS\traceBegin
traceBegin()
This method is used to indicate the start of the execution of a function in debug mode...
Definition: CAS.php:577
phpCAS\trace
trace($str)
This method is used to log something in debug mode.
Definition: CAS.php:569
CASClient\isAuthenticated
isAuthenticated()
This method is called to check if the user is authenticated (previously or by tickets given in the UR...
Definition: client.php:981
+ Here is the call graph for this function:

◆ forceAuthentication()

CASClient::forceAuthentication ( )

This method is called to be sure that the user is authenticated.

When not authenticated, halt by redirecting to the CAS server; otherwise return TRUE.

Returns
TRUE when the user is authenticated; otherwise halt.

Definition at line 878 of file client.php.

References $_SESSION, $res, CASClient\isAuthenticated(), CASClient\redirectToCas(), phpCAS\trace(), phpCAS\traceBegin(), and phpCAS\traceEnd().

879  {
880  phpCAS::traceBegin();
881 
882  if ( $this->isAuthenticated() ) {
883  // the user is authenticated, nothing to be done.
884  phpCAS::trace('no need to authenticate');
885  $res = TRUE;
886  } else {
887  // the user is not authenticated, redirect to the CAS server
888  if (isset($_SESSION['phpCAS']['auth_checked'])) {
889  unset($_SESSION['phpCAS']['auth_checked']);
890  }
891  $this->redirectToCas(FALSE/* no gateway */);
892  // never reached
893  $res = FALSE;
894  }
895  phpCAS::traceEnd($res);
896  return $res;
897  }
$_SESSION
$_SESSION["AccountId"]
Definition: cfg.phpunit.template.php:10
phpCAS\traceEnd
traceEnd($res='')
This method is used to indicate the end of the execution of a function in debug mode.
Definition: CAS.php:604
CASClient\redirectToCas
redirectToCas($gateway=false, $renew=false)
This method is used to redirect the client to the CAS server.
Definition: client.php:1133
phpCAS\traceBegin
traceBegin()
This method is used to indicate the start of the execution of a function in debug mode...
Definition: CAS.php:577
phpCAS\trace
trace($str)
This method is used to log something in debug mode.
Definition: CAS.php:569
CASClient\isAuthenticated
isAuthenticated()
This method is called to check if the user is authenticated (previously or by tickets given in the UR...
Definition: client.php:981
+ Here is the call graph for this function:

◆ getAttribute()

CASClient::getAttribute (   $key)

Definition at line 846 of file client.php.

References CASClient\hasAttribute().

846  {
847  if($this->hasAttribute($key)) {
848  return $this->_attributes[$key];
849  }
850  }
CASClient\hasAttribute
hasAttribute($key)
Definition: client.php:843
+ Here is the call graph for this function:

◆ getAttributes()

CASClient::getAttributes ( )

Definition at line 833 of file client.php.

References CASClient\$_attributes, and phpCAS\error().

Referenced by CASClient\isAuthenticated().

833  {
834  if ( empty($this->_user) ) { // if no user is set, there shouldn't be any attributes also...
835  phpCAS::error('this method should be used only after '.__CLASS__.'::forceAuthentication() or '.__CLASS__.'::isAuthenticated()');
836  }
837  return $this->_attributes;
838  }
phpCAS\error
error($msg)
This method is used by interface methods to print an error and where the function was originally call...
Definition: CAS.php:544
CASClient\$_attributes
$_attributes
The Authenticated users attributes.
Definition: client.php:828
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getUser()

CASClient::getUser ( )

This method returns the CAS user's login name.

Warning
should be called only after CASClient::forceAuthentication() or CASClient::isAuthenticated(), otherwise halt with an error.
Returns
the login name of the authenticated user

Definition at line 805 of file client.php.

References CASClient\$_user, and phpCAS\error().

Referenced by CASClient\isAuthenticated().

806  {
807  if ( empty($this->_user) ) {
808  phpCAS::error('this method should be used only after '.__CLASS__.'::forceAuthentication() or '.__CLASS__.'::isAuthenticated()');
809  }
810  return $this->_user;
811  }
CASClient\$_user
$_user
The Authenticated user.
Definition: client.php:784
phpCAS\error
error($msg)
This method is used by interface methods to print an error and where the function was originally call...
Definition: CAS.php:544
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ handleLogoutRequests()

CASClient::handleLogoutRequests (   $check_client = true,
  $allowed_clients = false 
)

This method handles logout requests.

Parameters
$check_clienttrue to check the client bofore handling the request, false not to perform any access control. True by default.
$allowed_clientsan array of host names allowed to send logout requests. By default, only the CAs server (declared in the constructor) will be allowed.

Definition at line 1202 of file client.php.

References $_COOKIE, $_GET, $_POST, $_SERVER, $client, phpCAS\error(), exit, CASClient\getServerHostname(), CASClient\isLogoutRequest(), phpCAS\log(), phpCAS\traceBegin(), phpCAS\traceEnd(), and phpCAS\traceExit().

1202  {
1203  phpCAS::traceBegin();
1204  if (!$this->isLogoutRequest()) {
1205  phpCAS::log("Not a logout request");
1206  phpCAS::traceEnd();
1207  return;
1208  }
1209  if(!$this->_start_session){
1210  phpCAS::log("phpCAS can't handle logout requests if it does not manage the session.");
1211  }
1212  phpCAS::log("Logout requested");
1213  phpCAS::log("SAML REQUEST: ".$_POST['logoutRequest']);
1214  if ($check_client) {
1215  if (!$allowed_clients) {
1216  $allowed_clients = array( $this->getServerHostname() );
1217  }
1218  $client_ip = $_SERVER['REMOTE_ADDR'];
1219  $client = gethostbyaddr($client_ip);
1220  phpCAS::log("Client: ".$client."/".$client_ip);
1221  $allowed = false;
1222  foreach ($allowed_clients as $allowed_client) {
1223  if (($client == $allowed_client) or ($client_ip == $allowed_client)) {
1224  phpCAS::log("Allowed client '".$allowed_client."' matches, logout request is allowed");
1225  $allowed = true;
1226  break;
1227  } else {
1228  phpCAS::log("Allowed client '".$allowed_client."' does not match");
1229  }
1230  }
1231  if (!$allowed) {
1232  phpCAS::error("Unauthorized logout request from client '".$client."'");
1233  printf("Unauthorized!");
1234  phpCAS::traceExit();
1235  exit();
1236  }
1237  } else {
1238  phpCAS::log("No access control set");
1239  }
1240  // Extract the ticket from the SAML Request
1241  preg_match("|<samlp:SessionIndex>(.*)</samlp:SessionIndex>|", $_POST['logoutRequest'], $tick, PREG_OFFSET_CAPTURE, 3);
1242  $wrappedSamlSessionIndex = preg_replace('|<samlp:SessionIndex>|','',$tick[0][0]);
1243  $ticket2logout = preg_replace('|</samlp:SessionIndex>|','',$wrappedSamlSessionIndex);
1244  phpCAS::log("Ticket to logout: ".$ticket2logout);
1245  $session_id = preg_replace('/[^\w]/','',$ticket2logout);
1246  phpCAS::log("Session id: ".$session_id);
1247 
1248  // destroy a possible application session created before phpcas
1249  if(session_id()){
1250  session_unset();
1251  session_destroy();
1252  }
1253  // fix session ID
1254  session_id($session_id);
1255  $_COOKIE[session_name()]=$session_id;
1256  $_GET[session_name()]=$session_id;
1257 
1258  // Overwrite session
1259  session_start();
1260  session_unset();
1261  session_destroy();
1262  printf("Disconnected!");
1263  phpCAS::traceExit();
1264  exit();
1265  }
exit
exit
Definition: login.php:54
$_SERVER
if((!isset($_SERVER['DOCUMENT_ROOT'])) OR(empty($_SERVER['DOCUMENT_ROOT']))) $_SERVER['DOCUMENT_ROOT']
Definition: tcpdf_autoconfig.php:54
$_POST
$_POST['username']
Definition: cron.php:12
$_GET
$_GET["client_id"]
Definition: cfg.phpunit.template.php:12
$_COOKIE
$_COOKIE["ilClientId"]
Definition: cron.php:11
phpCAS\traceEnd
traceEnd($res='')
This method is used to indicate the end of the execution of a function in debug mode.
Definition: CAS.php:604
CASClient\isLogoutRequest
isLogoutRequest()
Definition: client.php:1183
phpCAS\traceBegin
traceBegin()
This method is used to indicate the start of the execution of a function in debug mode...
Definition: CAS.php:577
phpCAS\error
error($msg)
This method is used by interface methods to print an error and where the function was originally call...
Definition: CAS.php:544
CASClient\getServerHostname
getServerHostname()
This method is used to retrieve the hostname of the CAS server.
Definition: client.php:307
phpCAS\log
log($str)
Logs a string in debug mode.
Definition: CAS.php:523
phpCAS\traceExit
traceExit()
This method is used to indicate the end of the execution of the program.
Definition: CAS.php:617
+ Here is the call graph for this function:

◆ hasAttribute()

CASClient::hasAttribute (   $key)

Definition at line 843 of file client.php.

Referenced by CASClient\getAttribute().

844  { return (is_array($this->_attributes) && array_key_exists($key, $this->_attributes)); }
+ Here is the caller graph for this function:

◆ hasAttributes()

CASClient::hasAttributes ( )

Definition at line 840 of file client.php.

841  { return !empty($this->_attributes); }

◆ isAuthenticated()

CASClient::isAuthenticated ( )

This method is called to check if the user is authenticated (previously or by tickets given in the URL).

Returns
TRUE when the user is authenticated. Also may redirect to the same URL without the ticket.

Definition at line 981 of file client.php.

References $_SESSION, $res, CASClient\getAttributes(), CASClient\getPGT(), CASClient\getPT(), CASClient\getSA(), CASClient\getST(), CASClient\getURL(), CASClient\getUser(), CASClient\hasPT(), CASClient\hasSA(), CASClient\hasST(), CASClient\isProxy(), phpCAS\log(), phpCAS\trace(), phpCAS\traceBegin(), phpCAS\traceEnd(), CASClient\validatePGT(), CASClient\validatePT(), and CASClient\wasPreviouslyAuthenticated().

Referenced by CASClient\checkAuthentication(), CASClient\forceAuthentication(), and CASClient\renewAuthentication().

982  {
983  phpCAS::traceBegin();
984  $res = FALSE;
985  $validate_url = '';
986 
987  if ( $this->wasPreviouslyAuthenticated() ) {
988  if($this->hasST() || $this->hasPT() || $this->hasSA()){
989  // User has a additional ticket but was already authenticated
990  phpCAS::trace('ticket was present and will be discarded, use renewAuthenticate()');
991  header('Location: '.$this->getURL());
992  phpCAS::log( "Prepare redirect to remove ticket: ".$this->getURL() );
993  }else{
994  // the user has already (previously during the session) been
995  // authenticated, nothing to be done.
996  phpCAS::trace('user was already authenticated, no need to look for tickets');
997  }
998  $res = TRUE;
999  }
1000  else {
1001  if ( $this->hasST() ) {
1002  // if a Service Ticket was given, validate it
1003  phpCAS::trace('ST `'.$this->getST().'\' is present');
1004  $this->validateST($validate_url,$text_response,$tree_response); // if it fails, it halts
1005  phpCAS::trace('ST `'.$this->getST().'\' was validated');
1006  if ( $this->isProxy() ) {
1007  $this->validatePGT($validate_url,$text_response,$tree_response); // idem
1008  phpCAS::trace('PGT `'.$this->getPGT().'\' was validated');
1009  $_SESSION['phpCAS']['pgt'] = $this->getPGT();
1010  }
1011  $_SESSION['phpCAS']['user'] = $this->getUser();
1012  $res = TRUE;
1013  }
1014  elseif ( $this->hasPT() ) {
1015  // if a Proxy Ticket was given, validate it
1016  phpCAS::trace('PT `'.$this->getPT().'\' is present');
1017  $this->validatePT($validate_url,$text_response,$tree_response); // note: if it fails, it halts
1018  phpCAS::trace('PT `'.$this->getPT().'\' was validated');
1019  if ( $this->isProxy() ) {
1020  $this->validatePGT($validate_url,$text_response,$tree_response); // idem
1021  phpCAS::trace('PGT `'.$this->getPGT().'\' was validated');
1022  $_SESSION['phpCAS']['pgt'] = $this->getPGT();
1023  }
1024  $_SESSION['phpCAS']['user'] = $this->getUser();
1025  $res = TRUE;
1026  }
1027  elseif ( $this->hasSA() ) {
1028  // if we have a SAML ticket, validate it.
1029  phpCAS::trace('SA `'.$this->getSA().'\' is present');
1030  $this->validateSA($validate_url,$text_response,$tree_response); // if it fails, it halts
1031  phpCAS::trace('SA `'.$this->getSA().'\' was validated');
1032  $_SESSION['phpCAS']['user'] = $this->getUser();
1033  $_SESSION['phpCAS']['attributes'] = $this->getAttributes();
1034  $res = TRUE;
1035  }
1036  else {
1037  // no ticket given, not authenticated
1038  phpCAS::trace('no ticket found');
1039  }
1040  if ($res) {
1041  // if called with a ticket parameter, we need to redirect to the app without the ticket so that CAS-ification is transparent to the browser (for later POSTS)
1042  // most of the checks and errors should have been made now, so we're safe for redirect without masking error messages.
1043  header('Location: '.$this->getURL());
1044  phpCAS::log( "Prepare redirect to : ".$this->getURL() );
1045  }
1046  }
1047 
1048  phpCAS::traceEnd($res);
1049  return $res;
1050  }
CASClient\getURL
getURL()
This method returns the URL of the current request (without any ticket CGI parameter).
Definition: client.php:2621
CASClient\hasSA
hasSA()
This method tells if a SAML Ticket was stored.
Definition: client.php:2487
CASClient\hasPT
hasPT()
This method tells if a Proxy Ticket was stored.
Definition: client.php:2464
$_SESSION
$_SESSION["AccountId"]
Definition: cfg.phpunit.template.php:10
phpCAS
The phpCAS class is a simple container for the phpCAS library.
Definition: CAS.php:341
phpCAS\traceEnd
traceEnd($res='')
This method is used to indicate the end of the execution of a function in debug mode.
Definition: CAS.php:604
CASClient\getAttributes
getAttributes()
Definition: client.php:833
CASClient\getST
getST()
This method returns the Service Ticket provided in the URL of the request.
Definition: client.php:1298
phpCAS\traceBegin
traceBegin()
This method is used to indicate the start of the execution of a function in debug mode...
Definition: CAS.php:577
CASClient\getSA
getSA()
This method returns the SAML Ticket provided in the URL of the request.
Definition: client.php:2471
CASClient\getPGT
getPGT()
This method returns the Proxy Granting Ticket given by the CAS server.
Definition: client.php:1709
CASClient\getPT
getPT()
This method returns the Proxy Ticket provided in the URL of the request.
Definition: client.php:2445
CASClient\isProxy
isProxy()
Tells if a CAS client is a CAS proxy or not.
Definition: client.php:1681
CASClient\validatePGT
validatePGT(&$validate_url, $text_response, $tree_response)
This method is used to validate a PGT; halt on failure.
Definition: client.php:2007
phpCAS\trace
trace($str)
This method is used to log something in debug mode.
Definition: CAS.php:569
CASClient\getUser
getUser()
This method returns the CAS user&#39;s login name.
Definition: client.php:805
phpCAS\log
log($str)
Logs a string in debug mode.
Definition: CAS.php:523
CASClient\hasST
hasST()
This method tells if a Service Ticket was stored.
Definition: client.php:1314
CASClient\wasPreviouslyAuthenticated
wasPreviouslyAuthenticated()
This method tells if the user has already been (previously) authenticated by looking into the session...
Definition: client.php:1072
CASClient\validatePT
validatePT(&$validate_url, &$text_response, &$tree_response)
This method is used to validate a ST or PT; halt on failure Used for all CAS 2.0 validations.
Definition: client.php:2506
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ isLogoutRequest()

CASClient::isLogoutRequest ( )
private
Returns
true if the current request is a logout request.

Definition at line 1183 of file client.php.

References $_POST.

Referenced by CASClient\CASClient(), and CASClient\handleLogoutRequests().

1183  {
1184  return !empty($_POST['logoutRequest']);
1185  }
$_POST
$_POST['username']
Definition: cron.php:12
+ Here is the caller graph for this function:

◆ isLogoutRequestAllowed()

CASClient::isLogoutRequestAllowed ( )
private
Returns
true if a logout request is allowed.

Definition at line 1191 of file client.php.

1191  {
1192  }

◆ isSessionAuthenticated()

CASClient::isSessionAuthenticated ( )

This method tells if the current session is authenticated.

Returns
true if authenticated based soley on $_SESSION variable
Since
0.4.22 by Brendan Arnold

Definition at line 1057 of file client.php.

References $_SESSION.

Referenced by CASClient\wasPreviouslyAuthenticated().

1058  {
1059  return !empty($_SESSION['phpCAS']['user']);
1060  }
$_SESSION
$_SESSION["AccountId"]
Definition: cfg.phpunit.template.php:10
+ Here is the caller graph for this function:

◆ logout()

CASClient::logout (   $params)

This method is used to logout from CAS.

$params an array that contains the optional url and service parameters that will be passed to the CAS server

Definition at line 1154 of file client.php.

References $params, CAS_STR_LOGOUT, CAS_STR_SHOULD_HAVE_BEEN_REDIRECTED, exit, CASClient\getServerLogoutURL(), CASClient\getString(), phpCAS\log(), CASClient\printHTMLFooter(), CASClient\printHTMLHeader(), phpCAS\traceBegin(), and phpCAS\traceExit().

1154  {
1155  phpCAS::traceBegin();
1156  $cas_url = $this->getServerLogoutURL();
1157  $paramSeparator = '?';
1158  if (isset($params['url'])) {
1159  $cas_url = $cas_url . $paramSeparator . "url=" . urlencode($params['url']);
1160  $paramSeparator = '&';
1161  }
1162  if (isset($params['service'])) {
1163  $cas_url = $cas_url . $paramSeparator . "service=" . urlencode($params['service']);
1164  }
1165  header('Location: '.$cas_url);
1166  phpCAS::log( "Prepare redirect to : ".$cas_url );
1167 
1168  session_unset();
1169  session_destroy();
1170 
1171  $this->printHTMLHeader($this->getString(CAS_STR_LOGOUT));
1172  printf('<p>'.$this->getString(CAS_STR_SHOULD_HAVE_BEEN_REDIRECTED).'</p>',$cas_url);
1173  $this->printHTMLFooter();
1174 
1175  phpCAS::traceExit();
1176  exit();
1177  }
exit
exit
Definition: login.php:54
CASClient\getString
getString($str)
This method returns a string depending on the language.
Definition: client.php:221
CASClient\printHTMLHeader
printHTMLHeader($title)
This method prints the header of the HTML output (after filtering).
Definition: client.php:108
CAS_STR_LOGOUT
const CAS_STR_LOGOUT
Definition: languages.php:17
phpCAS\traceBegin
traceBegin()
This method is used to indicate the start of the execution of a function in debug mode...
Definition: CAS.php:577
CASClient\getServerLogoutURL
getServerLogoutURL()
This method is used to retrieve the logout URL of the CAS server.
Definition: client.php:509
CAS_STR_SHOULD_HAVE_BEEN_REDIRECTED
const CAS_STR_SHOULD_HAVE_BEEN_REDIRECTED
Definition: languages.php:18
CASClient\printHTMLFooter
printHTMLFooter()
This method prints the footer of the HTML output (after filtering).
Definition: client.php:136
phpCAS\log
log($str)
Logs a string in debug mode.
Definition: CAS.php:523
phpCAS\traceExit
traceExit()
This method is used to indicate the end of the execution of the program.
Definition: CAS.php:617
$params
$params
Definition: example_049.php:96
+ Here is the call graph for this function:

◆ redirectToCas() [1/2]

CASClient::redirectToCas (   $gateway)

This method is used to redirect the client to the CAS server.

It is used by CASClient::forceAuthentication() and CASClient::checkAuthentication().

Parameters
$gatewaytrue to check authentication, false to force it

Definition at line 743 of file client.php.

References CAS_STR_AUTHENTICATION_WANTED, CAS_STR_SHOULD_HAVE_BEEN_REDIRECTED, exit, CASClient\getServerLoginURL(), CASClient\getString(), CASClient\printHTMLFooter(), CASClient\printHTMLHeader(), phpCAS\traceBegin(), and phpCAS\traceExit().

744  {
745  phpCAS::traceBegin();
746  $cas_url = $this->getServerLoginURL($gateway);
747  header('Location: '.$cas_url);
748  $this->printHTMLHeader($this->getString(CAS_STR_AUTHENTICATION_WANTED));
749  printf('<p>'.$this->getString(CAS_STR_SHOULD_HAVE_BEEN_REDIRECTED).'</p>',$cas_url);
750  $this->printHTMLFooter();
751  phpCAS::traceExit();
752  exit();
753  }
exit
exit
Definition: login.php:54
CASClient\getString
getString($str)
This method returns a string depending on the language.
Definition: client.php:221
CASClient\printHTMLHeader
printHTMLHeader($title)
This method prints the header of the HTML output (after filtering).
Definition: client.php:108
phpCAS\traceBegin
traceBegin()
This method is used to indicate the start of the execution of a function in debug mode...
Definition: CAS.php:577
CAS_STR_AUTHENTICATION_WANTED
const CAS_STR_AUTHENTICATION_WANTED
Definition: languages.php:16
CAS_STR_SHOULD_HAVE_BEEN_REDIRECTED
const CAS_STR_SHOULD_HAVE_BEEN_REDIRECTED
Definition: languages.php:18
CASClient\getServerLoginURL
getServerLoginURL($gateway=false, $renew=false)
This method is used to retrieve the login URL of the CAS server.
Definition: client.php:353
CASClient\printHTMLFooter
printHTMLFooter()
This method prints the footer of the HTML output (after filtering).
Definition: client.php:136
phpCAS\traceExit
traceExit()
This method is used to indicate the end of the execution of the program.
Definition: CAS.php:617
+ Here is the call graph for this function:

◆ redirectToCas() [2/2]

CASClient::redirectToCas (   $gateway = false,
  $renew = false 
)

This method is used to redirect the client to the CAS server.

It is used by CASClient::forceAuthentication() and CASClient::checkAuthentication().

Parameters
$gatewaytrue to check authentication, false to force it
$renewtrue to force the authentication with the CAS server

Definition at line 1133 of file client.php.

References CAS_STR_AUTHENTICATION_WANTED, CAS_STR_SHOULD_HAVE_BEEN_REDIRECTED, exit, CASClient\getServerLoginURL(), CASClient\getString(), phpCAS\log(), CASClient\printHTMLFooter(), CASClient\printHTMLHeader(), phpCAS\traceBegin(), and phpCAS\traceExit().

Referenced by CASClient\checkAuthentication(), CASClient\forceAuthentication(), and CASClient\renewAuthentication().

1133  {
1134  phpCAS::traceBegin();
1135  $cas_url = $this->getServerLoginURL($gateway,$renew);
1136  header('Location: '.$cas_url);
1137  phpCAS::log( "Redirect to : ".$cas_url );
1138 
1139  $this->printHTMLHeader($this->getString(CAS_STR_AUTHENTICATION_WANTED));
1140 
1141  printf('<p>'.$this->getString(CAS_STR_SHOULD_HAVE_BEEN_REDIRECTED).'</p>',$cas_url);
1142  $this->printHTMLFooter();
1143 
1144  phpCAS::traceExit();
1145  exit();
1146  }
exit
exit
Definition: login.php:54
CASClient\getString
getString($str)
This method returns a string depending on the language.
Definition: client.php:221
CASClient\printHTMLHeader
printHTMLHeader($title)
This method prints the header of the HTML output (after filtering).
Definition: client.php:108
phpCAS\traceBegin
traceBegin()
This method is used to indicate the start of the execution of a function in debug mode...
Definition: CAS.php:577
CAS_STR_AUTHENTICATION_WANTED
const CAS_STR_AUTHENTICATION_WANTED
Definition: languages.php:16
CAS_STR_SHOULD_HAVE_BEEN_REDIRECTED
const CAS_STR_SHOULD_HAVE_BEEN_REDIRECTED
Definition: languages.php:18
CASClient\getServerLoginURL
getServerLoginURL($gateway=false, $renew=false)
This method is used to retrieve the login URL of the CAS server.
Definition: client.php:353
CASClient\printHTMLFooter
printHTMLFooter()
This method prints the footer of the HTML output (after filtering).
Definition: client.php:136
phpCAS\log
log($str)
Logs a string in debug mode.
Definition: CAS.php:523
phpCAS\traceExit
traceExit()
This method is used to indicate the end of the execution of the program.
Definition: CAS.php:617
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ renewAuthentication()

CASClient::renewAuthentication ( )

This method is called to renew the authentication of the user If the user is authenticated, renew the connection If not, redirect to CAS.

Definition at line 858 of file client.php.

References $_SESSION, CASClient\isAuthenticated(), CASClient\redirectToCas(), phpCAS\trace(), phpCAS\traceBegin(), and phpCAS\traceEnd().

858  {
859  phpCAS::traceBegin();
860  // Either way, the user is authenticated by CAS
861  if( isset( $_SESSION['phpCAS']['auth_checked'] ) )
862  unset($_SESSION['phpCAS']['auth_checked']);
863  if ( $this->isAuthenticated() ) {
864  phpCAS::trace('user already authenticated; renew');
865  $this->redirectToCas(false,true);
866  } else {
867  $this->redirectToCas();
868  }
869  phpCAS::traceEnd();
870  }
$_SESSION
$_SESSION["AccountId"]
Definition: cfg.phpunit.template.php:10
phpCAS\traceEnd
traceEnd($res='')
This method is used to indicate the end of the execution of a function in debug mode.
Definition: CAS.php:604
CASClient\redirectToCas
redirectToCas($gateway=false, $renew=false)
This method is used to redirect the client to the CAS server.
Definition: client.php:1133
phpCAS\traceBegin
traceBegin()
This method is used to indicate the start of the execution of a function in debug mode...
Definition: CAS.php:577
phpCAS\trace
trace($str)
This method is used to log something in debug mode.
Definition: CAS.php:569
CASClient\isAuthenticated
isAuthenticated()
This method is called to check if the user is authenticated (previously or by tickets given in the UR...
Definition: client.php:981
+ Here is the call graph for this function:

◆ setAttributes()

CASClient::setAttributes (   $attributes)

Definition at line 830 of file client.php.

Referenced by CASClient\wasPreviouslyAuthenticated().

831  { $this->_attributes = $attributes; }
+ Here is the caller graph for this function:

◆ setCacheTimesForAuthRecheck()

CASClient::setCacheTimesForAuthRecheck (   $n)

Set the number of times authentication will be cached before rechecked.

Parameters
$nan integer.

Definition at line 914 of file client.php.

References $n.

915  {
916  $this->_cache_times_for_auth_recheck = $n;
917  }
$n
$n
Definition: RandomTest.php:80

◆ setUser()

CASClient::setUser (   $user)
private

This method sets the CAS user's login name.

Parameters
$userthe login name of the authenticated user.

Definition at line 793 of file client.php.

Referenced by CASClient\validateSA(), CASClient\validateST(), and CASClient\wasPreviouslyAuthenticated().

794  {
795  $this->_user = $user;
796  }
+ Here is the caller graph for this function:

◆ wasPreviouslyAuthenticated()

CASClient::wasPreviouslyAuthenticated ( )
private

This method tells if the user has already been (previously) authenticated by looking into the session variables.

Note
This function switches to callback mode when needed.
Returns
TRUE when the user has already been authenticated; FALSE otherwise.

Definition at line 1072 of file client.php.

References $_SESSION, $auth, CASClient\callback(), CASClient\isCallbackMode(), CASClient\isProxy(), CASClient\isSessionAuthenticated(), CASClient\setAttributes(), CASClient\setPGT(), CASClient\setPT(), CASClient\setST(), CASClient\setUser(), phpCAS\trace(), phpCAS\traceBegin(), and phpCAS\traceEnd().

Referenced by CASClient\isAuthenticated().

1073  {
1074  phpCAS::traceBegin();
1075 
1076  if ( $this->isCallbackMode() ) {
1077  $this->callback();
1078  }
1079 
1080  $auth = FALSE;
1081 
1082  if ( $this->isProxy() ) {
1083  // CAS proxy: username and PGT must be present
1084  if ( $this->isSessionAuthenticated() && !empty($_SESSION['phpCAS']['pgt']) ) {
1085  // authentication already done
1086  $this->setUser($_SESSION['phpCAS']['user']);
1087  $this->setPGT($_SESSION['phpCAS']['pgt']);
1088  phpCAS::trace('user = `'.$_SESSION['phpCAS']['user'].'\', PGT = `'.$_SESSION['phpCAS']['pgt'].'\'');
1089  $auth = TRUE;
1090  } elseif ( $this->isSessionAuthenticated() && empty($_SESSION['phpCAS']['pgt']) ) {
1091  // these two variables should be empty or not empty at the same time
1092  phpCAS::trace('username found (`'.$_SESSION['phpCAS']['user'].'\') but PGT is empty');
1093  // unset all tickets to enforce authentication
1094  unset($_SESSION['phpCAS']);
1095  $this->setST('');
1096  $this->setPT('');
1097  } elseif ( !$this->isSessionAuthenticated() && !empty($_SESSION['phpCAS']['pgt']) ) {
1098  // these two variables should be empty or not empty at the same time
1099  phpCAS::trace('PGT found (`'.$_SESSION['phpCAS']['pgt'].'\') but username is empty');
1100  // unset all tickets to enforce authentication
1101  unset($_SESSION['phpCAS']);
1102  $this->setST('');
1103  $this->setPT('');
1104  } else {
1105  phpCAS::trace('neither user not PGT found');
1106  }
1107  } else {
1108  // `simple' CAS client (not a proxy): username must be present
1109  if ( $this->isSessionAuthenticated() ) {
1110  // authentication already done
1111  $this->setUser($_SESSION['phpCAS']['user']);
1112  if(isset($_SESSION['phpCAS']['attributes'])){
1113  $this->setAttributes($_SESSION['phpCAS']['attributes']);
1114  }
1115  phpCAS::trace('user = `'.$_SESSION['phpCAS']['user'].'\'');
1116  $auth = TRUE;
1117  } else {
1118  phpCAS::trace('no user found');
1119  }
1120  }
1121 
1122  phpCAS::traceEnd($auth);
1123  return $auth;
1124  }
CASClient\callback
callback()
This method is called by CASClient::CASClient() when running in callback mode.
Definition: client.php:1849
$_SESSION
$_SESSION["AccountId"]
Definition: cfg.phpunit.template.php:10
phpCAS
The phpCAS class is a simple container for the phpCAS library.
Definition: CAS.php:341
CASClient\setPGT
setPGT($pgt)
This method stores the Proxy Granting Ticket.
Definition: client.php:1717
CASClient\setAttributes
setAttributes($attributes)
Definition: client.php:830
CASClient\setST
setST($st)
This method stores the Service Ticket.
Definition: client.php:1306
phpCAS\traceEnd
traceEnd($res='')
This method is used to indicate the end of the execution of a function in debug mode.
Definition: CAS.php:604
$auth
$auth
Definition: inc.check_pear.php:55
CASClient\setUser
setUser($user)
This method sets the CAS user&#39;s login name.
Definition: client.php:793
phpCAS\traceBegin
traceBegin()
This method is used to indicate the start of the execution of a function in debug mode...
Definition: CAS.php:577
CASClient\isSessionAuthenticated
isSessionAuthenticated()
This method tells if the current session is authenticated.
Definition: client.php:1057
CASClient\setPT
setPT($pt)
This method stores the Proxy Ticket.
Definition: client.php:2456
CASClient\isProxy
isProxy()
Tells if a CAS client is a CAS proxy or not.
Definition: client.php:1681
phpCAS\trace
trace($str)
This method is used to log something in debug mode.
Definition: CAS.php:569
CASClient\isCallbackMode
isCallbackMode()
This method returns TRUE when the CAs client is running i callback mode, FALSE otherwise.
Definition: client.php:1772
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

Variable Documentation

◆ $_attributes

CASClient::$_attributes
private

The Authenticated users attributes.

Written by CASClient::setAttributes(), read by CASClient::getAttributes().

Attention
client applications should use phpCAS::getAttributes().

Definition at line 828 of file client.php.

Referenced by CASClient\getAttributes().

◆ $_cache_times_for_auth_recheck

CASClient::$_cache_times_for_auth_recheck
private

An integer that gives the number of times authentication will be cached before rechecked.

Definition at line 905 of file client.php.

◆ $_user

CASClient::$_user
private

The Authenticated user.

Written by CASClient::setUser(), read by CASClient::getUser().

Attention
client applications should use phpCAS::getUser().

Definition at line 784 of file client.php.

Referenced by CASClient\CASClient(), and CASClient\getUser().