ILIAS  release_5-1 Revision 5.0.0-5477-g43f3e3fab5f
Functions | Variables
Authentication
Implementation
+ Collaboration diagram for Authentication:

Functions

 CASClient::setUser ($user)
 This method sets the CAS user's login name. More...
 
 CASClient::getUser ()
 This method returns the CAS user's login name. More...
 
 CASClient::setAttributes ($attributes)
 
 CASClient::getAttributes ()
 
 CASClient::hasAttributes ()
 
 CASClient::hasAttribute ($key)
 
 CASClient::getAttribute ($key)
 
 CASClient::renewAuthentication ()
 This method is called to renew the authentication of the user If the user is authenticated, renew the connection If not, redirect to CAS. More...
 
 CASClient::forceAuthentication ()
 This method is called to be sure that the user is authenticated. More...
 
 CASClient::setCacheTimesForAuthRecheck ($n)
 Set the number of times authentication will be cached before rechecked. More...
 
 CASClient::checkAuthentication ()
 This method is called to check whether the user is authenticated or not. More...
 
 CASClient::isAuthenticated ()
 This method is called to check if the user is authenticated (previously or by tickets given in the URL). More...
 
 CASClient::isSessionAuthenticated ()
 This method tells if the current session is authenticated. More...
 
 CASClient::wasPreviouslyAuthenticated ()
 This method tells if the user has already been (previously) authenticated by looking into the session variables. More...
 
 CASClient::redirectToCas ($gateway=false, $renew=false)
 This method is used to redirect the client to the CAS server. More...
 
 CASClient::logout ($params)
 This method is used to logout from CAS. More...
 
 CASClient::isLogoutRequest ()
 
 CASClient::isLogoutRequestAllowed ()
 
 CASClient::handleLogoutRequests ($check_client=true, $allowed_clients=false)
 This method handles logout requests. More...
 
 CASClient::redirectToCas ($gateway)
 This method is used to redirect the client to the CAS server. More...
 

Variables

 CASClient::$_user
 The Authenticated user. More...
 
 CASClient::$_attributes
 The Authenticated users attributes. More...
 
 CASClient::$_cache_times_for_auth_recheck
 An integer that gives the number of times authentication will be cached before rechecked. More...
 

Detailed Description

Function Documentation

◆ checkAuthentication()

CASClient::checkAuthentication ( )

This method is called to check whether the user is authenticated or not.

Returns
TRUE when the user is authenticated, FALSE otherwise.

Definition at line 924 of file client.php.

925 {
926 phpCAS::traceBegin();
927
928 if ( $this->isAuthenticated() ) {
929 phpCAS::trace('user is authenticated');
930 $res = TRUE;
931 } else if (isset($_SESSION['phpCAS']['auth_checked'])) {
932 // the previous request has redirected the client to the CAS server with gateway=true
933 unset($_SESSION['phpCAS']['auth_checked']);
934 $res = FALSE;
935 } else {
936 // $_SESSION['phpCAS']['auth_checked'] = true;
937 // $this->redirectToCas(TRUE/* gateway */);
938 // // never reached
939 // $res = FALSE;
940 // avoid a check against CAS on every request
941 if (! isset($_SESSION['phpCAS']['unauth_count']) )
942 $_SESSION['phpCAS']['unauth_count'] = -2; // uninitialized
943
944 if (($_SESSION['phpCAS']['unauth_count'] != -2 && $this->_cache_times_for_auth_recheck == -1)
945 || ($_SESSION['phpCAS']['unauth_count'] >= 0 && $_SESSION['phpCAS']['unauth_count'] < $this->_cache_times_for_auth_recheck))
946 {
947 $res = FALSE;
948
949 if ($this->_cache_times_for_auth_recheck != -1)
950 {
951 $_SESSION['phpCAS']['unauth_count']++;
952 phpCAS::trace('user is not authenticated (cached for '.$_SESSION['phpCAS']['unauth_count'].' times of '.$this->_cache_times_for_auth_recheck.')');
953 }
954 else
955 {
956 phpCAS::trace('user is not authenticated (cached for until login pressed)');
957 }
958 }
959 else
960 {
961 $_SESSION['phpCAS']['unauth_count'] = 0;
962 $_SESSION['phpCAS']['auth_checked'] = true;
963 phpCAS::trace('user is not authenticated (cache reset)');
964 $this->redirectToCas(TRUE/* gateway */);
965 // never reached
966 $res = FALSE;
967 }
968 }
969 phpCAS::traceEnd($res);
970 return $res;
971 }
$_SESSION
$_SESSION["AccountId"]
Definition: cfg.phpunit.template.php:10
CASClient\isAuthenticated
isAuthenticated()
This method is called to check if the user is authenticated (previously or by tickets given in the UR...
Definition: client.php:981
CASClient\redirectToCas
redirectToCas($gateway=false, $renew=false)
This method is used to redirect the client to the CAS server.
Definition: client.php:1133
phpCAS\trace
trace($str)
This method is used to log something in debug mode.
Definition: CAS.php:569
phpCAS\traceBegin
traceBegin()
This method is used to indicate the start of the execution of a function in debug mode.
Definition: CAS.php:577
phpCAS\traceEnd
traceEnd($res='')
This method is used to indicate the end of the execution of a function in debug mode.
Definition: CAS.php:604

References $_SESSION, $res, CASClient\isAuthenticated(), CASClient\redirectToCas(), phpCAS\trace(), phpCAS\traceBegin(), and phpCAS\traceEnd().

+ Here is the call graph for this function:

◆ forceAuthentication()

CASClient::forceAuthentication ( )

This method is called to be sure that the user is authenticated.

When not authenticated, halt by redirecting to the CAS server; otherwise return TRUE.

Returns
TRUE when the user is authenticated; otherwise halt.

Definition at line 878 of file client.php.

879 {
880 phpCAS::traceBegin();
881
882 if ( $this->isAuthenticated() ) {
883 // the user is authenticated, nothing to be done.
884 phpCAS::trace('no need to authenticate');
885 $res = TRUE;
886 } else {
887 // the user is not authenticated, redirect to the CAS server
888 if (isset($_SESSION['phpCAS']['auth_checked'])) {
889 unset($_SESSION['phpCAS']['auth_checked']);
890 }
891 $this->redirectToCas(FALSE/* no gateway */);
892 // never reached
893 $res = FALSE;
894 }
895 phpCAS::traceEnd($res);
896 return $res;
897 }

References $_SESSION, $res, CASClient\isAuthenticated(), CASClient\redirectToCas(), phpCAS\trace(), phpCAS\traceBegin(), and phpCAS\traceEnd().

+ Here is the call graph for this function:

◆ getAttribute()

CASClient::getAttribute (   $key)

Definition at line 846 of file client.php.

846 {
847 if($this->hasAttribute($key)) {
848 return $this->_attributes[$key];
849 }
850 }
CASClient\hasAttribute
hasAttribute($key)
Definition: client.php:843

References CASClient\hasAttribute().

+ Here is the call graph for this function:

◆ getAttributes()

CASClient::getAttributes ( )

Definition at line 833 of file client.php.

833 {
834 if ( empty($this->_user) ) { // if no user is set, there shouldn't be any attributes also...
835 phpCAS::error('this method should be used only after '.__CLASS__.'::forceAuthentication() or '.__CLASS__.'::isAuthenticated()');
836 }
837 return $this->_attributes;
838 }
CASClient\$_attributes
$_attributes
The Authenticated users attributes.
Definition: client.php:828
phpCAS\error
error($msg)
This method is used by interface methods to print an error and where the function was originally call...
Definition: CAS.php:544

References CASClient\$_attributes, and phpCAS\error().

Referenced by CASClient\isAuthenticated().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getUser()

CASClient::getUser ( )

This method returns the CAS user's login name.

Warning
should be called only after CASClient::forceAuthentication() or CASClient::isAuthenticated(), otherwise halt with an error.
Returns
the login name of the authenticated user

Definition at line 805 of file client.php.

806 {
807 if ( empty($this->_user) ) {
808 phpCAS::error('this method should be used only after '.__CLASS__.'::forceAuthentication() or '.__CLASS__.'::isAuthenticated()');
809 }
810 return $this->_user;
811 }
CASClient\$_user
$_user
The Authenticated user.
Definition: client.php:784

References CASClient\$_user, and phpCAS\error().

Referenced by CASClient\isAuthenticated().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ handleLogoutRequests()

CASClient::handleLogoutRequests (   $check_client = true,
  $allowed_clients = false 
)

This method handles logout requests.

Parameters
$check_clienttrue to check the client bofore handling the request, false not to perform any access control. True by default.
$allowed_clientsan array of host names allowed to send logout requests. By default, only the CAs server (declared in the constructor) will be allowed.

Definition at line 1202 of file client.php.

1202 {
1203 phpCAS::traceBegin();
1204 if (!$this->isLogoutRequest()) {
1205 phpCAS::log("Not a logout request");
1206 phpCAS::traceEnd();
1207 return;
1208 }
1209 if(!$this->_start_session){
1210 phpCAS::log("phpCAS can't handle logout requests if it does not manage the session.");
1211 }
1212 phpCAS::log("Logout requested");
1213 phpCAS::log("SAML REQUEST: ".$_POST['logoutRequest']);
1214 if ($check_client) {
1215 if (!$allowed_clients) {
1216 $allowed_clients = array( $this->getServerHostname() );
1217 }
1218 $client_ip = $_SERVER['REMOTE_ADDR'];
1219 $client = gethostbyaddr($client_ip);
1220 phpCAS::log("Client: ".$client."/".$client_ip);
1221 $allowed = false;
1222 foreach ($allowed_clients as $allowed_client) {
1223 if (($client == $allowed_client) or ($client_ip == $allowed_client)) {
1224 phpCAS::log("Allowed client '".$allowed_client."' matches, logout request is allowed");
1225 $allowed = true;
1226 break;
1227 } else {
1228 phpCAS::log("Allowed client '".$allowed_client."' does not match");
1229 }
1230 }
1231 if (!$allowed) {
1232 phpCAS::error("Unauthorized logout request from client '".$client."'");
1233 printf("Unauthorized!");
1234 phpCAS::traceExit();
1235 exit();
1236 }
1237 } else {
1238 phpCAS::log("No access control set");
1239 }
1240 // Extract the ticket from the SAML Request
1241 preg_match("|<samlp:SessionIndex>(.*)</samlp:SessionIndex>|", $_POST['logoutRequest'], $tick, PREG_OFFSET_CAPTURE, 3);
1242 $wrappedSamlSessionIndex = preg_replace('|<samlp:SessionIndex>|','',$tick[0][0]);
1243 $ticket2logout = preg_replace('|</samlp:SessionIndex>|','',$wrappedSamlSessionIndex);
1244 phpCAS::log("Ticket to logout: ".$ticket2logout);
1245 $session_id = preg_replace('/[^\w]/','',$ticket2logout);
1246 phpCAS::log("Session id: ".$session_id);
1247
1248 // destroy a possible application session created before phpcas
1249 if(session_id()){
1250 session_unset();
1251 session_destroy();
1252 }
1253 // fix session ID
1254 session_id($session_id);
1255 $_COOKIE[session_name()]=$session_id;
1256 $_GET[session_name()]=$session_id;
1257
1258 // Overwrite session
1259 session_start();
1260 session_unset();
1261 session_destroy();
1262 printf("Disconnected!");
1263 phpCAS::traceExit();
1264 exit();
1265 }
$_GET
$_GET["client_id"]
Definition: cfg.phpunit.template.php:12
$_POST
$_POST['username']
Definition: cron.php:12
$_COOKIE
$_COOKIE["ilClientId"]
Definition: cron.php:11
CASClient\isLogoutRequest
isLogoutRequest()
Definition: client.php:1183
CASClient\getServerHostname
getServerHostname()
This method is used to retrieve the hostname of the CAS server.
Definition: client.php:307
phpCAS\traceExit
traceExit()
This method is used to indicate the end of the execution of the program.
Definition: CAS.php:617
phpCAS\log
log($str)
Logs a string in debug mode.
Definition: CAS.php:523
exit
exit
Definition: login.php:54
$_SERVER
if((!isset($_SERVER['DOCUMENT_ROOT'])) OR(empty($_SERVER['DOCUMENT_ROOT']))) $_SERVER['DOCUMENT_ROOT']
Definition: tcpdf_autoconfig.php:54

References $_COOKIE, $_GET, $_POST, $_SERVER, $client, phpCAS\error(), exit, CASClient\getServerHostname(), CASClient\isLogoutRequest(), phpCAS\log(), phpCAS\traceBegin(), phpCAS\traceEnd(), and phpCAS\traceExit().

+ Here is the call graph for this function:

◆ hasAttribute()

CASClient::hasAttribute (   $key)

Definition at line 843 of file client.php.

844 { return (is_array($this->_attributes) && array_key_exists($key, $this->_attributes)); }

Referenced by CASClient\getAttribute().

+ Here is the caller graph for this function:

◆ hasAttributes()

CASClient::hasAttributes ( )

Definition at line 840 of file client.php.

841 { return !empty($this->_attributes); }

◆ isAuthenticated()

CASClient::isAuthenticated ( )

This method is called to check if the user is authenticated (previously or by tickets given in the URL).

Returns
TRUE when the user is authenticated. Also may redirect to the same URL without the ticket.

Definition at line 981 of file client.php.

982 {
983 phpCAS::traceBegin();
984 $res = FALSE;
985 $validate_url = '';
986
987 if ( $this->wasPreviouslyAuthenticated() ) {
988 if($this->hasST() || $this->hasPT() || $this->hasSA()){
989 // User has a additional ticket but was already authenticated
990 phpCAS::trace('ticket was present and will be discarded, use renewAuthenticate()');
991 header('Location: '.$this->getURL());
992 phpCAS::log( "Prepare redirect to remove ticket: ".$this->getURL() );
993 }else{
994 // the user has already (previously during the session) been
995 // authenticated, nothing to be done.
996 phpCAS::trace('user was already authenticated, no need to look for tickets');
997 }
998 $res = TRUE;
999 }
1000 else {
1001 if ( $this->hasST() ) {
1002 // if a Service Ticket was given, validate it
1003 phpCAS::trace('ST `'.$this->getST().'\' is present');
1004 $this->validateST($validate_url,$text_response,$tree_response); // if it fails, it halts
1005 phpCAS::trace('ST `'.$this->getST().'\' was validated');
1006 if ( $this->isProxy() ) {
1007 $this->validatePGT($validate_url,$text_response,$tree_response); // idem
1008 phpCAS::trace('PGT `'.$this->getPGT().'\' was validated');
1009 $_SESSION['phpCAS']['pgt'] = $this->getPGT();
1010 }
1011 $_SESSION['phpCAS']['user'] = $this->getUser();
1012 $res = TRUE;
1013 }
1014 elseif ( $this->hasPT() ) {
1015 // if a Proxy Ticket was given, validate it
1016 phpCAS::trace('PT `'.$this->getPT().'\' is present');
1017 $this->validatePT($validate_url,$text_response,$tree_response); // note: if it fails, it halts
1018 phpCAS::trace('PT `'.$this->getPT().'\' was validated');
1019 if ( $this->isProxy() ) {
1020 $this->validatePGT($validate_url,$text_response,$tree_response); // idem
1021 phpCAS::trace('PGT `'.$this->getPGT().'\' was validated');
1022 $_SESSION['phpCAS']['pgt'] = $this->getPGT();
1023 }
1024 $_SESSION['phpCAS']['user'] = $this->getUser();
1025 $res = TRUE;
1026 }
1027 elseif ( $this->hasSA() ) {
1028 // if we have a SAML ticket, validate it.
1029 phpCAS::trace('SA `'.$this->getSA().'\' is present');
1030 $this->validateSA($validate_url,$text_response,$tree_response); // if it fails, it halts
1031 phpCAS::trace('SA `'.$this->getSA().'\' was validated');
1032 $_SESSION['phpCAS']['user'] = $this->getUser();
1033 $_SESSION['phpCAS']['attributes'] = $this->getAttributes();
1034 $res = TRUE;
1035 }
1036 else {
1037 // no ticket given, not authenticated
1038 phpCAS::trace('no ticket found');
1039 }
1040 if ($res) {
1041 // if called with a ticket parameter, we need to redirect to the app without the ticket so that CAS-ification is transparent to the browser (for later POSTS)
1042 // most of the checks and errors should have been made now, so we're safe for redirect without masking error messages.
1043 header('Location: '.$this->getURL());
1044 phpCAS::log( "Prepare redirect to : ".$this->getURL() );
1045 }
1046 }
1047
1048 phpCAS::traceEnd($res);
1049 return $res;
1050 }
phpCAS
The phpCAS class is a simple container for the phpCAS library.
Definition: CAS.php:341
CASClient\getAttributes
getAttributes()
Definition: client.php:833
CASClient\getUser
getUser()
This method returns the CAS user's login name.
Definition: client.php:805
CASClient\wasPreviouslyAuthenticated
wasPreviouslyAuthenticated()
This method tells if the user has already been (previously) authenticated by looking into the session...
Definition: client.php:1072
CASClient\hasST
hasST()
This method tells if a Service Ticket was stored.
Definition: client.php:1314
CASClient\getST
getST()
This method returns the Service Ticket provided in the URL of the request.
Definition: client.php:1298
CASClient\getURL
getURL()
This method returns the URL of the current request (without any ticket CGI parameter).
Definition: client.php:2621
CASClient\validatePGT
validatePGT(&$validate_url, $text_response, $tree_response)
This method is used to validate a PGT; halt on failure.
Definition: client.php:2007
CASClient\validatePT
validatePT(&$validate_url, &$text_response, &$tree_response)
This method is used to validate a ST or PT; halt on failure Used for all CAS 2.0 validations.
Definition: client.php:2506
CASClient\hasSA
hasSA()
This method tells if a SAML Ticket was stored.
Definition: client.php:2487
CASClient\hasPT
hasPT()
This method tells if a Proxy Ticket was stored.
Definition: client.php:2464
CASClient\getSA
getSA()
This method returns the SAML Ticket provided in the URL of the request.
Definition: client.php:2471
CASClient\getPT
getPT()
This method returns the Proxy Ticket provided in the URL of the request.
Definition: client.php:2445
CASClient\isProxy
isProxy()
Tells if a CAS client is a CAS proxy or not.
Definition: client.php:1681
CASClient\getPGT
getPGT()
This method returns the Proxy Granting Ticket given by the CAS server.
Definition: client.php:1709

References $_SESSION, $res, CASClient\getAttributes(), CASClient\getPGT(), CASClient\getPT(), CASClient\getSA(), CASClient\getST(), CASClient\getURL(), CASClient\getUser(), CASClient\hasPT(), CASClient\hasSA(), CASClient\hasST(), CASClient\isProxy(), phpCAS\log(), phpCAS\trace(), phpCAS\traceBegin(), phpCAS\traceEnd(), CASClient\validatePGT(), CASClient\validatePT(), and CASClient\wasPreviouslyAuthenticated().

Referenced by CASClient\checkAuthentication(), CASClient\forceAuthentication(), and CASClient\renewAuthentication().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ isLogoutRequest()

CASClient::isLogoutRequest ( )
private
Returns
true if the current request is a logout request.

Definition at line 1183 of file client.php.

1183 {
1184 return !empty($_POST['logoutRequest']);
1185 }

References $_POST.

Referenced by CASClient\CASClient(), and CASClient\handleLogoutRequests().

+ Here is the caller graph for this function:

◆ isLogoutRequestAllowed()

CASClient::isLogoutRequestAllowed ( )
private
Returns
true if a logout request is allowed.

Definition at line 1191 of file client.php.

1191 {
1192 }

◆ isSessionAuthenticated()

CASClient::isSessionAuthenticated ( )

This method tells if the current session is authenticated.

Returns
true if authenticated based soley on $_SESSION variable
Since
0.4.22 by Brendan Arnold

Definition at line 1057 of file client.php.

1058 {
1059 return !empty($_SESSION['phpCAS']['user']);
1060 }

References $_SESSION.

Referenced by CASClient\wasPreviouslyAuthenticated().

+ Here is the caller graph for this function:

◆ logout()

CASClient::logout (   $params)

This method is used to logout from CAS.

@params $params an array that contains the optional url and service parameters that will be passed to the CAS server

Definition at line 1154 of file client.php.

1154 {
1155 phpCAS::traceBegin();
1156 $cas_url = $this->getServerLogoutURL();
1157 $paramSeparator = '?';
1158 if (isset($params['url'])) {
1159 $cas_url = $cas_url . $paramSeparator . "url=" . urlencode($params['url']);
1160 $paramSeparator = '&';
1161 }
1162 if (isset($params['service'])) {
1163 $cas_url = $cas_url . $paramSeparator . "service=" . urlencode($params['service']);
1164 }
1165 header('Location: '.$cas_url);
1166 phpCAS::log( "Prepare redirect to : ".$cas_url );
1167
1168 session_unset();
1169 session_destroy();
1170
1171 $this->printHTMLHeader($this->getString(CAS_STR_LOGOUT));
1172 printf('<p>'.$this->getString(CAS_STR_SHOULD_HAVE_BEEN_REDIRECTED).'</p>',$cas_url);
1173 $this->printHTMLFooter();
1174
1175 phpCAS::traceExit();
1176 exit();
1177 }
$params
$params
Definition: example_049.php:96
CASClient\getServerLogoutURL
getServerLogoutURL()
This method is used to retrieve the logout URL of the CAS server.
Definition: client.php:509
CASClient\getString
getString($str)
This method returns a string depending on the language.
Definition: client.php:221
CASClient\printHTMLHeader
printHTMLHeader($title)
This method prints the header of the HTML output (after filtering).
Definition: client.php:108
CASClient\printHTMLFooter
printHTMLFooter()
This method prints the footer of the HTML output (after filtering).
Definition: client.php:136
CAS_STR_LOGOUT
const CAS_STR_LOGOUT
Definition: languages.php:17
CAS_STR_SHOULD_HAVE_BEEN_REDIRECTED
const CAS_STR_SHOULD_HAVE_BEEN_REDIRECTED
Definition: languages.php:18

References $params, CAS_STR_LOGOUT, CAS_STR_SHOULD_HAVE_BEEN_REDIRECTED, exit, CASClient\getServerLogoutURL(), CASClient\getString(), phpCAS\log(), CASClient\printHTMLFooter(), CASClient\printHTMLHeader(), phpCAS\traceBegin(), and phpCAS\traceExit().

+ Here is the call graph for this function:

◆ redirectToCas() [1/2]

CASClient::redirectToCas (   $gateway)

This method is used to redirect the client to the CAS server.

It is used by CASClient::forceAuthentication() and CASClient::checkAuthentication().

Parameters
$gatewaytrue to check authentication, false to force it

Definition at line 743 of file client.php.

744 {
745 phpCAS::traceBegin();
746 $cas_url = $this->getServerLoginURL($gateway);
747 header('Location: '.$cas_url);
748 $this->printHTMLHeader($this->getString(CAS_STR_AUTHENTICATION_WANTED));
749 printf('<p>'.$this->getString(CAS_STR_SHOULD_HAVE_BEEN_REDIRECTED).'</p>',$cas_url);
750 $this->printHTMLFooter();
751 phpCAS::traceExit();
752 exit();
753 }
CASClient\getServerLoginURL
getServerLoginURL($gateway=false, $renew=false)
This method is used to retrieve the login URL of the CAS server.
Definition: client.php:353
CAS_STR_AUTHENTICATION_WANTED
const CAS_STR_AUTHENTICATION_WANTED
Definition: languages.php:16

References CAS_STR_AUTHENTICATION_WANTED, CAS_STR_SHOULD_HAVE_BEEN_REDIRECTED, exit, CASClient\getServerLoginURL(), CASClient\getString(), CASClient\printHTMLFooter(), CASClient\printHTMLHeader(), phpCAS\traceBegin(), and phpCAS\traceExit().

+ Here is the call graph for this function:

◆ redirectToCas() [2/2]

CASClient::redirectToCas (   $gateway = false,
  $renew = false 
)

This method is used to redirect the client to the CAS server.

It is used by CASClient::forceAuthentication() and CASClient::checkAuthentication().

Parameters
$gatewaytrue to check authentication, false to force it
$renewtrue to force the authentication with the CAS server

Definition at line 1133 of file client.php.

1133 {
1134 phpCAS::traceBegin();
1135 $cas_url = $this->getServerLoginURL($gateway,$renew);
1136 header('Location: '.$cas_url);
1137 phpCAS::log( "Redirect to : ".$cas_url );
1138
1139 $this->printHTMLHeader($this->getString(CAS_STR_AUTHENTICATION_WANTED));
1140
1141 printf('<p>'.$this->getString(CAS_STR_SHOULD_HAVE_BEEN_REDIRECTED).'</p>',$cas_url);
1142 $this->printHTMLFooter();
1143
1144 phpCAS::traceExit();
1145 exit();
1146 }

References CAS_STR_AUTHENTICATION_WANTED, CAS_STR_SHOULD_HAVE_BEEN_REDIRECTED, exit, CASClient\getServerLoginURL(), CASClient\getString(), phpCAS\log(), CASClient\printHTMLFooter(), CASClient\printHTMLHeader(), phpCAS\traceBegin(), and phpCAS\traceExit().

Referenced by CASClient\checkAuthentication(), CASClient\forceAuthentication(), and CASClient\renewAuthentication().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ renewAuthentication()

CASClient::renewAuthentication ( )

This method is called to renew the authentication of the user If the user is authenticated, renew the connection If not, redirect to CAS.

Definition at line 858 of file client.php.

858 {
859 phpCAS::traceBegin();
860 // Either way, the user is authenticated by CAS
861 if( isset( $_SESSION['phpCAS']['auth_checked'] ) )
862 unset($_SESSION['phpCAS']['auth_checked']);
863 if ( $this->isAuthenticated() ) {
864 phpCAS::trace('user already authenticated; renew');
865 $this->redirectToCas(false,true);
866 } else {
867 $this->redirectToCas();
868 }
869 phpCAS::traceEnd();
870 }

References $_SESSION, CASClient\isAuthenticated(), CASClient\redirectToCas(), phpCAS\trace(), phpCAS\traceBegin(), and phpCAS\traceEnd().

+ Here is the call graph for this function:

◆ setAttributes()

CASClient::setAttributes (   $attributes)

Definition at line 830 of file client.php.

831 { $this->_attributes = $attributes; }

Referenced by CASClient\wasPreviouslyAuthenticated().

+ Here is the caller graph for this function:

◆ setCacheTimesForAuthRecheck()

CASClient::setCacheTimesForAuthRecheck (   $n)

Set the number of times authentication will be cached before rechecked.

Parameters
$nan integer.

Definition at line 914 of file client.php.

915 {
916 $this->_cache_times_for_auth_recheck = $n;
917 }
$n
$n
Definition: RandomTest.php:80

References $n.

◆ setUser()

CASClient::setUser (   $user)
private

This method sets the CAS user's login name.

Parameters
$userthe login name of the authenticated user.

Definition at line 793 of file client.php.

794 {
795 $this->_user = $user;
796 }

Referenced by CASClient\validateST(), and CASClient\wasPreviouslyAuthenticated().

+ Here is the caller graph for this function:

◆ wasPreviouslyAuthenticated()

CASClient::wasPreviouslyAuthenticated ( )
private

This method tells if the user has already been (previously) authenticated by looking into the session variables.

Note
This function switches to callback mode when needed.
Returns
TRUE when the user has already been authenticated; FALSE otherwise.

Definition at line 1072 of file client.php.

1073 {
1074 phpCAS::traceBegin();
1075
1076 if ( $this->isCallbackMode() ) {
1077 $this->callback();
1078 }
1079
1080 $auth = FALSE;
1081
1082 if ( $this->isProxy() ) {
1083 // CAS proxy: username and PGT must be present
1084 if ( $this->isSessionAuthenticated() && !empty($_SESSION['phpCAS']['pgt']) ) {
1085 // authentication already done
1086 $this->setUser($_SESSION['phpCAS']['user']);
1087 $this->setPGT($_SESSION['phpCAS']['pgt']);
1088 phpCAS::trace('user = `'.$_SESSION['phpCAS']['user'].'\', PGT = `'.$_SESSION['phpCAS']['pgt'].'\'');
1089 $auth = TRUE;
1090 } elseif ( $this->isSessionAuthenticated() && empty($_SESSION['phpCAS']['pgt']) ) {
1091 // these two variables should be empty or not empty at the same time
1092 phpCAS::trace('username found (`'.$_SESSION['phpCAS']['user'].'\') but PGT is empty');
1093 // unset all tickets to enforce authentication
1094 unset($_SESSION['phpCAS']);
1095 $this->setST('');
1096 $this->setPT('');
1097 } elseif ( !$this->isSessionAuthenticated() && !empty($_SESSION['phpCAS']['pgt']) ) {
1098 // these two variables should be empty or not empty at the same time
1099 phpCAS::trace('PGT found (`'.$_SESSION['phpCAS']['pgt'].'\') but username is empty');
1100 // unset all tickets to enforce authentication
1101 unset($_SESSION['phpCAS']);
1102 $this->setST('');
1103 $this->setPT('');
1104 } else {
1105 phpCAS::trace('neither user not PGT found');
1106 }
1107 } else {
1108 // `simple' CAS client (not a proxy): username must be present
1109 if ( $this->isSessionAuthenticated() ) {
1110 // authentication already done
1111 $this->setUser($_SESSION['phpCAS']['user']);
1112 if(isset($_SESSION['phpCAS']['attributes'])){
1113 $this->setAttributes($_SESSION['phpCAS']['attributes']);
1114 }
1115 phpCAS::trace('user = `'.$_SESSION['phpCAS']['user'].'\'');
1116 $auth = TRUE;
1117 } else {
1118 phpCAS::trace('no user found');
1119 }
1120 }
1121
1122 phpCAS::traceEnd($auth);
1123 return $auth;
1124 }
CASClient\isSessionAuthenticated
isSessionAuthenticated()
This method tells if the current session is authenticated.
Definition: client.php:1057
CASClient\setAttributes
setAttributes($attributes)
Definition: client.php:830
CASClient\setUser
setUser($user)
This method sets the CAS user's login name.
Definition: client.php:793
CASClient\setST
setST($st)
This method stores the Service Ticket.
Definition: client.php:1306
CASClient\isCallbackMode
isCallbackMode()
This method returns TRUE when the CAs client is running i callback mode, FALSE otherwise.
Definition: client.php:1772
CASClient\callback
callback()
This method is called by CASClient::CASClient() when running in callback mode.
Definition: client.php:1849
CASClient\setPT
setPT($pt)
This method stores the Proxy Ticket.
Definition: client.php:2456
CASClient\setPGT
setPGT($pgt)
This method stores the Proxy Granting Ticket.
Definition: client.php:1717
$auth
$auth
Definition: inc.check_pear.php:55

References $_SESSION, $auth, CASClient\callback(), CASClient\isCallbackMode(), CASClient\isProxy(), CASClient\isSessionAuthenticated(), CASClient\setAttributes(), CASClient\setPGT(), CASClient\setPT(), CASClient\setST(), CASClient\setUser(), phpCAS\trace(), phpCAS\traceBegin(), and phpCAS\traceEnd().

Referenced by CASClient\isAuthenticated().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

Variable Documentation

◆ $_attributes

CASClient::$_attributes
private

The Authenticated users attributes.

Written by CASClient::setAttributes(), read by CASClient::getAttributes().

Attention
client applications should use phpCAS::getAttributes().

Definition at line 828 of file client.php.

Referenced by CASClient\getAttributes().

◆ $_cache_times_for_auth_recheck

CASClient::$_cache_times_for_auth_recheck
private

An integer that gives the number of times authentication will be cached before rechecked.

Definition at line 905 of file client.php.

◆ $_user

CASClient::$_user
private

The Authenticated user.

Written by CASClient::setUser(), read by CASClient::getUser().

Attention
client applications should use phpCAS::getUser().

Definition at line 784 of file client.php.

Referenced by CASClient\getUser().