CAS Basic client features (CAS 1.0, Service Tickets)
Collaboration diagram for CAS Basic client features (CAS 1.0, Service Tickets):
Modules | |
| CAS Proxy features (CAS 2.0, Proxy Granting Tickets) | |
| CAS proxied client features (CAS 2.0, Proxy Tickets) | |
| Miscellaneous | |
Functions | |
| CASClient::getST () | |
| This method returns the Service Ticket provided in the URL of the request. More... | |
| CASClient::setST ($st) | |
| This method stores the Service Ticket. More... | |
| CASClient::hasST () | |
| This method tells if a Service Ticket was stored. More... | |
| CASClient::setCasServerCert ($cert) | |
| Set the certificate of the CAS server. More... | |
| CASClient::setCasServerCACert ($cert) | |
| Set the CA certificate of the CAS server. More... | |
| CASClient::setNoCasServerValidation () | |
| Set no SSL validation for the CAS server. More... | |
| CASClient::validateST ($validate_url, &$text_response, &$tree_response) | |
| This method is used to validate a ST; halt on failure, and sets $validate_url, $text_reponse and $tree_response on success. More... | |
| CASClient::validateSA ($validate_url, &$text_response, &$tree_response) | |
| This method is used to validate a SAML TICKET; halt on failure, and sets $validate_url, $text_reponse and $tree_response on success. More... | |
| CASClient::setSessionAttributes ($text_response) | |
| This method will parse the DOM and pull out the attributes from the SAML payload and put them into an array, then put the array into the session. More... | |
Variables | |
| CASClient::$_st | |
| the Service Ticket provided in the URL of the request if present (empty otherwise). More... | |
| CASClient::$_cas_server_cert | |
| the certificate of the CAS server. More... | |
| CASClient::$_cas_server_ca_cert | |
| the certificate of the CAS server CA. More... | |
| CASClient::$_no_cas_server_validation | |
| Set to true not to validate the CAS server. More... | |
Detailed Description
Function Documentation
◆ getST()
|
private |
This method returns the Service Ticket provided in the URL of the request.
- Returns
- The service ticket.
Definition at line 1298 of file client.php.
$_st
the Service Ticket provided in the URL of the request if present (empty otherwise).
Definition: client.php:1291
References CASClient\$_st.
Referenced by CASClient\isAuthenticated(), and CASClient\validateST().
Here is the caller graph for this function:
◆ hasST()
|
private |
This method tells if a Service Ticket was stored.
- Returns
- TRUE if a Service Ticket has been stored.
Definition at line 1314 of file client.php.
1315 { return !empty($this->_st); }
Referenced by CASClient\isAuthenticated().
Here is the caller graph for this function:
◆ setCasServerCACert()
| CASClient::setCasServerCACert | ( | $cert | ) |
Set the CA certificate of the CAS server.
- Parameters
-
$cert the PEM certificate of the CA that emited the cert of the server
Definition at line 1366 of file client.php.
1367 {
1368 $this->_cas_server_ca_cert = $cert;
1369 }
◆ setCasServerCert()
| CASClient::setCasServerCert | ( | $cert | ) |
Set the certificate of the CAS server.
- Parameters
-
$cert the PEM certificate
Definition at line 1356 of file client.php.
1357 {
1358 $this->_cas_server_cert = $cert;
1359 }
◆ setNoCasServerValidation()
| CASClient::setNoCasServerValidation | ( | ) |
Set no SSL validation for the CAS server.
Definition at line 1374 of file client.php.
1375 {
1376 $this->_no_cas_server_validation = true;
1377 }
◆ setSessionAttributes()
|
private |
This method will parse the DOM and pull out the attributes from the SAML payload and put them into an array, then put the array into the session.
- Parameters
-
$text_response the SAML payload.
- Returns
- bool TRUE when successfull and FALSE if no attributes a found
Definition at line 1600 of file client.php.
1601 {
1602 phpCAS::traceBegin();
1603
1604 $result = FALSE;
1605
1608 }
1609
1610 $attr_array = array();
1611
1613 $xPath = $dom->xpath_new_context();
1614 $xPath->xpath_register_ns('samlp', 'urn:oasis:names:tc:SAML:1.0:protocol');
1615 $xPath->xpath_register_ns('saml', 'urn:oasis:names:tc:SAML:1.0:assertion');
1616 $nodelist = $xPath->xpath_eval("//saml:Attribute");
1617 if($nodelist){
1618 $attrs = $nodelist->nodeset;
1619 foreach($attrs as $attr){
1620 $xres = $xPath->xpath_eval("saml:AttributeValue", $attr);
1621 $name = $attr->get_attribute("AttributeName");
1622 $value_array = array();
1623 foreach($xres->nodeset as $node){
1624 $value_array[] = $node->get_content();
1625 }
1626 $attr_array[$name] = $value_array;
1627 }
1629 // UGent addition...
1630 foreach($attr_array as $attr_key => $attr_value) {
1631 if(count($attr_value) > 1) {
1632 $this->_attributes[$attr_key] = $attr_value;
1634 }
1635 else {
1636 $this->_attributes[$attr_key] = $attr_value[0];
1638 }
1639 }
1640 $result = TRUE;
1641 }else{
1643 $result = FALSE;
1644 }
1645 }
1648 }
traceBegin()
This method is used to indicate the start of the execution of a function in debug mode.
Definition: CAS.php:577
traceEnd($res='')
This method is used to indicate the end of the execution of a function in debug mode.
Definition: CAS.php:604
domxml_open_mem($str, $mode=DOMXML_LOAD_PARSING, &$error=NULL)
Definition: inc.xml5compliance.php:43
References $_SESSION, $result, domxml_open_mem(), SAML_ATTRIBUTES, phpCAS\trace(), phpCAS\traceBegin(), and phpCAS\traceEnd().
Here is the call graph for this function:
◆ setST()
|
private |
This method stores the Service Ticket.
- Parameters
-
$st The Service Ticket.
Definition at line 1306 of file client.php.
1307 { $this->_st = $st; }
Referenced by CASClient\wasPreviouslyAuthenticated().
Here is the caller graph for this function:
◆ validateSA()
|
private |
This method is used to validate a SAML TICKET; halt on failure, and sets $validate_url, $text_reponse and $tree_response on success.
These parameters are used later by CASClient::validatePGT() for CAS proxies.
- Parameters
-
$validate_url the URL of the request to the CAS server. $text_response the response of the CAS server, as is (XML text). $tree_response the response of the CAS server, as a DOM XML tree.
- Returns
- bool TRUE when successfull, halt otherwise by calling CASClient::authError().
Definition at line 1522 of file client.php.
1523 {
1524 phpCAS::traceBegin();
1525
1526 // build the URL to validate the ticket
1527 $validate_url = $this->getServerSamlValidateURL();
1528
1529 // open and read the URL
1532 $this->authError('SA not validated', $validate_url, TRUE/*$no_response*/);
1533 }
1534
1535 phpCAS::trace('server version: '.$this->getServerVersion());
1536
1537 // analyze the result depending on the version
1538 switch ($this->getServerVersion()) {
1539 case SAML_VERSION_1_1:
1540
1541 // read the response of the CAS server into a DOM object
1542 if ( !($dom = domxml_open_mem($text_response))) {
1544 $this->authError('SA not validated',
1545 $validate_url,
1546 FALSE/*$no_response*/,
1547 TRUE/*$bad_response*/,
1548 $text_response);
1549 }
1550 // read the root node of the XML tree
1551 if ( !($tree_response = $dom->document_element()) ) {
1552 phpCAS::trace('document_element() failed');
1553 $this->authError('SA not validated',
1554 $validate_url,
1555 FALSE/*$no_response*/,
1556 TRUE/*$bad_response*/,
1557 $text_response);
1558 }
1559 // insure that tag name is 'Envelope'
1560 if ( $tree_response->node_name() != 'Envelope' ) {
1561 phpCAS::trace('bad XML root node (should be `Envelope\' instead of `'.$tree_response->node_name().'\'');
1562 $this->authError('SA not validated',
1563 $validate_url,
1564 FALSE/*$no_response*/,
1565 TRUE/*$bad_response*/,
1566 $text_response);
1567 }
1568 // check for the NameIdentifier tag in the SAML response
1569 if ( sizeof($success_elements = $tree_response->get_elements_by_tagname("NameIdentifier")) != 0) {
1570 phpCAS::trace('NameIdentifier found');
1571 $user = trim($success_elements[0]->get_content());
1572 phpCAS::trace('user = `'.$user.'`');
1573 $this->setUser($user);
1574 $this->setSessionAttributes($text_response);
1575 } else {
1576 phpCAS::trace('no <NameIdentifier> tag found in SAML payload');
1577 $this->authError('SA not validated',
1578 $validate_url,
1579 FALSE/*$no_response*/,
1580 TRUE/*$bad_response*/,
1581 $text_response);
1582 }
1583 break;
1584 }
1586 // at this step, ST has been validated and $this->_user has been set,
1587 phpCAS::traceEnd(TRUE);
1588 return TRUE;
1589 }
getServerSamlValidateURL()
This method is used to retrieve the SAML validating URL of the CAS server.
Definition: client.php:447
readURL($url, $cookies, &$headers, &$body, &$err_msg)
This method is used to acces a remote URL.
Definition: client.php:2163
getSA()
This method returns the SAML Ticket provided in the URL of the request.
Definition: client.php:2471
References domxml_open_mem(), phpCAS\trace(), and phpCAS\traceBegin().
Here is the call graph for this function:
◆ validateST()
|
private |
This method is used to validate a ST; halt on failure, and sets $validate_url, $text_reponse and $tree_response on success.
These parameters are used later by CASClient::validatePGT() for CAS proxies. Used for all CAS 1.0 validations
- Parameters
-
$validate_url the URL of the request to the CAS server. $text_response the response of the CAS server, as is (XML text). $tree_response the response of the CAS server, as a DOM XML tree.
- Returns
- bool TRUE when successfull, halt otherwise by calling CASClient::authError().
Definition at line 1392 of file client.php.
1393 {
1394 phpCAS::traceBegin();
1395 // build the URL to validate the ticket
1398 // pass the callback url for CAS proxies
1400 }
1401
1402 // open and read the URL
1405 $this->authError('ST not validated',
1406 $validate_url,
1407 TRUE/*$no_response*/);
1408 }
1409
1410 // analyze the result depending on the version
1411 switch ($this->getServerVersion()) {
1412 case CAS_VERSION_1_0:
1413 if (preg_match('/^no\n/',$text_response)) {
1414 phpCAS::trace('ST has not been validated');
1415 $this->authError('ST not validated',
1416 $validate_url,
1417 FALSE/*$no_response*/,
1418 FALSE/*$bad_response*/,
1419 $text_response);
1420 }
1421 if (!preg_match('/^yes\n/',$text_response)) {
1422 phpCAS::trace('ill-formed response');
1423 $this->authError('ST not validated',
1424 $validate_url,
1425 FALSE/*$no_response*/,
1426 TRUE/*$bad_response*/,
1427 $text_response);
1428 }
1429 // ST has been validated, extract the user name
1430 $arr = preg_split('/\n/',$text_response);
1431 $this->setUser(trim($arr[1]));
1432 break;
1433 case CAS_VERSION_2_0:
1434 // read the response of the CAS server into a DOM object
1435 if ( !($dom = domxml_open_mem($text_response))) {
1437 $this->authError('ST not validated',
1438 $validate_url,
1439 FALSE/*$no_response*/,
1440 TRUE/*$bad_response*/,
1441 $text_response);
1442 }
1443 // read the root node of the XML tree
1444 if ( !($tree_response = $dom->document_element()) ) {
1445 phpCAS::trace('document_element() failed');
1446 $this->authError('ST not validated',
1447 $validate_url,
1448 FALSE/*$no_response*/,
1449 TRUE/*$bad_response*/,
1450 $text_response);
1451 }
1452 // insure that tag name is 'serviceResponse'
1453 if ( $tree_response->node_name() != 'serviceResponse' ) {
1454 phpCAS::trace('bad XML root node (should be `serviceResponse\' instead of `'.$tree_response->node_name().'\'');
1455 $this->authError('ST not validated',
1456 $validate_url,
1457 FALSE/*$no_response*/,
1458 TRUE/*$bad_response*/,
1459 $text_response);
1460 }
1461 if ( sizeof($success_elements = $tree_response->get_elements_by_tagname("authenticationSuccess")) != 0) {
1462 // authentication succeded, extract the user name
1463 if ( sizeof($user_elements = $success_elements[0]->get_elements_by_tagname("user")) == 0) {
1464 phpCAS::trace('<authenticationSuccess> found, but no <user>');
1465 $this->authError('ST not validated',
1466 $validate_url,
1467 FALSE/*$no_response*/,
1468 TRUE/*$bad_response*/,
1469 $text_response);
1470 }
1471 $user = trim($user_elements[0]->get_content());
1473 $this->setUser($user);
1474
1475 } else if ( sizeof($failure_elements = $tree_response->get_elements_by_tagname("authenticationFailure")) != 0) {
1477 // authentication failed, extract the error code and message
1479 $validate_url,
1480 FALSE/*$no_response*/,
1481 FALSE/*$bad_response*/,
1482 $text_response,
1483 $failure_elements[0]->get_attribute('code')/*$err_code*/,
1484 trim($failure_elements[0]->get_content())/*$err_msg*/);
1485 } else {
1488 $validate_url,
1489 FALSE/*$no_response*/,
1490 TRUE/*$bad_response*/,
1491 $text_response);
1492 }
1493 break;
1494 }
1496 // at this step, ST has been validated and $this->_user has been set,
1497 phpCAS::traceEnd(TRUE);
1498 return TRUE;
1499 }
getST()
This method returns the Service Ticket provided in the URL of the request.
Definition: client.php:1298
getCallbackURL()
This method returns the URL that should be used for the PGT callback (in fact the URL of the current ...
Definition: client.php:1796
getServerServiceValidateURL()
This method is used to retrieve the service validating URL of the CAS server.
Definition: client.php:426
authError($failure, $cas_url, $no_response, $bad_response='', $cas_response='', $err_code='', $err_msg='')
This method is used to print the HTML output when the user was not authenticated.
Definition: client.php:2722
References domxml_open_mem(), CASClient\getCallbackURL(), CASClient\getServerServiceValidateURL(), CASClient\getST(), CASClient\isProxy(), CASClient\readURL(), CASClient\setUser(), phpCAS\trace(), and phpCAS\traceBegin().
Here is the call graph for this function:
Variable Documentation
◆ $_cas_server_ca_cert
|
private |
the certificate of the CAS server CA.
Definition at line 1341 of file client.php.
◆ $_cas_server_cert
|
private |
the certificate of the CAS server.
Definition at line 1333 of file client.php.
◆ $_no_cas_server_validation
|
private |
Set to true not to validate the CAS server.
Definition at line 1349 of file client.php.
◆ $_st
|
private |
the Service Ticket provided in the URL of the request if present (empty otherwise).
Written by CASClient::CASClient(), read by CASClient::getST() and CASClient::hasPGT().
Definition at line 1291 of file client.php.
Referenced by CASClient\getST().
