ILIAS  release_5-1 Revision 5.0.0-5477-g43f3e3fab5f
Modules | Functions | Variables
CAS Basic client features (CAS 1.0, Service Tickets)
Implementation
+ Collaboration diagram for CAS Basic client features (CAS 1.0, Service Tickets):

Modules

 CAS Proxy features (CAS 2.0, Proxy Granting Tickets)
 
 CAS proxied client features (CAS 2.0, Proxy Tickets)
 
 Miscellaneous
 

Functions

 CASClient::getST ()
 This method returns the Service Ticket provided in the URL of the request. More...
 
 CASClient::setST ($st)
 This method stores the Service Ticket. More...
 
 CASClient::hasST ()
 This method tells if a Service Ticket was stored. More...
 
 CASClient::setCasServerCert ($cert)
 Set the certificate of the CAS server. More...
 
 CASClient::setCasServerCACert ($cert)
 Set the CA certificate of the CAS server. More...
 
 CASClient::setNoCasServerValidation ()
 Set no SSL validation for the CAS server. More...
 
 CASClient::validateST ($validate_url, &$text_response, &$tree_response)
 This method is used to validate a ST; halt on failure, and sets $validate_url, $text_reponse and $tree_response on success. More...
 
 CASClient::validateSA ($validate_url, &$text_response, &$tree_response)
 This method is used to validate a SAML TICKET; halt on failure, and sets $validate_url, $text_reponse and $tree_response on success. More...
 
 CASClient::setSessionAttributes ($text_response)
 This method will parse the DOM and pull out the attributes from the SAML payload and put them into an array, then put the array into the session. More...
 

Variables

 CASClient::$_st
 the Service Ticket provided in the URL of the request if present (empty otherwise). More...
 
 CASClient::$_cas_server_cert
 the certificate of the CAS server. More...
 
 CASClient::$_cas_server_ca_cert
 the certificate of the CAS server CA. More...
 
 CASClient::$_no_cas_server_validation
 Set to true not to validate the CAS server. More...
 

Detailed Description

Function Documentation

◆ getST()

CASClient::getST ( )
private

This method returns the Service Ticket provided in the URL of the request.

Returns
The service ticket.

Definition at line 1298 of file client.php.

References CASClient\$_st.

Referenced by CASClient\isAuthenticated(), and CASClient\validateST().

1299  { return $this->_st; }
CASClient\$_st
$_st
the Service Ticket provided in the URL of the request if present (empty otherwise).
Definition: client.php:1291
+ Here is the caller graph for this function:

◆ hasST()

CASClient::hasST ( )
private

This method tells if a Service Ticket was stored.

Returns
TRUE if a Service Ticket has been stored.

Definition at line 1314 of file client.php.

Referenced by CASClient\isAuthenticated().

1315  { return !empty($this->_st); }
+ Here is the caller graph for this function:

◆ setCasServerCACert()

CASClient::setCasServerCACert (   $cert)

Set the CA certificate of the CAS server.

Parameters
$certthe PEM certificate of the CA that emited the cert of the server

Definition at line 1366 of file client.php.

1367  {
1368  $this->_cas_server_ca_cert = $cert;
1369  }

◆ setCasServerCert()

CASClient::setCasServerCert (   $cert)

Set the certificate of the CAS server.

Parameters
$certthe PEM certificate

Definition at line 1356 of file client.php.

1357  {
1358  $this->_cas_server_cert = $cert;
1359  }

◆ setNoCasServerValidation()

CASClient::setNoCasServerValidation ( )

Set no SSL validation for the CAS server.

Definition at line 1374 of file client.php.

1375  {
1376  $this->_no_cas_server_validation = true;
1377  }

◆ setSessionAttributes()

CASClient::setSessionAttributes (   $text_response)
private

This method will parse the DOM and pull out the attributes from the SAML payload and put them into an array, then put the array into the session.

Parameters
$text_responsethe SAML payload.
Returns
bool TRUE when successfull and FALSE if no attributes a found

Definition at line 1600 of file client.php.

References $_SESSION, $result, domxml_open_mem(), SAML_ATTRIBUTES, phpCAS\trace(), phpCAS\traceBegin(), and phpCAS\traceEnd().

Referenced by CASClient\validateSA().

1601  {
1602  phpCAS::traceBegin();
1603 
1604  $result = FALSE;
1605 
1606  if (isset($_SESSION[SAML_ATTRIBUTES])) {
1607  phpCAS::trace("session attrs already set."); //testbml - do we care?
1608  }
1609 
1610  $attr_array = array();
1611 
1612  if (($dom = domxml_open_mem($text_response))) {
1613  $xPath = $dom->xpath_new_context();
1614  $xPath->xpath_register_ns('samlp', 'urn:oasis:names:tc:SAML:1.0:protocol');
1615  $xPath->xpath_register_ns('saml', 'urn:oasis:names:tc:SAML:1.0:assertion');
1616  $nodelist = $xPath->xpath_eval("//saml:Attribute");
1617  if($nodelist){
1618  $attrs = $nodelist->nodeset;
1619  foreach($attrs as $attr){
1620  $xres = $xPath->xpath_eval("saml:AttributeValue", $attr);
1621  $name = $attr->get_attribute("AttributeName");
1622  $value_array = array();
1623  foreach($xres->nodeset as $node){
1624  $value_array[] = $node->get_content();
1625  }
1626  $attr_array[$name] = $value_array;
1627  }
1628  $_SESSION[SAML_ATTRIBUTES] = $attr_array;
1629  // UGent addition...
1630  foreach($attr_array as $attr_key => $attr_value) {
1631  if(count($attr_value) > 1) {
1632  $this->_attributes[$attr_key] = $attr_value;
1633  phpCAS::trace("* " . $attr_key . "=" . $attr_value);
1634  }
1635  else {
1636  $this->_attributes[$attr_key] = $attr_value[0];
1637  phpCAS::trace("* " . $attr_key . "=" . $attr_value[0]);
1638  }
1639  }
1640  $result = TRUE;
1641  }else{
1642  phpCAS::trace("SAML Attributes are empty");
1643  $result = FALSE;
1644  }
1645  }
1646  phpCAS::traceEnd($result);
1647  return $result;
1648  }
domxml_open_mem
domxml_open_mem($str, $mode=DOMXML_LOAD_PARSING, &$error=NULL)
Definition: inc.xml5compliance.php:43
$_SESSION
$_SESSION["AccountId"]
Definition: cfg.phpunit.template.php:10
$result
$result
Definition: CleanUpTest.php:407
phpCAS\traceEnd
traceEnd($res='')
This method is used to indicate the end of the execution of a function in debug mode.
Definition: CAS.php:604
phpCAS\traceBegin
traceBegin()
This method is used to indicate the start of the execution of a function in debug mode...
Definition: CAS.php:577
phpCAS\trace
trace($str)
This method is used to log something in debug mode.
Definition: CAS.php:569
SAML_ATTRIBUTES
const SAML_ATTRIBUTES
SAML Attributes.
Definition: CAS.php:136
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ setST()

CASClient::setST (   $st)
private

This method stores the Service Ticket.

Parameters
$stThe Service Ticket.

Definition at line 1306 of file client.php.

Referenced by CASClient\wasPreviouslyAuthenticated().

1307  { $this->_st = $st; }
+ Here is the caller graph for this function:

◆ validateSA()

CASClient::validateSA (   $validate_url,
$text_response,
$tree_response 
)
private

This method is used to validate a SAML TICKET; halt on failure, and sets $validate_url, $text_reponse and $tree_response on success.

These parameters are used later by CASClient::validatePGT() for CAS proxies.

Parameters
$validate_urlthe URL of the request to the CAS server.
$text_responsethe response of the CAS server, as is (XML text).
$tree_responsethe response of the CAS server, as a DOM XML tree.
Returns
bool TRUE when successfull, halt otherwise by calling CASClient::authError().

Definition at line 1522 of file client.php.

References CASClient\authError(), domxml_open_mem(), CASClient\getSA(), CASClient\getServerSamlValidateURL(), CASClient\readURL(), CASClient\renameSession(), CASClient\setSessionAttributes(), CASClient\setUser(), phpCAS\trace(), phpCAS\traceBegin(), and phpCAS\traceEnd().

1523  {
1524  phpCAS::traceBegin();
1525 
1526  // build the URL to validate the ticket
1527  $validate_url = $this->getServerSamlValidateURL();
1528 
1529  // open and read the URL
1530  if ( !$this->readURL($validate_url,''/*cookies*/,$headers,$text_response,$err_msg) ) {
1531  phpCAS::trace('could not open URL \''.$validate_url.'\' to validate ('.$err_msg.')');
1532  $this->authError('SA not validated', $validate_url, TRUE/*$no_response*/);
1533  }
1534 
1535  phpCAS::trace('server version: '.$this->getServerVersion());
1536 
1537  // analyze the result depending on the version
1538  switch ($this->getServerVersion()) {
1539  case SAML_VERSION_1_1:
1540 
1541  // read the response of the CAS server into a DOM object
1542  if ( !($dom = domxml_open_mem($text_response))) {
1543  phpCAS::trace('domxml_open_mem() failed');
1544  $this->authError('SA not validated',
1545  $validate_url,
1546  FALSE/*$no_response*/,
1547  TRUE/*$bad_response*/,
1548  $text_response);
1549  }
1550  // read the root node of the XML tree
1551  if ( !($tree_response = $dom->document_element()) ) {
1552  phpCAS::trace('document_element() failed');
1553  $this->authError('SA not validated',
1554  $validate_url,
1555  FALSE/*$no_response*/,
1556  TRUE/*$bad_response*/,
1557  $text_response);
1558  }
1559  // insure that tag name is 'Envelope'
1560  if ( $tree_response->node_name() != 'Envelope' ) {
1561  phpCAS::trace('bad XML root node (should be `Envelope\' instead of `'.$tree_response->node_name().'\'');
1562  $this->authError('SA not validated',
1563  $validate_url,
1564  FALSE/*$no_response*/,
1565  TRUE/*$bad_response*/,
1566  $text_response);
1567  }
1568  // check for the NameIdentifier tag in the SAML response
1569  if ( sizeof($success_elements = $tree_response->get_elements_by_tagname("NameIdentifier")) != 0) {
1570  phpCAS::trace('NameIdentifier found');
1571  $user = trim($success_elements[0]->get_content());
1572  phpCAS::trace('user = `'.$user.'`');
1573  $this->setUser($user);
1574  $this->setSessionAttributes($text_response);
1575  } else {
1576  phpCAS::trace('no <NameIdentifier> tag found in SAML payload');
1577  $this->authError('SA not validated',
1578  $validate_url,
1579  FALSE/*$no_response*/,
1580  TRUE/*$bad_response*/,
1581  $text_response);
1582  }
1583  break;
1584  }
1585  $this->renameSession($this->getSA());
1586  // at this step, ST has been validated and $this->_user has been set,
1587  phpCAS::traceEnd(TRUE);
1588  return TRUE;
1589  }
domxml_open_mem
domxml_open_mem($str, $mode=DOMXML_LOAD_PARSING, &$error=NULL)
Definition: inc.xml5compliance.php:43
phpCAS\traceEnd
traceEnd($res='')
This method is used to indicate the end of the execution of a function in debug mode.
Definition: CAS.php:604
CASClient\setUser
setUser($user)
This method sets the CAS user&#39;s login name.
Definition: client.php:793
CASClient\getServerSamlValidateURL
getServerSamlValidateURL()
This method is used to retrieve the SAML validating URL of the CAS server.
Definition: client.php:447
CASClient\authError
authError($failure, $cas_url, $no_response, $bad_response='', $cas_response='', $err_code='', $err_msg='')
This method is used to print the HTML output when the user was not authenticated. ...
Definition: client.php:2722
phpCAS\traceBegin
traceBegin()
This method is used to indicate the start of the execution of a function in debug mode...
Definition: CAS.php:577
CASClient\getSA
getSA()
This method returns the SAML Ticket provided in the URL of the request.
Definition: client.php:2471
CASClient\setSessionAttributes
setSessionAttributes($text_response)
This method will parse the DOM and pull out the attributes from the SAML payload and put them into an...
Definition: client.php:1600
CASClient\readURL
readURL($url, $cookies, &$headers, &$body, &$err_msg)
This method is used to acces a remote URL.
Definition: client.php:2163
phpCAS\trace
trace($str)
This method is used to log something in debug mode.
Definition: CAS.php:569
CASClient\renameSession
renameSession($ticket)
Renaming the session.
Definition: client.php:733
+ Here is the call graph for this function:

◆ validateST()

CASClient::validateST (   $validate_url,
$text_response,
$tree_response 
)
private

This method is used to validate a ST; halt on failure, and sets $validate_url, $text_reponse and $tree_response on success.

These parameters are used later by CASClient::validatePGT() for CAS proxies. Used for all CAS 1.0 validations

Parameters
$validate_urlthe URL of the request to the CAS server.
$text_responsethe response of the CAS server, as is (XML text).
$tree_responsethe response of the CAS server, as a DOM XML tree.
Returns
bool TRUE when successfull, halt otherwise by calling CASClient::authError().

Definition at line 1392 of file client.php.

References CASClient\authError(), domxml_open_mem(), CASClient\getCallbackURL(), CASClient\getServerServiceValidateURL(), CASClient\getST(), CASClient\isProxy(), n, CASClient\readURL(), CASClient\renameSession(), CASClient\setUser(), phpCAS\trace(), phpCAS\traceBegin(), and phpCAS\traceEnd().

1393  {
1394  phpCAS::traceBegin();
1395  // build the URL to validate the ticket
1396  $validate_url = $this->getServerServiceValidateURL().'&ticket='.$this->getST();
1397  if ( $this->isProxy() ) {
1398  // pass the callback url for CAS proxies
1399  $validate_url .= '&pgtUrl='.urlencode($this->getCallbackURL());
1400  }
1401 
1402  // open and read the URL
1403  if ( !$this->readURL($validate_url,''/*cookies*/,$headers,$text_response,$err_msg) ) {
1404  phpCAS::trace('could not open URL \''.$validate_url.'\' to validate ('.$err_msg.')');
1405  $this->authError('ST not validated',
1406  $validate_url,
1407  TRUE/*$no_response*/);
1408  }
1409 
1410  // analyze the result depending on the version
1411  switch ($this->getServerVersion()) {
1412  case CAS_VERSION_1_0:
1413  if (preg_match('/^no\n/',$text_response)) {
1414  phpCAS::trace('ST has not been validated');
1415  $this->authError('ST not validated',
1416  $validate_url,
1417  FALSE/*$no_response*/,
1418  FALSE/*$bad_response*/,
1419  $text_response);
1420  }
1421  if (!preg_match('/^yes\n/',$text_response)) {
1422  phpCAS::trace('ill-formed response');
1423  $this->authError('ST not validated',
1424  $validate_url,
1425  FALSE/*$no_response*/,
1426  TRUE/*$bad_response*/,
1427  $text_response);
1428  }
1429  // ST has been validated, extract the user name
1430  $arr = preg_split('/\n/',$text_response);
1431  $this->setUser(trim($arr[1]));
1432  break;
1433  case CAS_VERSION_2_0:
1434  // read the response of the CAS server into a DOM object
1435  if ( !($dom = domxml_open_mem($text_response))) {
1436  phpCAS::trace('domxml_open_mem() failed');
1437  $this->authError('ST not validated',
1438  $validate_url,
1439  FALSE/*$no_response*/,
1440  TRUE/*$bad_response*/,
1441  $text_response);
1442  }
1443  // read the root node of the XML tree
1444  if ( !($tree_response = $dom->document_element()) ) {
1445  phpCAS::trace('document_element() failed');
1446  $this->authError('ST not validated',
1447  $validate_url,
1448  FALSE/*$no_response*/,
1449  TRUE/*$bad_response*/,
1450  $text_response);
1451  }
1452  // insure that tag name is 'serviceResponse'
1453  if ( $tree_response->node_name() != 'serviceResponse' ) {
1454  phpCAS::trace('bad XML root node (should be `serviceResponse\' instead of `'.$tree_response->node_name().'\'');
1455  $this->authError('ST not validated',
1456  $validate_url,
1457  FALSE/*$no_response*/,
1458  TRUE/*$bad_response*/,
1459  $text_response);
1460  }
1461  if ( sizeof($success_elements = $tree_response->get_elements_by_tagname("authenticationSuccess")) != 0) {
1462  // authentication succeded, extract the user name
1463  if ( sizeof($user_elements = $success_elements[0]->get_elements_by_tagname("user")) == 0) {
1464  phpCAS::trace('<authenticationSuccess> found, but no <user>');
1465  $this->authError('ST not validated',
1466  $validate_url,
1467  FALSE/*$no_response*/,
1468  TRUE/*$bad_response*/,
1469  $text_response);
1470  }
1471  $user = trim($user_elements[0]->get_content());
1472  phpCAS::trace('user = `'.$user);
1473  $this->setUser($user);
1474 
1475  } else if ( sizeof($failure_elements = $tree_response->get_elements_by_tagname("authenticationFailure")) != 0) {
1476  phpCAS::trace('<authenticationFailure> found');
1477  // authentication failed, extract the error code and message
1478  $this->authError('ST not validated',
1479  $validate_url,
1480  FALSE/*$no_response*/,
1481  FALSE/*$bad_response*/,
1482  $text_response,
1483  $failure_elements[0]->get_attribute('code')/*$err_code*/,
1484  trim($failure_elements[0]->get_content())/*$err_msg*/);
1485  } else {
1486  phpCAS::trace('neither <authenticationSuccess> nor <authenticationFailure> found');
1487  $this->authError('ST not validated',
1488  $validate_url,
1489  FALSE/*$no_response*/,
1490  TRUE/*$bad_response*/,
1491  $text_response);
1492  }
1493  break;
1494  }
1495  $this->renameSession($this->getST());
1496  // at this step, ST has been validated and $this->_user has been set,
1497  phpCAS::traceEnd(TRUE);
1498  return TRUE;
1499  }
domxml_open_mem
domxml_open_mem($str, $mode=DOMXML_LOAD_PARSING, &$error=NULL)
Definition: inc.xml5compliance.php:43
phpCAS\traceEnd
traceEnd($res='')
This method is used to indicate the end of the execution of a function in debug mode.
Definition: CAS.php:604
CASClient\getServerServiceValidateURL
getServerServiceValidateURL()
This method is used to retrieve the service validating URL of the CAS server.
Definition: client.php:426
CASClient\setUser
setUser($user)
This method sets the CAS user&#39;s login name.
Definition: client.php:793
CASClient\getCallbackURL
getCallbackURL()
This method returns the URL that should be used for the PGT callback (in fact the URL of the current ...
Definition: client.php:1796
CASClient\authError
authError($failure, $cas_url, $no_response, $bad_response='', $cas_response='', $err_code='', $err_msg='')
This method is used to print the HTML output when the user was not authenticated. ...
Definition: client.php:2722
CASClient\getST
getST()
This method returns the Service Ticket provided in the URL of the request.
Definition: client.php:1298
phpCAS\traceBegin
traceBegin()
This method is used to indicate the start of the execution of a function in debug mode...
Definition: CAS.php:577
CASClient\readURL
readURL($url, $cookies, &$headers, &$body, &$err_msg)
This method is used to acces a remote URL.
Definition: client.php:2163
CASClient\isProxy
isProxy()
Tells if a CAS client is a CAS proxy or not.
Definition: client.php:1681
phpCAS\trace
trace($str)
This method is used to log something in debug mode.
Definition: CAS.php:569
CASClient\renameSession
renameSession($ticket)
Renaming the session.
Definition: client.php:733
n
if(! $in) print Initializing normalization quick check tables n
Definition: UtfNormalGenerate.php:37
+ Here is the call graph for this function:

Variable Documentation

◆ $_cas_server_ca_cert

CASClient::$_cas_server_ca_cert
private

the certificate of the CAS server CA.

Definition at line 1341 of file client.php.

◆ $_cas_server_cert

CASClient::$_cas_server_cert
private

the certificate of the CAS server.

Definition at line 1333 of file client.php.

◆ $_no_cas_server_validation

CASClient::$_no_cas_server_validation
private

Set to true not to validate the CAS server.

Definition at line 1349 of file client.php.

◆ $_st

CASClient::$_st
private

the Service Ticket provided in the URL of the request if present (empty otherwise).

Written by CASClient::CASClient(), read by CASClient::getST() and CASClient::hasPGT().

Definition at line 1291 of file client.php.

Referenced by CASClient\getST(), and CASClient\logout().