ILIAS  release_5-2 Revision v5.2.25-18-g3f80b828510
Functions | Variables
Authentication
Implementation
+ Collaboration diagram for Authentication:

Functions

 CAS_Client::_setUser ($user)
 This method sets the CAS user's login name. More...
 
 CAS_Client::getUser ()
 This method returns the CAS user's login name. More...
 
 CAS_Client::_getUser ()
 This method returns the CAS user's login name. More...
 
 CAS_Client::setAttributes ($attributes)
 Set an array of attributes. More...
 
 CAS_Client::getAttributes ()
 Get an key values arry of attributes. More...
 
 CAS_Client::hasAttributes ()
 Check whether attributes are available. More...
 
 CAS_Client::hasAttribute ($key)
 Check whether a specific attribute with a name is available. More...
 
 CAS_Client::_hasAttribute ($key)
 Check whether a specific attribute with a name is available. More...
 
 CAS_Client::getAttribute ($key)
 Get a specific attribute by name. More...
 
 CAS_Client::renewAuthentication ()
 This method is called to renew the authentication of the user If the user is authenticated, renew the connection If not, redirect to CAS. More...
 
 CAS_Client::forceAuthentication ()
 This method is called to be sure that the user is authenticated. More...
 
 CAS_Client::setCacheTimesForAuthRecheck ($n)
 Set the number of times authentication will be cached before rechecked. More...
 
 CAS_Client::checkAuthentication ()
 This method is called to check whether the user is authenticated or not. More...
 
 CAS_Client::isAuthenticated ($renew=false)
 This method is called to check if the user is authenticated (previously or by tickets given in the URL). More...
 
 CAS_Client::isSessionAuthenticated ()
 This method tells if the current session is authenticated. More...
 
 CAS_Client::_wasPreviouslyAuthenticated ()
 This method tells if the user has already been (previously) authenticated by looking into the session variables. More...
 
 CAS_Client::redirectToCas ($gateway=false, $renew=false)
 This method is used to redirect the client to the CAS server. More...
 
 CAS_Client::logout ($params)
 This method is used to logout from CAS. More...
 
 CAS_Client::_isLogoutRequest ()
 Check of the current request is a logout request. More...
 
 CAS_Client::handleLogoutRequests ($check_client=true, $allowed_clients=false)
 This method handles logout requests. More...
 

Variables

 CAS_Client::$_user
 The Authenticated user. More...
 
 CAS_Client::$_attributes
 The Authenticated users attributes. More...
 
 CAS_Client::$_cache_times_for_auth_recheck
 An integer that gives the number of times authentication will be cached before rechecked. More...
 

Detailed Description

Function Documentation

◆ _getUser()

CAS_Client::_getUser ( )
private

This method returns the CAS user's login name.

Returns
string the login name of the authenticated user
Warning
should be called only after CAS_Client::forceAuthentication() or CAS_Client::isAuthenticated(), otherwise halt with an error.

Definition at line 1134 of file Client.php.

References CAS_Client\$_user, and phpCAS\error().

Referenced by CAS_Client\getProxiedService(), CAS_Client\getUser(), and CAS_Client\isAuthenticated().

1135  {
1136  // This is likely a duplicate check that could be removed....
1137  if ( empty($this->_user) ) {
1138  phpCAS::error(
1139  'this method should be used only after '.__CLASS__
1140  .'::forceAuthentication() or '.__CLASS__.'::isAuthenticated()'
1141  );
1142  }
1143  return $this->_user;
1144  }
phpCAS\error
static error($msg)
This method is used by interface methods to print an error and where the function was originally call...
Definition: CAS.php:543
CAS_Client\$_user
$_user
The Authenticated user.
Definition: Client.php:1096
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ _hasAttribute()

CAS_Client::_hasAttribute (   $key)
private

Check whether a specific attribute with a name is available.

Parameters
string$keyname of attribute
Returns
bool is attribute available

Definition at line 1221 of file Client.php.

Referenced by CAS_Client\getAttribute(), and CAS_Client\hasAttribute().

1222  {
1223  return (is_array($this->_attributes)
1224  && array_key_exists($key, $this->_attributes));
1225  }
+ Here is the caller graph for this function:

◆ _isLogoutRequest()

CAS_Client::_isLogoutRequest ( )
private

Check of the current request is a logout request.

Returns
bool is logout request.

Definition at line 1720 of file Client.php.

References $_POST.

Referenced by CAS_Client\__construct(), and CAS_Client\handleLogoutRequests().

1721  {
1722  return !empty($_POST['logoutRequest']);
1723  }
$_POST
$_POST["username"]
Definition: cfg.phpunit.template.php:11
+ Here is the caller graph for this function:

◆ _setUser()

CAS_Client::_setUser (   $user)
private

This method sets the CAS user's login name.

Parameters
string$userthe login name of the authenticated user.
Returns
void

Definition at line 1105 of file Client.php.

Referenced by CAS_Client\_wasPreviouslyAuthenticated(), and CAS_Client\validateSA().

1106  {
1107  $this->_user = $user;
1108  }
+ Here is the caller graph for this function:

◆ _wasPreviouslyAuthenticated()

CAS_Client::_wasPreviouslyAuthenticated ( )
private

This method tells if the user has already been (previously) authenticated by looking into the session variables.

Note
This function switches to callback mode when needed.
Returns
true when the user has already been authenticated; false otherwise.

Definition at line 1549 of file Client.php.

References $_POST, $_SESSION, CAS_Client\_callback(), CAS_Client\_isCallbackMode(), CAS_Client\_rebroadcast(), CAS_Client\_setPGT(), CAS_Client\_setProxies(), CAS_Client\_setUser(), CAS_Client\isProxy(), CAS_Client\isSessionAuthenticated(), CAS_Client\setAttributes(), CAS_Client\setTicket(), phpCAS\trace(), phpCAS\traceBegin(), and phpCAS\traceEnd().

Referenced by CAS_Client\isAuthenticated().

1550  {
1551  phpCAS::traceBegin();
1552 
1553  if ( $this->_isCallbackMode() ) {
1554  // Rebroadcast the pgtIou and pgtId to all nodes
1555  if ($this->_rebroadcast&&!isset($_POST['rebroadcast'])) {
1556  $this->_rebroadcast(self::PGTIOU);
1557  }
1558  $this->_callback();
1559  }
1560 
1561  $auth = false;
1562 
1563  if ( $this->isProxy() ) {
1564  // CAS proxy: username and PGT must be present
1565  if ( $this->isSessionAuthenticated()
1566  && !empty($_SESSION['phpCAS']['pgt'])
1567  ) {
1568  // authentication already done
1569  $this->_setUser($_SESSION['phpCAS']['user']);
1570  if (isset($_SESSION['phpCAS']['attributes'])) {
1571  $this->setAttributes($_SESSION['phpCAS']['attributes']);
1572  }
1573  $this->_setPGT($_SESSION['phpCAS']['pgt']);
1574  phpCAS::trace(
1575  'user = `'.$_SESSION['phpCAS']['user'].'\', PGT = `'
1576  .$_SESSION['phpCAS']['pgt'].'\''
1577  );
1578 
1579  // Include the list of proxies
1580  if (isset($_SESSION['phpCAS']['proxies'])) {
1581  $this->_setProxies($_SESSION['phpCAS']['proxies']);
1582  phpCAS::trace(
1583  'proxies = "'
1584  .implode('", "', $_SESSION['phpCAS']['proxies']).'"'
1585  );
1586  }
1587 
1588  $auth = true;
1589  } elseif ( $this->isSessionAuthenticated()
1590  && empty($_SESSION['phpCAS']['pgt'])
1591  ) {
1592  // these two variables should be empty or not empty at the same time
1593  phpCAS::trace(
1594  'username found (`'.$_SESSION['phpCAS']['user']
1595  .'\') but PGT is empty'
1596  );
1597  // unset all tickets to enforce authentication
1598  unset($_SESSION['phpCAS']);
1599  $this->setTicket('');
1600  } elseif ( !$this->isSessionAuthenticated()
1601  && !empty($_SESSION['phpCAS']['pgt'])
1602  ) {
1603  // these two variables should be empty or not empty at the same time
1604  phpCAS::trace(
1605  'PGT found (`'.$_SESSION['phpCAS']['pgt']
1606  .'\') but username is empty'
1607  );
1608  // unset all tickets to enforce authentication
1609  unset($_SESSION['phpCAS']);
1610  $this->setTicket('');
1611  } else {
1612  phpCAS::trace('neither user nor PGT found');
1613  }
1614  } else {
1615  // `simple' CAS client (not a proxy): username must be present
1616  if ( $this->isSessionAuthenticated() ) {
1617  // authentication already done
1618  $this->_setUser($_SESSION['phpCAS']['user']);
1619  if (isset($_SESSION['phpCAS']['attributes'])) {
1620  $this->setAttributes($_SESSION['phpCAS']['attributes']);
1621  }
1622  phpCAS::trace('user = `'.$_SESSION['phpCAS']['user'].'\'');
1623 
1624  // Include the list of proxies
1625  if (isset($_SESSION['phpCAS']['proxies'])) {
1626  $this->_setProxies($_SESSION['phpCAS']['proxies']);
1627  phpCAS::trace(
1628  'proxies = "'
1629  .implode('", "', $_SESSION['phpCAS']['proxies']).'"'
1630  );
1631  }
1632 
1633  $auth = true;
1634  } else {
1635  phpCAS::trace('no user found');
1636  }
1637  }
1638 
1639  phpCAS::traceEnd($auth);
1640  return $auth;
1641  }
CAS_Client\_setProxies
_setProxies($proxies)
Set the Proxy array, probably from persistant storage.
Definition: Client.php:3110
CAS_Client\_rebroadcast
_rebroadcast($type)
This method rebroadcasts logout/pgtIou requests.
Definition: Client.php:3860
$_SESSION
$_SESSION["AccountId"]
Definition: cfg.phpunit.template.php:10
phpCAS
The phpCAS class is a simple container for the phpCAS library.
Definition: CAS.php:278
phpCAS\traceEnd
static traceEnd($res='')
This method is used to indicate the end of the execution of a function in debug mode.
Definition: CAS.php:638
phpCAS\trace
static trace($str)
This method is used to log something in debug mode.
Definition: CAS.php:579
CAS_Client\_callback
_callback()
This method is called by CAS_Client::CAS_Client() when running in callback mode.
Definition: Client.php:2400
CAS_Client\_setUser
_setUser($user)
This method sets the CAS user's login name.
Definition: Client.php:1105
CAS_Client\setAttributes
setAttributes($attributes)
Set an array of attributes.
Definition: Client.php:1162
CAS_Client\isSessionAuthenticated
isSessionAuthenticated()
This method tells if the current session is authenticated.
Definition: Client.php:1536
phpCAS\traceBegin
static traceBegin()
This method is used to indicate the start of the execution of a function in debug mode...
Definition: CAS.php:591
CAS_Client\isProxy
isProxy()
Tells if a CAS client is a CAS proxy or not.
Definition: Client.php:2242
CAS_Client\_isCallbackMode
_isCallbackMode()
This method returns true when the CAs client is running i callback mode, false otherwise.
Definition: Client.php:2339
CAS_Client\_setPGT
_setPGT($pgt)
This method stores the Proxy Granting Ticket.
Definition: Client.php:2283
$_POST
$_POST["username"]
Definition: cfg.phpunit.template.php:11
CAS_Client\setTicket
setTicket($st)
This method stores the Service Ticket.
Definition: Client.php:1882
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ checkAuthentication()

CAS_Client::checkAuthentication ( )

This method is called to check whether the user is authenticated or not.

Returns
true when the user is authenticated, false when a previous gateway login failed or the function will not return if the user is redirected to the cas server for a gateway login attempt

Definition at line 1327 of file Client.php.

References $_SESSION, $res, CAS_Client\isAuthenticated(), CAS_Client\redirectToCas(), phpCAS\trace(), phpCAS\traceBegin(), and phpCAS\traceEnd().

1328  {
1329  phpCAS::traceBegin();
1330  $res = false;
1331  if ( $this->isAuthenticated() ) {
1332  phpCAS::trace('user is authenticated');
1333  /* The 'auth_checked' variable is removed just in case it's set. */
1334  unset($_SESSION['phpCAS']['auth_checked']);
1335  $res = true;
1336  } else if (isset($_SESSION['phpCAS']['auth_checked'])) {
1337  // the previous request has redirected the client to the CAS server
1338  // with gateway=true
1339  unset($_SESSION['phpCAS']['auth_checked']);
1340  $res = false;
1341  } else {
1342  // avoid a check against CAS on every request
1343  if (!isset($_SESSION['phpCAS']['unauth_count'])) {
1344  $_SESSION['phpCAS']['unauth_count'] = -2; // uninitialized
1345  }
1346 
1347  if (($_SESSION['phpCAS']['unauth_count'] != -2
1348  && $this->_cache_times_for_auth_recheck == -1)
1349  || ($_SESSION['phpCAS']['unauth_count'] >= 0
1350  && $_SESSION['phpCAS']['unauth_count'] < $this->_cache_times_for_auth_recheck)
1351  ) {
1352  $res = false;
1353 
1354  if ($this->_cache_times_for_auth_recheck != -1) {
1355  $_SESSION['phpCAS']['unauth_count']++;
1356  phpCAS::trace(
1357  'user is not authenticated (cached for '
1358  .$_SESSION['phpCAS']['unauth_count'].' times of '
1359  .$this->_cache_times_for_auth_recheck.')'
1360  );
1361  } else {
1362  phpCAS::trace(
1363  'user is not authenticated (cached for until login pressed)'
1364  );
1365  }
1366  } else {
1367  $_SESSION['phpCAS']['unauth_count'] = 0;
1368  $_SESSION['phpCAS']['auth_checked'] = true;
1369  phpCAS::trace('user is not authenticated (cache reset)');
1370  $this->redirectToCas(true/* gateway */);
1371  // never reached
1372  $res = false;
1373  }
1374  }
1375  phpCAS::traceEnd($res);
1376  return $res;
1377  }
$_SESSION
$_SESSION["AccountId"]
Definition: cfg.phpunit.template.php:10
phpCAS\traceEnd
static traceEnd($res='')
This method is used to indicate the end of the execution of a function in debug mode.
Definition: CAS.php:638
phpCAS\trace
static trace($str)
This method is used to log something in debug mode.
Definition: CAS.php:579
CAS_Client\isAuthenticated
isAuthenticated($renew=false)
This method is called to check if the user is authenticated (previously or by tickets given in the UR...
Definition: Client.php:1388
CAS_Client\redirectToCas
redirectToCas($gateway=false, $renew=false)
This method is used to redirect the client to the CAS server.
Definition: Client.php:1653
phpCAS\traceBegin
static traceBegin()
This method is used to indicate the start of the execution of a function in debug mode...
Definition: CAS.php:591
+ Here is the call graph for this function:

◆ forceAuthentication()

CAS_Client::forceAuthentication ( )

This method is called to be sure that the user is authenticated.

When not authenticated, halt by redirecting to the CAS server; otherwise return true.

Returns
true when the user is authenticated; otherwise halt.

Definition at line 1276 of file Client.php.

References $_SESSION, $res, CAS_Client\isAuthenticated(), CAS_Client\redirectToCas(), phpCAS\trace(), phpCAS\traceBegin(), and phpCAS\traceEnd().

1277  {
1278  phpCAS::traceBegin();
1279 
1280  if ( $this->isAuthenticated() ) {
1281  // the user is authenticated, nothing to be done.
1282  phpCAS::trace('no need to authenticate');
1283  $res = true;
1284  } else {
1285  // the user is not authenticated, redirect to the CAS server
1286  if (isset($_SESSION['phpCAS']['auth_checked'])) {
1287  unset($_SESSION['phpCAS']['auth_checked']);
1288  }
1289  $this->redirectToCas(false/* no gateway */);
1290  // never reached
1291  $res = false;
1292  }
1293  phpCAS::traceEnd($res);
1294  return $res;
1295  }
$_SESSION
$_SESSION["AccountId"]
Definition: cfg.phpunit.template.php:10
phpCAS\traceEnd
static traceEnd($res='')
This method is used to indicate the end of the execution of a function in debug mode.
Definition: CAS.php:638
phpCAS\trace
static trace($str)
This method is used to log something in debug mode.
Definition: CAS.php:579
CAS_Client\isAuthenticated
isAuthenticated($renew=false)
This method is called to check if the user is authenticated (previously or by tickets given in the UR...
Definition: Client.php:1388
CAS_Client\redirectToCas
redirectToCas($gateway=false, $renew=false)
This method is used to redirect the client to the CAS server.
Definition: Client.php:1653
phpCAS\traceBegin
static traceBegin()
This method is used to indicate the start of the execution of a function in debug mode...
Definition: CAS.php:591
+ Here is the call graph for this function:

◆ getAttribute()

CAS_Client::getAttribute (   $key)

Get a specific attribute by name.

Parameters
string$keyname of attribute
Returns
string attribute values

Definition at line 1234 of file Client.php.

References CAS_Client\_hasAttribute(), and CAS_Client\ensureAuthenticationCallSuccessful().

1235  {
1236  // Sequence validation
1237  $this->ensureAuthenticationCallSuccessful();
1238 
1239  if ($this->_hasAttribute($key)) {
1240  return $this->_attributes[$key];
1241  }
1242  }
CAS_Client\_hasAttribute
_hasAttribute($key)
Check whether a specific attribute with a name is available.
Definition: Client.php:1221
CAS_Client\ensureAuthenticationCallSuccessful
ensureAuthenticationCallSuccessful()
Ensure that authentication was checked.
Definition: Client.php:822
+ Here is the call graph for this function:

◆ getAttributes()

CAS_Client::getAttributes ( )

Get an key values arry of attributes.

Returns
arry of attributes

Definition at line 1172 of file Client.php.

References CAS_Client\$_attributes, CAS_Client\ensureAuthenticationCallSuccessful(), and phpCAS\error().

1173  {
1174  // Sequence validation
1175  $this->ensureAuthenticationCallSuccessful();
1176  // This is likely a duplicate check that could be removed....
1177  if ( empty($this->_user) ) {
1178  // if no user is set, there shouldn't be any attributes also...
1179  phpCAS::error(
1180  'this method should be used only after '.__CLASS__
1181  .'::forceAuthentication() or '.__CLASS__.'::isAuthenticated()'
1182  );
1183  }
1184  return $this->_attributes;
1185  }
phpCAS\error
static error($msg)
This method is used by interface methods to print an error and where the function was originally call...
Definition: CAS.php:543
CAS_Client\ensureAuthenticationCallSuccessful
ensureAuthenticationCallSuccessful()
Ensure that authentication was checked.
Definition: Client.php:822
CAS_Client\$_attributes
$_attributes
The Authenticated users attributes.
Definition: Client.php:1153
+ Here is the call graph for this function:

◆ getUser()

CAS_Client::getUser ( )

This method returns the CAS user's login name.

Returns
string the login name of the authenticated user
Warning
should be called only after CAS_Client::forceAuthentication() or CAS_Client::isAuthenticated(), otherwise halt with an error.

Definition at line 1118 of file Client.php.

References CAS_Client\_getUser(), and CAS_Client\ensureAuthenticationCallSuccessful().

1119  {
1120  // Sequence validation
1121  $this->ensureAuthenticationCallSuccessful();
1122 
1123  return $this->_getUser();
1124  }
CAS_Client\_getUser
_getUser()
This method returns the CAS user&#39;s login name.
Definition: Client.php:1134
CAS_Client\ensureAuthenticationCallSuccessful
ensureAuthenticationCallSuccessful()
Ensure that authentication was checked.
Definition: Client.php:822
+ Here is the call graph for this function:

◆ handleLogoutRequests()

CAS_Client::handleLogoutRequests (   $check_client = true,
  $allowed_clients = false 
)

This method handles logout requests.

Parameters
bool$check_clienttrue to check the client bofore handling the request, false not to perform any access control. True by default.
bool$allowed_clientsan array of host names allowed to send logout requests.
Returns
void

Definition at line 1735 of file Client.php.

References $_COOKIE, $_GET, $_POST, $_SERVER, CAS_Client\$_signoutCallbackArgs, $client, CAS_Client\_getServerHostname(), CAS_Client\_isLogoutRequest(), CAS_Client\_rebroadcast(), array, phpCAS\error(), CAS_Client\getChangeSessionID(), phpCAS\trace(), phpCAS\traceBegin(), phpCAS\traceEnd(), and phpCAS\traceExit().

1736  {
1737  phpCAS::traceBegin();
1738  if (!$this->_isLogoutRequest()) {
1739  phpCAS::trace("Not a logout request");
1740  phpCAS::traceEnd();
1741  return;
1742  }
1743  if (!$this->getChangeSessionID()
1744  && is_null($this->_signoutCallbackFunction)
1745  ) {
1746  phpCAS::trace(
1747  "phpCAS can't handle logout requests if it is not allowed to change session_id."
1748  );
1749  }
1750  phpCAS::trace("Logout requested");
1751  $decoded_logout_rq = urldecode($_POST['logoutRequest']);
1752  phpCAS::trace("SAML REQUEST: ".$decoded_logout_rq);
1753  $allowed = false;
1754  if ($check_client) {
1755  if (!$allowed_clients) {
1756  $allowed_clients = array( $this->_getServerHostname() );
1757  }
1758  $client_ip = $_SERVER['REMOTE_ADDR'];
1759  $client = gethostbyaddr($client_ip);
1760  phpCAS::trace("Client: ".$client."/".$client_ip);
1761  foreach ($allowed_clients as $allowed_client) {
1762  if (($client == $allowed_client)
1763  || ($client_ip == $allowed_client)
1764  ) {
1765  phpCAS::trace(
1766  "Allowed client '".$allowed_client
1767  ."' matches, logout request is allowed"
1768  );
1769  $allowed = true;
1770  break;
1771  } else {
1772  phpCAS::trace(
1773  "Allowed client '".$allowed_client."' does not match"
1774  );
1775  }
1776  }
1777  } else {
1778  phpCAS::trace("No access control set");
1779  $allowed = true;
1780  }
1781  // If Logout command is permitted proceed with the logout
1782  if ($allowed) {
1783  phpCAS::trace("Logout command allowed");
1784  // Rebroadcast the logout request
1785  if ($this->_rebroadcast && !isset($_POST['rebroadcast'])) {
1786  $this->_rebroadcast(self::LOGOUT);
1787  }
1788  // Extract the ticket from the SAML Request
1789  preg_match(
1790  "|<samlp:SessionIndex>(.*)</samlp:SessionIndex>|",
1791  $decoded_logout_rq, $tick, PREG_OFFSET_CAPTURE, 3
1792  );
1793  $wrappedSamlSessionIndex = preg_replace(
1794  '|<samlp:SessionIndex>|', '', $tick[0][0]
1795  );
1796  $ticket2logout = preg_replace(
1797  '|</samlp:SessionIndex>|', '', $wrappedSamlSessionIndex
1798  );
1799  phpCAS::trace("Ticket to logout: ".$ticket2logout);
1800 
1801  // call the post-authenticate callback if registered.
1802  if ($this->_signoutCallbackFunction) {
1803  $args = $this->_signoutCallbackArgs;
1804  array_unshift($args, $ticket2logout);
1805  call_user_func_array($this->_signoutCallbackFunction, $args);
1806  }
1807 
1808  // If phpCAS is managing the session_id, destroy session thanks to
1809  // session_id.
1810  if ($this->getChangeSessionID()) {
1811  $session_id = preg_replace('/[^a-zA-Z0-9\-]/', '', $ticket2logout);
1812  phpCAS::trace("Session id: ".$session_id);
1813 
1814  // destroy a possible application session created before phpcas
1815  if (session_id() !== "") {
1816  session_unset();
1817  session_destroy();
1818  }
1819  // fix session ID
1820  session_id($session_id);
1821  $_COOKIE[session_name()]=$session_id;
1822  $_GET[session_name()]=$session_id;
1823 
1824  // Overwrite session
1825  session_start();
1826  session_unset();
1827  session_destroy();
1828  phpCAS::trace("Session ". $session_id . " destroyed");
1829  }
1830  } else {
1831  phpCAS::error("Unauthorized logout request from client '".$client."'");
1832  phpCAS::trace("Unauthorized logout request from client '".$client."'");
1833  }
1834  flush();
1835  phpCAS::traceExit();
1836  throw new CAS_GracefullTerminationException();
1837 
1838  }
CAS_Client\_rebroadcast
_rebroadcast($type)
This method rebroadcasts logout/pgtIou requests.
Definition: Client.php:3860
$_SERVER
if((!isset($_SERVER['DOCUMENT_ROOT'])) OR(empty($_SERVER['DOCUMENT_ROOT']))) $_SERVER['DOCUMENT_ROOT']
Definition: tcpdf_autoconfig.php:54
phpCAS\error
static error($msg)
This method is used by interface methods to print an error and where the function was originally call...
Definition: CAS.php:543
phpCAS\traceExit
static traceExit()
This method is used to indicate the end of the execution of the program.
Definition: CAS.php:661
$_GET
$_GET["client_id"]
Definition: cfg.phpunit.template.php:12
CAS_Client\_getServerHostname
_getServerHostname()
This method is used to retrieve the hostname of the CAS server.
Definition: Client.php:283
phpCAS\traceEnd
static traceEnd($res='')
This method is used to indicate the end of the execution of a function in debug mode.
Definition: CAS.php:638
phpCAS\trace
static trace($str)
This method is used to log something in debug mode.
Definition: CAS.php:579
CAS_Client\_isLogoutRequest
_isLogoutRequest()
Check of the current request is a logout request.
Definition: Client.php:1720
CAS_Client\getChangeSessionID
getChangeSessionID()
Get whether phpCas is allowed to change session_id.
Definition: Client.php:1072
$client
$client
Definition: dummy_client.php:38
CAS_Client\$_signoutCallbackArgs
$_signoutCallbackArgs
Definition: Client.php:712
CAS_GracefullTerminationException
Definition: GracefullTerminationException.php:43
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
phpCAS\traceBegin
static traceBegin()
This method is used to indicate the start of the execution of a function in debug mode...
Definition: CAS.php:591
$_COOKIE
$_COOKIE['ilClientId']
Definition: BPMN2Parser.php:15
$_POST
$_POST["username"]
Definition: cfg.phpunit.template.php:11
+ Here is the call graph for this function:

◆ hasAttribute()

CAS_Client::hasAttribute (   $key)

Check whether a specific attribute with a name is available.

Parameters
string$keyname of attribute
Returns
bool is attribute available

Definition at line 1206 of file Client.php.

References CAS_Client\_hasAttribute(), and CAS_Client\ensureAuthenticationCallSuccessful().

1207  {
1208  // Sequence validation
1209  $this->ensureAuthenticationCallSuccessful();
1210 
1211  return $this->_hasAttribute($key);
1212  }
CAS_Client\_hasAttribute
_hasAttribute($key)
Check whether a specific attribute with a name is available.
Definition: Client.php:1221
CAS_Client\ensureAuthenticationCallSuccessful
ensureAuthenticationCallSuccessful()
Ensure that authentication was checked.
Definition: Client.php:822
+ Here is the call graph for this function:

◆ hasAttributes()

CAS_Client::hasAttributes ( )

Check whether attributes are available.

Returns
bool attributes available

Definition at line 1192 of file Client.php.

References CAS_Client\ensureAuthenticationCallSuccessful().

1193  {
1194  // Sequence validation
1195  $this->ensureAuthenticationCallSuccessful();
1196 
1197  return !empty($this->_attributes);
1198  }
CAS_Client\ensureAuthenticationCallSuccessful
ensureAuthenticationCallSuccessful()
Ensure that authentication was checked.
Definition: Client.php:822
+ Here is the call graph for this function:

◆ isAuthenticated()

CAS_Client::isAuthenticated (   $renew = false)

This method is called to check if the user is authenticated (previously or by tickets given in the URL).

Parameters
bool$renewtrue to force the authentication with the CAS server
Returns
true when the user is authenticated. Also may redirect to the same URL without the ticket.

Definition at line 1388 of file Client.php.

References $_SESSION, $res, CAS_Client\_getPGT(), CAS_Client\_getUser(), CAS_Client\_validatePGT(), CAS_Client\_wasPreviouslyAuthenticated(), CAS_VERSION_1_0, CAS_VERSION_2_0, CAS_VERSION_3_0, CAS_Client\getServerVersion(), CAS_Client\getTicket(), CAS_Client\getURL(), CAS_Client\hasTicket(), header, CAS_Client\isProxy(), CAS_Client\markAuthenticationCall(), phpCAS\trace(), phpCAS\traceBegin(), phpCAS\traceEnd(), phpCAS\traceExit(), user(), and CAS_Client\validateSA().

Referenced by CAS_Client\checkAuthentication(), CAS_Client\forceAuthentication(), and CAS_Client\renewAuthentication().

1389  {
1390  phpCAS::traceBegin();
1391  $res = false;
1392  $validate_url = '';
1393  if ( $this->_wasPreviouslyAuthenticated() ) {
1394  if ($this->hasTicket()) {
1395  // User has a additional ticket but was already authenticated
1396  phpCAS::trace(
1397  'ticket was present and will be discarded, use renewAuthenticate()'
1398  );
1399  if ($this->_clearTicketsFromUrl) {
1400  phpCAS::trace("Prepare redirect to : ".$this->getURL());
1401  session_write_close();
1402  header('Location: '.$this->getURL());
1403  flush();
1404  phpCAS::traceExit();
1405  throw new CAS_GracefullTerminationException();
1406  } else {
1407  phpCAS::trace(
1408  'Already authenticated, but skipping ticket clearing since setNoClearTicketsFromUrl() was used.'
1409  );
1410  $res = true;
1411  }
1412  } else {
1413  // the user has already (previously during the session) been
1414  // authenticated, nothing to be done.
1415  phpCAS::trace(
1416  'user was already authenticated, no need to look for tickets'
1417  );
1418  $res = true;
1419  }
1420 
1421  // Mark the auth-check as complete to allow post-authentication
1422  // callbacks to make use of phpCAS::getUser() and similar methods
1423  $this->markAuthenticationCall($res);
1424  } else {
1425  if ($this->hasTicket()) {
1426  switch ($this->getServerVersion()) {
1427  case CAS_VERSION_1_0:
1428  // if a Service Ticket was given, validate it
1429  phpCAS::trace(
1430  'CAS 1.0 ticket `'.$this->getTicket().'\' is present'
1431  );
1432  $this->validateCAS10(
1433  $validate_url, $text_response, $tree_response, $renew
1434  ); // if it fails, it halts
1435  phpCAS::trace(
1436  'CAS 1.0 ticket `'.$this->getTicket().'\' was validated'
1437  );
1438  $_SESSION['phpCAS']['user'] = $this->_getUser();
1439  $res = true;
1440  $logoutTicket = $this->getTicket();
1441  break;
1442  case CAS_VERSION_2_0:
1443  case CAS_VERSION_3_0:
1444  // if a Proxy Ticket was given, validate it
1445  phpCAS::trace(
1446  'CAS '.$this->getServerVersion().' ticket `'.$this->getTicket().'\' is present'
1447  );
1448  $this->validateCAS20(
1449  $validate_url, $text_response, $tree_response, $renew
1450  ); // note: if it fails, it halts
1451  phpCAS::trace(
1452  'CAS '.$this->getServerVersion().' ticket `'.$this->getTicket().'\' was validated'
1453  );
1454  if ( $this->isProxy() ) {
1455  $this->_validatePGT(
1456  $validate_url, $text_response, $tree_response
1457  ); // idem
1458  phpCAS::trace('PGT `'.$this->_getPGT().'\' was validated');
1459  $_SESSION['phpCAS']['pgt'] = $this->_getPGT();
1460  }
1461  $_SESSION['phpCAS']['user'] = $this->_getUser();
1462  if (!empty($this->_attributes)) {
1463  $_SESSION['phpCAS']['attributes'] = $this->_attributes;
1464  }
1465  $proxies = $this->getProxies();
1466  if (!empty($proxies)) {
1467  $_SESSION['phpCAS']['proxies'] = $this->getProxies();
1468  }
1469  $res = true;
1470  $logoutTicket = $this->getTicket();
1471  break;
1472  case SAML_VERSION_1_1:
1473  // if we have a SAML ticket, validate it.
1474  phpCAS::trace(
1475  'SAML 1.1 ticket `'.$this->getTicket().'\' is present'
1476  );
1477  $this->validateSA(
1478  $validate_url, $text_response, $tree_response, $renew
1479  ); // if it fails, it halts
1480  phpCAS::trace(
1481  'SAML 1.1 ticket `'.$this->getTicket().'\' was validated'
1482  );
1483  $_SESSION['phpCAS']['user'] = $this->_getUser();
1484  $_SESSION['phpCAS']['attributes'] = $this->_attributes;
1485  $res = true;
1486  $logoutTicket = $this->getTicket();
1487  break;
1488  default:
1489  phpCAS::trace('Protocoll error');
1490  break;
1491  }
1492  } else {
1493  // no ticket given, not authenticated
1494  phpCAS::trace('no ticket found');
1495  }
1496 
1497  // Mark the auth-check as complete to allow post-authentication
1498  // callbacks to make use of phpCAS::getUser() and similar methods
1499  $this->markAuthenticationCall($res);
1500 
1501  if ($res) {
1502  // call the post-authenticate callback if registered.
1503  if ($this->_postAuthenticateCallbackFunction) {
1504  $args = $this->_postAuthenticateCallbackArgs;
1505  array_unshift($args, $logoutTicket);
1506  call_user_func_array(
1507  $this->_postAuthenticateCallbackFunction, $args
1508  );
1509  }
1510 
1511  // if called with a ticket parameter, we need to redirect to the
1512  // app without the ticket so that CAS-ification is transparent
1513  // to the browser (for later POSTS) most of the checks and
1514  // errors should have been made now, so we're safe for redirect
1515  // without masking error messages. remove the ticket as a
1516  // security precaution to prevent a ticket in the HTTP_REFERRER
1517  if ($this->_clearTicketsFromUrl) {
1518  phpCAS::trace("Prepare redirect to : ".$this->getURL());
1519  session_write_close();
1520  header('Location: '.$this->getURL());
1521  flush();
1522  phpCAS::traceExit();
1523  throw new CAS_GracefullTerminationException();
1524  }
1525  }
1526  }
1527  phpCAS::traceEnd($res);
1528  return $res;
1529  }
$_SESSION
$_SESSION["AccountId"]
Definition: cfg.phpunit.template.php:10
CAS_VERSION_1_0
const CAS_VERSION_1_0
CAS version 1.0.
Definition: CAS.php:74
phpCAS
The phpCAS class is a simple container for the phpCAS library.
Definition: CAS.php:278
phpCAS\traceExit
static traceExit()
This method is used to indicate the end of the execution of the program.
Definition: CAS.php:661
CAS_VERSION_3_0
const CAS_VERSION_3_0
CAS version 3.0.
Definition: CAS.php:82
phpCAS\traceEnd
static traceEnd($res='')
This method is used to indicate the end of the execution of a function in debug mode.
Definition: CAS.php:638
CAS_Client\_validatePGT
_validatePGT(&$validate_url, $text_response, $tree_response)
This method is used to validate a PGT; halt on failure.
Definition: Client.php:2604
CAS_Client\getTicket
getTicket()
This method returns the Service Ticket provided in the URL of the request.
Definition: Client.php:1870
user
user()
Definition: user.php:4
phpCAS\trace
static trace($str)
This method is used to log something in debug mode.
Definition: CAS.php:579
CAS_Client\_wasPreviouslyAuthenticated
_wasPreviouslyAuthenticated()
This method tells if the user has already been (previously) authenticated by looking into the session...
Definition: Client.php:1549
CAS_Client\_getUser
_getUser()
This method returns the CAS user&#39;s login name.
Definition: Client.php:1134
CAS_Client\markAuthenticationCall
markAuthenticationCall($auth)
Mark the caller of authentication.
Definition: Client.php:761
CAS_GracefullTerminationException
Definition: GracefullTerminationException.php:43
CAS_VERSION_2_0
const CAS_VERSION_2_0
Definition: CAS.php:78
header
Add a drawing to the header
Definition: 04printing.php:69
CAS_Client\hasTicket
hasTicket()
This method tells if a Service Ticket was stored.
Definition: Client.php:1892
CAS_Client\validateSA
validateSA(&$validate_url, &$text_response, &$tree_response, $renew=false)
This method is used to validate a SAML TICKET; halt on failure, and sets $validate_url, $text_reponse and $tree_response on success.
Definition: Client.php:2065
CAS_Client\getURL
getURL()
This method returns the URL of the current request (without any ticket CGI parameter).
Definition: Client.php:3524
CAS_Client\getServerVersion
getServerVersion()
This method is used to retrieve the version of the CAS server.
Definition: Client.php:273
CAS
Licensed to Jasig under one or more contributor license agreements.
phpCAS\traceBegin
static traceBegin()
This method is used to indicate the start of the execution of a function in debug mode...
Definition: CAS.php:591
CAS_Client\isProxy
isProxy()
Tells if a CAS client is a CAS proxy or not.
Definition: Client.php:2242
CAS_Client\_getPGT
_getPGT()
This method returns the Proxy Granting Ticket given by the CAS server.
Definition: Client.php:2271
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ isSessionAuthenticated()

CAS_Client::isSessionAuthenticated ( )

This method tells if the current session is authenticated.

Returns
true if authenticated based soley on $_SESSION variable

Definition at line 1536 of file Client.php.

References $_SESSION.

Referenced by CAS_Client\__construct(), and CAS_Client\_wasPreviouslyAuthenticated().

1537  {
1538  return !empty($_SESSION['phpCAS']['user']);
1539  }
$_SESSION
$_SESSION["AccountId"]
Definition: cfg.phpunit.template.php:10
+ Here is the caller graph for this function:

◆ logout()

CAS_Client::logout (   $params)

This method is used to logout from CAS.

Parameters
array$paramsan array that contains the optional url and service parameters that will be passed to the CAS server
Returns
void

Definition at line 1681 of file Client.php.

References $lang, $params, phpCAS\error(), CAS_Client\getLangObj(), CAS_Client\getServerLogoutURL(), header, CAS_Client\printHTMLFooter(), CAS_Client\printHTMLHeader(), phpCAS\trace(), phpCAS\traceBegin(), and phpCAS\traceExit().

1682  {
1683  phpCAS::traceBegin();
1684  $cas_url = $this->getServerLogoutURL();
1685  $paramSeparator = '?';
1686  if (isset($params['url'])) {
1687  $cas_url = $cas_url . $paramSeparator . "url="
1688  . urlencode($params['url']);
1689  $paramSeparator = '&';
1690  }
1691  if (isset($params['service'])) {
1692  $cas_url = $cas_url . $paramSeparator . "service="
1693  . urlencode($params['service']);
1694  }
1695  header('Location: '.$cas_url);
1696  phpCAS::trace("Prepare redirect to : ".$cas_url);
1697 
1698  phpCAS::trace("Destroying session : ".session_id());
1699  session_unset();
1700  session_destroy();
1701  if (session_status() === PHP_SESSION_NONE) {
1702  phpCAS::trace("Session terminated");
1703  } else {
1704  phpCAS::error("Session was not terminated");
1705  phpCAS::trace("Session was not terminated");
1706  }
1707  $lang = $this->getLangObj();
1708  $this->printHTMLHeader($lang->getLogout());
1709  printf('<p>'.$lang->getShouldHaveBeenRedirected(). '</p>', $cas_url);
1710  $this->printHTMLFooter();
1711  phpCAS::traceExit();
1712  throw new CAS_GracefullTerminationException();
1713  }
CAS_Client\getLangObj
getLangObj()
Create the language.
Definition: Client.php:222
phpCAS\error
static error($msg)
This method is used by interface methods to print an error and where the function was originally call...
Definition: CAS.php:543
CAS_Client\printHTMLFooter
printHTMLFooter()
This method prints the footer of the HTML output (after filtering).
Definition: Client.php:129
phpCAS\traceExit
static traceExit()
This method is used to indicate the end of the execution of the program.
Definition: CAS.php:661
phpCAS\trace
static trace($str)
This method is used to log something in debug mode.
Definition: CAS.php:579
CAS_Client\getServerLogoutURL
getServerLogoutURL()
This method is used to retrieve the logout URL of the CAS server.
Definition: Client.php:541
CAS_GracefullTerminationException
Definition: GracefullTerminationException.php:43
header
Add a drawing to the header
Definition: 04printing.php:69
CAS_Client\printHTMLHeader
printHTMLHeader($title)
This method prints the header of the HTML output (after filtering).
Definition: Client.php:101
phpCAS\traceBegin
static traceBegin()
This method is used to indicate the start of the execution of a function in debug mode...
Definition: CAS.php:591
$lang
for($i=1; $i<=count($kw_cases_sel); $i+=1) $lang
Definition: langwiz.php:349
$params
$params
Definition: example_049.php:96
+ Here is the call graph for this function:

◆ redirectToCas()

CAS_Client::redirectToCas (   $gateway = false,
  $renew = false 
)

This method is used to redirect the client to the CAS server.

It is used by CAS_Client::forceAuthentication() and CAS_Client::checkAuthentication().

Parameters
bool$gatewaytrue to check authentication, false to force it
bool$renewtrue to force the authentication with the CAS server
Returns
void

Definition at line 1653 of file Client.php.

References $lang, CAS_Client\getLangObj(), CAS_Client\getServerLoginURL(), header, CAS_Client\printHTMLFooter(), CAS_Client\printHTMLHeader(), phpCAS\trace(), phpCAS\traceBegin(), and phpCAS\traceExit().

Referenced by CAS_Client\checkAuthentication(), CAS_Client\forceAuthentication(), and CAS_Client\renewAuthentication().

1654  {
1655  phpCAS::traceBegin();
1656  $cas_url = $this->getServerLoginURL($gateway, $renew);
1657  session_write_close();
1658  if (php_sapi_name() === 'cli') {
1659  @header('Location: '.$cas_url);
1660  } else {
1661  header('Location: '.$cas_url);
1662  }
1663  phpCAS::trace("Redirect to : ".$cas_url);
1664  $lang = $this->getLangObj();
1665  $this->printHTMLHeader($lang->getAuthenticationWanted());
1666  printf('<p>'. $lang->getShouldHaveBeenRedirected(). '</p>', $cas_url);
1667  $this->printHTMLFooter();
1668  phpCAS::traceExit();
1669  throw new CAS_GracefullTerminationException();
1670  }
CAS_Client\getLangObj
getLangObj()
Create the language.
Definition: Client.php:222
CAS_Client\printHTMLFooter
printHTMLFooter()
This method prints the footer of the HTML output (after filtering).
Definition: Client.php:129
phpCAS\traceExit
static traceExit()
This method is used to indicate the end of the execution of the program.
Definition: CAS.php:661
phpCAS\trace
static trace($str)
This method is used to log something in debug mode.
Definition: CAS.php:579
CAS_GracefullTerminationException
Definition: GracefullTerminationException.php:43
header
Add a drawing to the header
Definition: 04printing.php:69
CAS_Client\printHTMLHeader
printHTMLHeader($title)
This method prints the header of the HTML output (after filtering).
Definition: Client.php:101
phpCAS\traceBegin
static traceBegin()
This method is used to indicate the start of the execution of a function in debug mode...
Definition: CAS.php:591
CAS_Client\getServerLoginURL
getServerLoginURL($gateway=false, $renew=false)
This method is used to retrieve the login URL of the CAS server.
Definition: Client.php:337
$lang
for($i=1; $i<=count($kw_cases_sel); $i+=1) $lang
Definition: langwiz.php:349
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ renewAuthentication()

CAS_Client::renewAuthentication ( )

This method is called to renew the authentication of the user If the user is authenticated, renew the connection If not, redirect to CAS.

Returns
true when the user is authenticated; otherwise halt.

Definition at line 1251 of file Client.php.

References $_SESSION, $res, CAS_Client\isAuthenticated(), CAS_Client\redirectToCas(), phpCAS\trace(), phpCAS\traceBegin(), and phpCAS\traceEnd().

1252  {
1253  phpCAS::traceBegin();
1254  // Either way, the user is authenticated by CAS
1255  if (isset( $_SESSION['phpCAS']['auth_checked'])) {
1256  unset($_SESSION['phpCAS']['auth_checked']);
1257  }
1258  if ( $this->isAuthenticated(true) ) {
1259  phpCAS::trace('user already authenticated');
1260  $res = true;
1261  } else {
1262  $this->redirectToCas(false, true);
1263  // never reached
1264  $res = false;
1265  }
1266  phpCAS::traceEnd();
1267  return $res;
1268  }
$_SESSION
$_SESSION["AccountId"]
Definition: cfg.phpunit.template.php:10
phpCAS\traceEnd
static traceEnd($res='')
This method is used to indicate the end of the execution of a function in debug mode.
Definition: CAS.php:638
phpCAS\trace
static trace($str)
This method is used to log something in debug mode.
Definition: CAS.php:579
CAS_Client\isAuthenticated
isAuthenticated($renew=false)
This method is called to check if the user is authenticated (previously or by tickets given in the UR...
Definition: Client.php:1388
CAS_Client\redirectToCas
redirectToCas($gateway=false, $renew=false)
This method is used to redirect the client to the CAS server.
Definition: Client.php:1653
phpCAS\traceBegin
static traceBegin()
This method is used to indicate the start of the execution of a function in debug mode...
Definition: CAS.php:591
+ Here is the call graph for this function:

◆ setAttributes()

CAS_Client::setAttributes (   $attributes)

Set an array of attributes.

Parameters
array$attributesa key value array of attributes
Returns
void

Definition at line 1162 of file Client.php.

Referenced by CAS_Client\_readExtraAttributesCas20(), and CAS_Client\_wasPreviouslyAuthenticated().

1163  {
1164  $this->_attributes = $attributes;
1165  }
+ Here is the caller graph for this function:

◆ setCacheTimesForAuthRecheck()

CAS_Client::setCacheTimesForAuthRecheck (   $n)

Set the number of times authentication will be cached before rechecked.

Parameters
int$nnumber of times to wait for a recheck
Returns
void

Definition at line 1312 of file Client.php.

References $n.

1313  {
1314  if (gettype($n) != 'integer')
1315  throw new CAS_TypeMismatchException($n, '$n', 'string');
1316 
1317  $this->_cache_times_for_auth_recheck = $n;
1318  }
CAS_TypeMismatchException
Definition: TypeMismatchException.php:40
$n
$n
Definition: RandomTest.php:80

Variable Documentation

◆ $_attributes

CAS_Client::$_attributes
private

The Authenticated users attributes.

Written by CAS_Client::setAttributes(), read by CAS_Client::getAttributes().

Attention
client applications should use phpCAS::getAttributes().

Definition at line 1153 of file Client.php.

Referenced by CAS_Client\getAttributes().

◆ $_cache_times_for_auth_recheck

CAS_Client::$_cache_times_for_auth_recheck
private

An integer that gives the number of times authentication will be cached before rechecked.

Definition at line 1303 of file Client.php.

◆ $_user

CAS_Client::$_user
private

The Authenticated user.

Written by CAS_Client::_setUser(), read by CAS_Client::getUser().

Definition at line 1096 of file Client.php.

Referenced by CAS_Client\_getUser().