The phpCAS class is a simple container for the phpCAS library. More...
Collaboration diagram for phpCAS:
Static Public Member Functions | |
| static | client ($server_version, $server_hostname, $server_port, $server_uri, $changeSessionID=true) |
| phpCAS client initializer. More... | |
| static | proxy ($server_version, $server_hostname, $server_port, $server_uri, $changeSessionID=true) |
| phpCAS proxy initializer. More... | |
| static | isInitialized () |
| Answer whether or not the client or proxy has been initialized. More... | |
| static | setDebug ($filename='') |
| Set/unset debug mode. More... | |
| static | setVerbose ($verbose) |
| Enable verbose errors messages in the website output This is a security relevant since internal status info may leak an may help an attacker. More... | |
| static | getVerbose () |
| Show is verbose mode is on. More... | |
| static | log ($str) |
| Logs a string in debug mode. More... | |
| static | error ($msg) |
| This method is used by interface methods to print an error and where the function was originally called from. More... | |
| static | trace ($str) |
| This method is used to log something in debug mode. More... | |
| static | traceBegin () |
| This method is used to indicate the start of the execution of a function in debug mode. More... | |
| static | traceEnd ($res='') |
| This method is used to indicate the end of the execution of a function in debug mode. More... | |
| static | traceExit () |
| This method is used to indicate the end of the execution of the program. More... | |
| static | setLang ($lang) |
| This method is used to set the language used by phpCAS. More... | |
| static | getVersion () |
| This method returns the phpCAS version. More... | |
| static | setHTMLHeader ($header) |
| This method sets the HTML header used for all outputs. More... | |
| static | setHTMLFooter ($footer) |
| This method sets the HTML footer used for all outputs. More... | |
| static | setPGTStorage ($storage) |
| This method can be used to set a custom PGT storage object. More... | |
| static | setPGTStorageDb ($dsn_or_pdo, $username='', $password='', $table='', $driver_options=null) |
| This method is used to tell phpCAS to store the response of the CAS server to PGT requests in a database. More... | |
| static | setPGTStorageFile ($path='') |
| This method is used to tell phpCAS to store the response of the CAS server to PGT requests onto the filesystem. More... | |
| static | getProxiedService ($type) |
| Answer a proxy-authenticated service handler. More... | |
| static | initializeProxiedService (CAS_ProxiedService $proxiedService) |
| Initialize a proxied-service handler with the proxy-ticket it should use. More... | |
| static | serviceWeb ($url, & $err_code, & $output) |
| This method is used to access an HTTP[S] service. More... | |
| static | serviceMail ($url, $service, $flags, & $err_code, & $err_msg, & $pt) |
| This method is used to access an IMAP/POP3/NNTP service. More... | |
| static | setCacheTimesForAuthRecheck ($n) |
| Set the times authentication will be cached before really accessing the CAS server in gateway mode: More... | |
| static | setCasAttributeParserCallback ($function, array $additionalArgs=array()) |
| Set a callback function to be run when receiving CAS attributes. More... | |
| static | setPostAuthenticateCallback ($function, array $additionalArgs=array()) |
| Set a callback function to be run when a user authenticates. More... | |
| static | setSingleSignoutCallback ($function, array $additionalArgs=array()) |
| Set a callback function to be run when a single-signout request is received. More... | |
| static | checkAuthentication () |
| This method is called to check if the user is already authenticated locally or has a global cas session. More... | |
| static | forceAuthentication () |
| This method is called to force authentication if the user was not already authenticated. More... | |
| static | renewAuthentication () |
| This method is called to renew the authentication. More... | |
| static | isAuthenticated () |
| This method is called to check if the user is authenticated (previously or by tickets given in the URL). More... | |
| static | isSessionAuthenticated () |
| Checks whether authenticated based on $_SESSION. More... | |
| static | getUser () |
| This method returns the CAS user's login name. More... | |
| static | getAttributes () |
| Answer attributes about the authenticated user. More... | |
| static | hasAttributes () |
| Answer true if there are attributes for the authenticated user. More... | |
| static | hasAttribute ($key) |
| Answer true if an attribute exists for the authenticated user. More... | |
| static | getAttribute ($key) |
| Answer an attribute for the authenticated user. More... | |
| static | handleLogoutRequests ($check_client=true, $allowed_clients=false) |
| Handle logout requests. More... | |
| static | getServerLoginURL () |
| This method returns the URL to be used to login. More... | |
| static | setServerLoginURL ($url='') |
| Set the login URL of the CAS server. More... | |
| static | setServerServiceValidateURL ($url='') |
| Set the serviceValidate URL of the CAS server. More... | |
| static | setServerProxyValidateURL ($url='') |
| Set the proxyValidate URL of the CAS server. More... | |
| static | setServerSamlValidateURL ($url='') |
| Set the samlValidate URL of the CAS server. More... | |
| static | getServerLogoutURL () |
| This method returns the URL to be used to login. More... | |
| static | setServerLogoutURL ($url='') |
| Set the logout URL of the CAS server. More... | |
| static | logout ($params="") |
| This method is used to logout from CAS. More... | |
| static | logoutWithRedirectService ($service) |
| This method is used to logout from CAS. More... | |
| static | logoutWithUrl ($url) |
| This method is used to logout from CAS. More... | |
| static | logoutWithRedirectServiceAndUrl ($service, $url) |
| This method is used to logout from CAS. More... | |
| static | setFixedCallbackURL ($url='') |
| Set the fixed URL that will be used by the CAS server to transmit the PGT. More... | |
| static | setFixedServiceURL ($url) |
| Set the fixed URL that will be set as the CAS service parameter. More... | |
| static | getServiceURL () |
| Get the URL that is set as the CAS service parameter. More... | |
| static | retrievePT ($target_service, & $err_code, & $err_msg) |
| Retrieve a Proxy Ticket from the CAS server. More... | |
| static | setCasServerCACert ($cert, $validate_cn=true) |
| Set the certificate of the CAS server CA and if the CN should be properly verified. More... | |
| static | setNoCasServerValidation () |
| Set no SSL validation for the CAS server. More... | |
| static | setNoClearTicketsFromUrl () |
| Disable the removal of a CAS-Ticket from the URL when authenticating DISABLING POSES A SECURITY RISK: We normally remove the ticket by an additional redirect as a security precaution to prevent a ticket in the HTTP_REFERRER or be carried over in the URL parameter. More... | |
| static | setExtraCurlOption ($key, $value) |
| Change CURL options. More... | |
| static | allowProxyChain (CAS_ProxyChain_Interface $proxy_chain) |
| If you want your service to be proxied you have to enable it (default disabled) and define an accepable list of proxies that are allowed to proxy your service. More... | |
| static | getProxies () |
| Answer an array of proxies that are sitting in front of this application. More... | |
| static | addRebroadcastNode ($rebroadcastNodeUrl) |
| Add a pgtIou/pgtId and logoutRequest rebroadcast node. More... | |
| static | addRebroadcastHeader ($header) |
| This method is used to add header parameters when rebroadcasting pgtIou/pgtId or logoutRequest. More... | |
| static | setCasClient (\CAS_Client $client) |
| For testing purposes, use this method to set the client to a test double. More... | |
Static Private Member Functions | |
| static | _validateClientExists () |
| Checks if a client already exists. More... | |
| static | _validateProxyExists () |
| Checks of a proxy client aready exists. More... | |
Static Private Attributes | |
| static | $_PHPCAS_CLIENT |
| static | $_PHPCAS_INIT_CALL |
| This variable is used to store where the initializer is called from (to print a comprehensive error in case of multiple calls). More... | |
| static | $_PHPCAS_DEBUG |
| This variable is used to store phpCAS debug mode. More... | |
| static | $_PHPCAS_VERBOSE |
| This variable is used to enable verbose mode This pevents debug info to be show to the user. More... | |
Detailed Description
The phpCAS class is a simple container for the phpCAS library.
It provides CAS authentication for web applications written in PHP.
Member Function Documentation
◆ _validateClientExists()
|
staticprivate |
Checks if a client already exists.
- Exceptions
-
CAS_OutOfSequenceBeforeClientException
- Returns
- void
Definition at line 1810 of file CAS.php.
Referenced by addRebroadcastHeader(), addRebroadcastNode(), allowProxyChain(), checkAuthentication(), forceAuthentication(), getAttribute(), getAttributes(), getServerLoginURL(), getServerLogoutURL(), getUser(), handleLogoutRequests(), hasAttribute(), hasAttributes(), isAuthenticated(), isSessionAuthenticated(), logout(), logoutWithRedirectService(), logoutWithRedirectServiceAndUrl(), renewAuthentication(), setCacheTimesForAuthRecheck(), setCasAttributeParserCallback(), setCasServerCACert(), setExtraCurlOption(), setHTMLFooter(), setHTMLHeader(), setLang(), setNoCasServerValidation(), setNoClearTicketsFromUrl(), setPostAuthenticateCallback(), setServerLoginURL(), setServerLogoutURL(), setServerProxyValidateURL(), setServerSamlValidateURL(), setServerServiceValidateURL(), and setSingleSignoutCallback().
Here is the caller graph for this function:
◆ _validateProxyExists()
|
staticprivate |
Checks of a proxy client aready exists.
- Exceptions
-
CAS_OutOfSequenceBeforeProxyException
- Returns
- void
Definition at line 1824 of file CAS.php.
Referenced by getProxiedService(), getProxies(), getServiceURL(), initializeProxiedService(), retrievePT(), serviceMail(), serviceWeb(), setFixedCallbackURL(), setFixedServiceURL(), setPGTStorage(), setPGTStorageDb(), and setPGTStorageFile().
Here is the caller graph for this function:
◆ addRebroadcastHeader()
|
static |
This method is used to add header parameters when rebroadcasting pgtIou/pgtId or logoutRequest.
- Parameters
-
String $header Header to send when rebroadcasting.
- Returns
- void
Definition at line 1789 of file CAS.php.
References $header, _validateClientExists(), error(), traceBegin(), and traceEnd().
Here is the call graph for this function:
◆ addRebroadcastNode()
|
static |
Add a pgtIou/pgtId and logoutRequest rebroadcast node.
- Parameters
-
string $rebroadcastNodeUrl The rebroadcast node URL. Can be hostname or IP.
- Returns
- void
Definition at line 1766 of file CAS.php.
References _validateClientExists(), error(), log(), traceBegin(), and traceEnd().
Here is the call graph for this function:
◆ allowProxyChain()
|
static |
If you want your service to be proxied you have to enable it (default disabled) and define an accepable list of proxies that are allowed to proxy your service.
Add each allowed proxy definition object. For the normal CAS_ProxyChain class, the constructor takes an array of proxies to match. The list is in reverse just as seen from the service. Proxies have to be defined in reverse from the service to the user. If a user hits service A and gets proxied via B to service C the list of acceptable on C would be array(B,A). The definition of an individual proxy can be either a string or a regexp (preg_match is used) that will be matched against the proxy list supplied by the cas server when validating the proxy tickets. The strings are compared starting from the beginning and must fully match with the proxies in the list. Example: phpCAS::allowProxyChain(new CAS_ProxyChain(array( 'https://app.example.com/' ))); phpCAS::allowProxyChain(new CAS_ProxyChain(array( '/^https:\/\/app[0-9].example.com\/rest\//', 'http://client.example.com/' )));
For quick testing or in certain production screnarios you might want to allow allow any other valid service to proxy your service. To do so, add the "Any" chain: phpcas::allowProxyChain(new CAS_ProxyChain_Any); THIS SETTING IS HOWEVER NOT RECOMMENDED FOR PRODUCTION AND HAS SECURITY IMPLICATIONS: YOU ARE ALLOWING ANY SERVICE TO ACT ON BEHALF OF A USER ON THIS SERVICE.
- Parameters
-
CAS_ProxyChain_Interface $proxy_chain A proxy-chain that will be matched against the proxies requesting access
- Returns
- void
Definition at line 1724 of file CAS.php.
References _validateClientExists(), CAS_VERSION_2_0, CAS_VERSION_3_0, error(), traceBegin(), and traceEnd().
Here is the call graph for this function:
◆ getProxies()
|
static |
Answer an array of proxies that are sitting in front of this application.
This method will only return a non-empty array if we have received and validated a Proxy Ticket.
- Returns
- array public
- Since
- 6/25/09
Definition at line 1747 of file CAS.php.
References _validateProxyExists().
Here is the call graph for this function:
◆ setCasClient()
|
static |
◆ setExtraCurlOption()
|
static |
Change CURL options.
CURL is used to connect through HTTPS to CAS server
- Parameters
-
string $key the option key string $value the value to set
- Returns
- void
Definition at line 1679 of file CAS.php.
References _validateClientExists(), traceBegin(), and traceEnd().
Here is the call graph for this function:
Field Documentation
◆ $_PHPCAS_CLIENT
◆ $_PHPCAS_DEBUG
|
staticprivate |
◆ $_PHPCAS_INIT_CALL
|
staticprivate |
◆ $_PHPCAS_VERBOSE
|
staticprivate |
The documentation for this class was generated from the following file:
- Services/CAS/lib/CAS.php
