ILIAS  release_5-2 Revision v5.2.25-18-g3f80b828510
Functions
InternalProxied

Functions

 CAS_Client::validateCAS20 (&$validate_url, &$text_response, &$tree_response, $renew=false)
 This method is used to validate a cas 2.0 ST or PT; halt on failure Used for all CAS 2.0 validations. More...
 
 CAS_Client::_readExtraAttributesCas20 ($success_elements)
 This method will parse the DOM and pull out the attributes from the XML payload and put them into an array, then put the array into the session. More...
 
 CAS_Client::_addAttributeToArray (array &$attributeArray, $name, $value)
 Add an attribute value to an array of attributes. More...
 

Detailed Description

Function Documentation

◆ _addAttributeToArray()

CAS_Client::_addAttributeToArray ( array $attributeArray,
  $name,
  $value 
)
private

Add an attribute value to an array of attributes.

Parameters
array&$attributeArrayreference to array
string$namename of attribute
string$valuevalue of attribute
Returns
void

Definition at line 3461 of file Client.php.

References array.

Referenced by CAS_Client\_readExtraAttributesCas20().

3462  {
3463  // If multiple attributes exist, add as an array value
3464  if (isset($attributeArray[$name])) {
3465  // Initialize the array with the existing value
3466  if (!is_array($attributeArray[$name])) {
3467  $existingValue = $attributeArray[$name];
3468  $attributeArray[$name] = array($existingValue);
3469  }
3470 
3471  $attributeArray[$name][] = trim($value);
3472  } else {
3473  $attributeArray[$name] = trim($value);
3474  }
3475  }
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
+ Here is the caller graph for this function:

◆ _readExtraAttributesCas20()

CAS_Client::_readExtraAttributesCas20 (   $success_elements)
private

This method will parse the DOM and pull out the attributes from the XML payload and put them into an array, then put the array into the session.

Parameters
string$success_elementspayload of the response
Returns
bool true when successfull, halt otherwise by calling CAS_Client::_authError().

Definition at line 3311 of file Client.php.

References CAS_Client\_addAttributeToArray(), CAS_Client\setAttributes(), and phpCAS\traceEnd().

3312  {
3313  phpCAS::traceBegin();
3314 
3315  $extra_attributes = array();
3316 
3317  // "Jasig Style" Attributes:
3318  //
3319  // <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
3320  // <cas:authenticationSuccess>
3321  // <cas:user>jsmith</cas:user>
3322  // <cas:attributes>
3323  // <cas:attraStyle>RubyCAS</cas:attraStyle>
3324  // <cas:surname>Smith</cas:surname>
3325  // <cas:givenName>John</cas:givenName>
3326  // <cas:memberOf>CN=Staff,OU=Groups,DC=example,DC=edu</cas:memberOf>
3327  // <cas:memberOf>CN=Spanish Department,OU=Departments,OU=Groups,DC=example,DC=edu</cas:memberOf>
3328  // </cas:attributes>
3329  // <cas:proxyGrantingTicket>PGTIOU-84678-8a9d2sfa23casd</cas:proxyGrantingTicket>
3330  // </cas:authenticationSuccess>
3331  // </cas:serviceResponse>
3332  //
3333  if ($this->_casAttributeParserCallbackFunction !== null
3334  && is_callable($this->_casAttributeParserCallbackFunction)
3335  ) {
3336  array_unshift($this->_casAttributeParserCallbackArgs, $success_elements->item(0));
3337  phpCas :: trace("Calling attritubeParser callback");
3338  $extra_attributes = call_user_func_array(
3339  $this->_casAttributeParserCallbackFunction,
3340  $this->_casAttributeParserCallbackArgs
3341  );
3342  } elseif ( $success_elements->item(0)->getElementsByTagName("attributes")->length != 0) {
3343  $attr_nodes = $success_elements->item(0)
3344  ->getElementsByTagName("attributes");
3345  phpCas :: trace("Found nested jasig style attributes");
3346  if ($attr_nodes->item(0)->hasChildNodes()) {
3347  // Nested Attributes
3348  foreach ($attr_nodes->item(0)->childNodes as $attr_child) {
3349  phpCas :: trace(
3350  "Attribute [".$attr_child->localName."] = "
3351  .$attr_child->nodeValue
3352  );
3353  $this->_addAttributeToArray(
3354  $extra_attributes, $attr_child->localName,
3355  $attr_child->nodeValue
3356  );
3357  }
3358  }
3359  } else {
3360  // "RubyCAS Style" attributes
3361  //
3362  // <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
3363  // <cas:authenticationSuccess>
3364  // <cas:user>jsmith</cas:user>
3365  //
3366  // <cas:attraStyle>RubyCAS</cas:attraStyle>
3367  // <cas:surname>Smith</cas:surname>
3368  // <cas:givenName>John</cas:givenName>
3369  // <cas:memberOf>CN=Staff,OU=Groups,DC=example,DC=edu</cas:memberOf>
3370  // <cas:memberOf>CN=Spanish Department,OU=Departments,OU=Groups,DC=example,DC=edu</cas:memberOf>
3371  //
3372  // <cas:proxyGrantingTicket>PGTIOU-84678-8a9d2sfa23casd</cas:proxyGrantingTicket>
3373  // </cas:authenticationSuccess>
3374  // </cas:serviceResponse>
3375  //
3376  phpCas :: trace("Testing for rubycas style attributes");
3377  $childnodes = $success_elements->item(0)->childNodes;
3378  foreach ($childnodes as $attr_node) {
3379  switch ($attr_node->localName) {
3380  case 'user':
3381  case 'proxies':
3382  case 'proxyGrantingTicket':
3383  continue;
3384  default:
3385  if (strlen(trim($attr_node->nodeValue))) {
3386  phpCas :: trace(
3387  "Attribute [".$attr_node->localName."] = ".$attr_node->nodeValue
3388  );
3389  $this->_addAttributeToArray(
3390  $extra_attributes, $attr_node->localName,
3391  $attr_node->nodeValue
3392  );
3393  }
3394  }
3395  }
3396  }
3397 
3398  // "Name-Value" attributes.
3399  //
3400  // Attribute format from these mailing list thread:
3401  // http://jasig.275507.n4.nabble.com/CAS-attributes-and-how-they-appear-in-the-CAS-response-td264272.html
3402  // Note: This is a less widely used format, but in use by at least two institutions.
3403  //
3404  // <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
3405  // <cas:authenticationSuccess>
3406  // <cas:user>jsmith</cas:user>
3407  //
3408  // <cas:attribute name='attraStyle' value='Name-Value' />
3409  // <cas:attribute name='surname' value='Smith' />
3410  // <cas:attribute name='givenName' value='John' />
3411  // <cas:attribute name='memberOf' value='CN=Staff,OU=Groups,DC=example,DC=edu' />
3412  // <cas:attribute name='memberOf' value='CN=Spanish Department,OU=Departments,OU=Groups,DC=example,DC=edu' />
3413  //
3414  // <cas:proxyGrantingTicket>PGTIOU-84678-8a9d2sfa23casd</cas:proxyGrantingTicket>
3415  // </cas:authenticationSuccess>
3416  // </cas:serviceResponse>
3417  //
3418  if (!count($extra_attributes)
3419  && $success_elements->item(0)->getElementsByTagName("attribute")->length != 0
3420  ) {
3421  $attr_nodes = $success_elements->item(0)
3422  ->getElementsByTagName("attribute");
3423  $firstAttr = $attr_nodes->item(0);
3424  if (!$firstAttr->hasChildNodes()
3425  && $firstAttr->hasAttribute('name')
3426  && $firstAttr->hasAttribute('value')
3427  ) {
3428  phpCas :: trace("Found Name-Value style attributes");
3429  // Nested Attributes
3430  foreach ($attr_nodes as $attr_node) {
3431  if ($attr_node->hasAttribute('name')
3432  && $attr_node->hasAttribute('value')
3433  ) {
3434  phpCas :: trace(
3435  "Attribute [".$attr_node->getAttribute('name')
3436  ."] = ".$attr_node->getAttribute('value')
3437  );
3438  $this->_addAttributeToArray(
3439  $extra_attributes, $attr_node->getAttribute('name'),
3440  $attr_node->getAttribute('value')
3441  );
3442  }
3443  }
3444  }
3445  }
3446 
3447  $this->setAttributes($extra_attributes);
3448  phpCAS::traceEnd();
3449  return true;
3450  }
phpCAS\traceEnd
static traceEnd($res='')
This method is used to indicate the end of the execution of a function in debug mode.
Definition: CAS.php:638
CAS_Client\_addAttributeToArray
_addAttributeToArray(array &$attributeArray, $name, $value)
Add an attribute value to an array of attributes.
Definition: Client.php:3461
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
CAS_Client\setAttributes
setAttributes($attributes)
Set an array of attributes.
Definition: Client.php:1162
phpCAS\traceBegin
static traceBegin()
This method is used to indicate the start of the execution of a function in debug mode...
Definition: CAS.php:591
+ Here is the call graph for this function:

◆ validateCAS20()

CAS_Client::validateCAS20 ( $validate_url,
$text_response,
$tree_response,
  $renew = false 
)

This method is used to validate a cas 2.0 ST or PT; halt on failure Used for all CAS 2.0 validations.

Parameters
string&$validate_urlthe url of the reponse
string&$text_responsethe text of the repsones
string&$tree_responsethe domxml tree of the respones
bool$renewtrue to force the authentication with the CAS server
Returns
bool true when successfull and issue a CAS_AuthenticationException and false on an error

Definition at line 3166 of file Client.php.

References $result, CAS_Client\_getCallbackURL(), CAS_Client\_readURL(), CAS_Client\getAllowedProxyChains(), CAS_Client\getServerProxyValidateURL(), CAS_Client\getServerServiceValidateURL(), CAS_Client\getTicket(), CAS_Client\isProxy(), to, phpCAS\trace(), and phpCAS\traceBegin().

3167  {
3168  phpCAS::traceBegin();
3169  phpCAS::trace($text_response);
3170  $result = false;
3171  // build the URL to validate the ticket
3172  if ($this->getAllowedProxyChains()->isProxyingAllowed()) {
3173  $validate_url = $this->getServerProxyValidateURL().'&ticket='
3174  .urlencode($this->getTicket());
3175  } else {
3176  $validate_url = $this->getServerServiceValidateURL().'&ticket='
3177  .urlencode($this->getTicket());
3178  }
3179 
3180  if ( $this->isProxy() ) {
3181  // pass the callback url for CAS proxies
3182  $validate_url .= '&pgtUrl='.urlencode($this->_getCallbackURL());
3183  }
3184 
3185  if ( $renew ) {
3186  // pass the renew
3187  $validate_url .= '&renew=true';
3188  }
3189 
3190  // open and read the URL
3191  if ( !$this->_readURL($validate_url, $headers, $text_response, $err_msg) ) {
3192  phpCAS::trace(
3193  'could not open URL \''.$validate_url.'\' to validate ('.$err_msg.')'
3194  );
3195  throw new CAS_AuthenticationException(
3196  $this, 'Ticket not validated', $validate_url,
3197  true/*$no_response*/
3198  );
3199  $result = false;
3200  }
3201 
3202  // create new DOMDocument object
3203  $dom = new DOMDocument();
3204  // Fix possible whitspace problems
3205  $dom->preserveWhiteSpace = false;
3206  // CAS servers should only return data in utf-8
3207  $dom->encoding = "utf-8";
3208  // read the response of the CAS server into a DOMDocument object
3209  if ( !($dom->loadXML($text_response))) {
3210  // read failed
3211  throw new CAS_AuthenticationException(
3212  $this, 'Ticket not validated', $validate_url,
3213  false/*$no_response*/, true/*$bad_response*/, $text_response
3214  );
3215  $result = false;
3216  } else if ( !($tree_response = $dom->documentElement) ) {
3217  // read the root node of the XML tree
3218  // read failed
3219  throw new CAS_AuthenticationException(
3220  $this, 'Ticket not validated', $validate_url,
3221  false/*$no_response*/, true/*$bad_response*/, $text_response
3222  );
3223  $result = false;
3224  } else if ($tree_response->localName != 'serviceResponse') {
3225  // insure that tag name is 'serviceResponse'
3226  // bad root node
3227  throw new CAS_AuthenticationException(
3228  $this, 'Ticket not validated', $validate_url,
3229  false/*$no_response*/, true/*$bad_response*/, $text_response
3230  );
3231  $result = false;
3232  } else if ( $tree_response->getElementsByTagName("authenticationFailure")->length != 0) {
3233  // authentication failed, extract the error code and message and throw exception
3234  $auth_fail_list = $tree_response
3235  ->getElementsByTagName("authenticationFailure");
3236  throw new CAS_AuthenticationException(
3237  $this, 'Ticket not validated', $validate_url,
3238  false/*$no_response*/, false/*$bad_response*/,
3239  $text_response,
3240  $auth_fail_list->item(0)->getAttribute('code')/*$err_code*/,
3241  trim($auth_fail_list->item(0)->nodeValue)/*$err_msg*/
3242  );
3243  $result = false;
3244  } else if ($tree_response->getElementsByTagName("authenticationSuccess")->length != 0) {
3245  // authentication succeded, extract the user name
3246  $success_elements = $tree_response
3247  ->getElementsByTagName("authenticationSuccess");
3248  if ( $success_elements->item(0)->getElementsByTagName("user")->length == 0) {
3249  // no user specified => error
3250  throw new CAS_AuthenticationException(
3251  $this, 'Ticket not validated', $validate_url,
3252  false/*$no_response*/, true/*$bad_response*/, $text_response
3253  );
3254  $result = false;
3255  } else {
3256  $this->_setUser(
3257  trim(
3258  $success_elements->item(0)->getElementsByTagName("user")->item(0)->nodeValue
3259  )
3260  );
3261  $this->_readExtraAttributesCas20($success_elements);
3262  // Store the proxies we are sitting behind for authorization checking
3263  $proxyList = array();
3264  if ( sizeof($arr = $success_elements->item(0)->getElementsByTagName("proxy")) > 0) {
3265  foreach ($arr as $proxyElem) {
3266  phpCAS::trace("Found Proxy: ".$proxyElem->nodeValue);
3267  $proxyList[] = trim($proxyElem->nodeValue);
3268  }
3269  $this->_setProxies($proxyList);
3270  phpCAS::trace("Storing Proxy List");
3271  }
3272  // Check if the proxies in front of us are allowed
3273  if (!$this->getAllowedProxyChains()->isProxyListAllowed($proxyList)) {
3274  throw new CAS_AuthenticationException(
3275  $this, 'Proxy not allowed', $validate_url,
3276  false/*$no_response*/, true/*$bad_response*/,
3277  $text_response
3278  );
3279  $result = false;
3280  } else {
3281  $result = true;
3282  }
3283  }
3284  } else {
3285  throw new CAS_AuthenticationException(
3286  $this, 'Ticket not validated', $validate_url,
3287  false/*$no_response*/, true/*$bad_response*/,
3288  $text_response
3289  );
3290  $result = false;
3291  }
3292  if ($result) {
3293  $this->_renameSession($this->getTicket());
3294  }
3295  // at this step, Ticket has been validated and $this->_user has been set,
3296 
3297  phpCAS::traceEnd($result);
3298  return $result;
3299  }
to
File written to
Definition: 01pharSimple.php:86
$result
$result
Definition: CleanUpTest.php:407
CAS_Client\getServerProxyValidateURL
getServerProxyValidateURL()
This method is used to retrieve the proxy validating URL of the CAS server.
Definition: Client.php:488
CAS_Client\getTicket
getTicket()
This method returns the Service Ticket provided in the URL of the request.
Definition: Client.php:1870
phpCAS\trace
static trace($str)
This method is used to log something in debug mode.
Definition: CAS.php:579
CAS_Client\_getCallbackURL
_getCallbackURL()
This method returns the URL that should be used for the PGT callback (in fact the URL of the current ...
Definition: Client.php:2360
CAS_Client\getServerServiceValidateURL
getServerServiceValidateURL()
This method is used to retrieve the service validating URL of the CAS server.
Definition: Client.php:431
CAS_Client\_readURL
_readURL($url, &$headers, &$body, &$err_msg)
This method is used to acces a remote URL.
Definition: Client.php:2790
phpCAS\traceBegin
static traceBegin()
This method is used to indicate the start of the execution of a function in debug mode...
Definition: CAS.php:591
CAS_Client\isProxy
isProxy()
Tells if a CAS client is a CAS proxy or not.
Definition: Client.php:2242
CAS_Client\getAllowedProxyChains
getAllowedProxyChains()
Answer the CAS_ProxyChain_AllowedList object for this client.
Definition: Client.php:3137
+ Here is the call graph for this function: