ILIAS  release_5-2 Revision v5.2.25-18-g3f80b828510
Functions
CAS SAML features (SAML 1.1)
Implementation
+ Collaboration diagram for CAS SAML features (SAML 1.1):

Functions

 CAS_Client::validateSA (&$validate_url, &$text_response, &$tree_response, $renew=false)
 This method is used to validate a SAML TICKET; halt on failure, and sets $validate_url, $text_reponse and $tree_response on success. More...
 
 CAS_Client::_setSessionAttributes ($text_response)
 This method will parse the DOM and pull out the attributes from the SAML payload and put them into an array, then put the array into the session. More...
 

Detailed Description

Function Documentation

◆ _setSessionAttributes()

CAS_Client::_setSessionAttributes (   $text_response)
private

This method will parse the DOM and pull out the attributes from the SAML payload and put them into an array, then put the array into the session.

Parameters
string$text_responsethe SAML payload.
Returns
bool true when successfull and false if no attributes a found

Definition at line 2162 of file Client.php.

2163 {
2164 phpCAS::traceBegin();
2165
2166 $result = false;
2167
2168 $attr_array = array();
2169
2170 // create new DOMDocument Object
2171 $dom = new DOMDocument();
2172 // Fix possible whitspace problems
2173 $dom->preserveWhiteSpace = false;
2174 if (($dom->loadXML($text_response))) {
2175 $xPath = new DOMXpath($dom);
2176 $xPath->registerNamespace('samlp', 'urn:oasis:names:tc:SAML:1.0:protocol');
2177 $xPath->registerNamespace('saml', 'urn:oasis:names:tc:SAML:1.0:assertion');
2178 $nodelist = $xPath->query("//saml:Attribute");
2179
2180 if ($nodelist) {
2181 foreach ($nodelist as $node) {
2182 $xres = $xPath->query("saml:AttributeValue", $node);
2183 $name = $node->getAttribute("AttributeName");
2184 $value_array = array();
2185 foreach ($xres as $node2) {
2186 $value_array[] = $node2->nodeValue;
2187 }
2188 $attr_array[$name] = $value_array;
2189 }
2190 // UGent addition...
2191 foreach ($attr_array as $attr_key => $attr_value) {
2192 if (count($attr_value) > 1) {
2193 $this->_attributes[$attr_key] = $attr_value;
2194 phpCAS::trace("* " . $attr_key . "=" . print_r($attr_value, true));
2195 } else {
2196 $this->_attributes[$attr_key] = $attr_value[0];
2197 phpCAS::trace("* " . $attr_key . "=" . $attr_value[0]);
2198 }
2199 }
2200 $result = true;
2201 } else {
2202 phpCAS::trace("SAML Attributes are empty");
2203 $result = false;
2204 }
2205 }
2206 phpCAS::traceEnd($result);
2207 return $result;
2208 }
$result
$result
Definition: CleanUpTest.php:407
phpCAS\trace
static trace($str)
This method is used to log something in debug mode.
Definition: CAS.php:579
phpCAS\traceEnd
static traceEnd($res='')
This method is used to indicate the end of the execution of a function in debug mode.
Definition: CAS.php:638
phpCAS\traceBegin
static traceBegin()
This method is used to indicate the start of the execution of a function in debug mode.
Definition: CAS.php:591

References $result, phpCAS\trace(), phpCAS\traceBegin(), and phpCAS\traceEnd().

+ Here is the call graph for this function:

◆ validateSA()

CAS_Client::validateSA ( $validate_url,
$text_response,
$tree_response,
  $renew = false 
)

This method is used to validate a SAML TICKET; halt on failure, and sets $validate_url, $text_reponse and $tree_response on success.

These parameters are used later by CAS_Client::_validatePGT() for CAS proxies.

Parameters
string&$validate_urlreference to the the URL of the request to the CAS server.
string&$text_responsereference to the response of the CAS server, as is (XML text).
string&$tree_responsereference to the response of the CAS server, as a DOM XML tree.
bool$renewtrue to force the authentication with the CAS server
Returns
bool true when successfull and issue a CAS_AuthenticationException and false on an error

Definition at line 2065 of file Client.php.

2066 {
2067 phpCAS::traceBegin();
2068 $result = false;
2069 // build the URL to validate the ticket
2070 $validate_url = $this->getServerSamlValidateURL();
2071
2072 if ( $renew ) {
2073 // pass the renew
2074 $validate_url .= '&renew=true';
2075 }
2076
2077 // open and read the URL
2078 if ( !$this->_readURL($validate_url, $headers, $text_response, $err_msg) ) {
2079 phpCAS::trace(
2080 'could not open URL \''.$validate_url.'\' to validate ('.$err_msg.')'
2081 );
2082 throw new CAS_AuthenticationException(
2083 $this, 'SA not validated', $validate_url, true/*$no_response*/
2084 );
2085 }
2086
2087 phpCAS::trace('server version: '.$this->getServerVersion());
2088
2089 // analyze the result depending on the version
2090 switch ($this->getServerVersion()) {
2091 case SAML_VERSION_1_1:
2092 // create new DOMDocument Object
2093 $dom = new DOMDocument();
2094 // Fix possible whitspace problems
2095 $dom->preserveWhiteSpace = false;
2096 // read the response of the CAS server into a DOM object
2097 if (!($dom->loadXML($text_response))) {
2098 phpCAS::trace('dom->loadXML() failed');
2099 throw new CAS_AuthenticationException(
2100 $this, 'SA not validated', $validate_url,
2101 false/*$no_response*/, true/*$bad_response*/,
2102 $text_response
2103 );
2104 $result = false;
2105 }
2106 // read the root node of the XML tree
2107 if (!($tree_response = $dom->documentElement)) {
2108 phpCAS::trace('documentElement() failed');
2109 throw new CAS_AuthenticationException(
2110 $this, 'SA not validated', $validate_url,
2111 false/*$no_response*/, true/*$bad_response*/,
2112 $text_response
2113 );
2114 $result = false;
2115 } else if ( $tree_response->localName != 'Envelope' ) {
2116 // insure that tag name is 'Envelope'
2117 phpCAS::trace(
2118 'bad XML root node (should be `Envelope\' instead of `'
2119 .$tree_response->localName.'\''
2120 );
2121 throw new CAS_AuthenticationException(
2122 $this, 'SA not validated', $validate_url,
2123 false/*$no_response*/, true/*$bad_response*/,
2124 $text_response
2125 );
2126 $result = false;
2127 } else if ($tree_response->getElementsByTagName("NameIdentifier")->length != 0) {
2128 // check for the NameIdentifier tag in the SAML response
2129 $success_elements = $tree_response->getElementsByTagName("NameIdentifier");
2130 phpCAS::trace('NameIdentifier found');
2131 $user = trim($success_elements->item(0)->nodeValue);
2132 phpCAS::trace('user = `'.$user.'`');
2133 $this->_setUser($user);
2134 $this->_setSessionAttributes($text_response);
2135 $result = true;
2136 } else {
2137 phpCAS::trace('no <NameIdentifier> tag found in SAML payload');
2138 throw new CAS_AuthenticationException(
2139 $this, 'SA not validated', $validate_url,
2140 false/*$no_response*/, true/*$bad_response*/,
2141 $text_response
2142 );
2143 $result = false;
2144 }
2145 }
2146 if ($result) {
2147 $this->_renameSession($this->getTicket());
2148 }
2149 // at this step, ST has been validated and $this->_user has been set,
2150 phpCAS::traceEnd($result);
2151 return $result;
2152 }
CAS_AuthenticationException
This interface defines methods that allow proxy-authenticated service handlers to interact with phpCA...
Definition: AuthenticationException.php:51
CAS_Client\getTicket
getTicket()
This method returns the Service Ticket provided in the URL of the request.
Definition: Client.php:1870
CAS_Client\getServerSamlValidateURL
getServerSamlValidateURL()
This method is used to retrieve the SAML validating URL of the CAS server.
Definition: Client.php:463
CAS_Client\_renameSession
_renameSession($ticket)
Renaming the session.
Definition: Client.php:3676
CAS_Client\_readURL
_readURL($url, &$headers, &$body, &$err_msg)
This method is used to acces a remote URL.
Definition: Client.php:2790

Referenced by CAS_Client\isAuthenticated().

+ Here is the caller graph for this function: