ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
Functions | Variables
Authentication
Implementation
+ Collaboration diagram for Authentication:

Functions

 CAS_Client::_setUser ($user)
 This method sets the CAS user's login name. More...
 
 CAS_Client::getUser ()
 This method returns the CAS user's login name. More...
 
 CAS_Client::_getUser ()
 This method returns the CAS user's login name. More...
 
 CAS_Client::setAttributes ($attributes)
 Set an array of attributes. More...
 
 CAS_Client::getAttributes ()
 Get an key values arry of attributes. More...
 
 CAS_Client::hasAttributes ()
 Check whether attributes are available. More...
 
 CAS_Client::hasAttribute ($key)
 Check whether a specific attribute with a name is available. More...
 
 CAS_Client::_hasAttribute ($key)
 Check whether a specific attribute with a name is available. More...
 
 CAS_Client::getAttribute ($key)
 Get a specific attribute by name. More...
 
 CAS_Client::renewAuthentication ()
 This method is called to renew the authentication of the user If the user is authenticated, renew the connection If not, redirect to CAS. More...
 
 CAS_Client::forceAuthentication ()
 This method is called to be sure that the user is authenticated. More...
 
 CAS_Client::setCacheTimesForAuthRecheck ($n)
 Set the number of times authentication will be cached before rechecked. More...
 
 CAS_Client::checkAuthentication ()
 This method is called to check whether the user is authenticated or not. More...
 
 CAS_Client::isAuthenticated ($renew=false)
 This method is called to check if the user is authenticated (previously or by tickets given in the URL). More...
 
 CAS_Client::isSessionAuthenticated ()
 This method tells if the current session is authenticated. More...
 
 CAS_Client::_wasPreviouslyAuthenticated ()
 This method tells if the user has already been (previously) authenticated by looking into the session variables. More...
 
 CAS_Client::redirectToCas ($gateway=false, $renew=false)
 This method is used to redirect the client to the CAS server. More...
 
 CAS_Client::logout ($params)
 This method is used to logout from CAS. More...
 
 CAS_Client::_isLogoutRequest ()
 Check of the current request is a logout request. More...
 
 CAS_Client::handleLogoutRequests ($check_client=true, $allowed_clients=false)
 This method handles logout requests. More...
 

Variables

 CAS_Client::$_user
 The Authenticated user. More...
 
 CAS_Client::$_attributes
 The Authenticated users attributes. More...
 
 CAS_Client::$_cache_times_for_auth_recheck
 An integer that gives the number of times authentication will be cached before rechecked. More...
 

Detailed Description

Function Documentation

◆ _getUser()

CAS_Client::_getUser ( )
private

This method returns the CAS user's login name.

Returns
string the login name of the authenticated user
Warning
should be called only after CAS_Client::forceAuthentication() or CAS_Client::isAuthenticated(), otherwise halt with an error.

Definition at line 1134 of file Client.php.

1135 {
1136 // This is likely a duplicate check that could be removed....
1137 if ( empty($this->_user) ) {
1138 phpCAS::error(
1139 'this method should be used only after '.__CLASS__
1140 .'::forceAuthentication() or '.__CLASS__.'::isAuthenticated()'
1141 );
1142 }
1143 return $this->_user;
1144 }
CAS_Client\$_user
$_user
The Authenticated user.
Definition: Client.php:1096
phpCAS\error
static error($msg)
This method is used by interface methods to print an error and where the function was originally call...
Definition: CAS.php:543

References CAS_Client\$_user, and phpCAS\error().

Referenced by CAS_Client\getProxiedService(), CAS_Client\getUser(), and CAS_Client\isAuthenticated().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ _hasAttribute()

CAS_Client::_hasAttribute (   $key)
private

Check whether a specific attribute with a name is available.

Parameters
string$keyname of attribute
Returns
bool is attribute available

Definition at line 1221 of file Client.php.

1222 {
1223 return (is_array($this->_attributes)
1224 && array_key_exists($key, $this->_attributes));
1225 }
$key
$key
Definition: croninfo.php:18

References $key.

Referenced by CAS_Client\getAttribute(), and CAS_Client\hasAttribute().

+ Here is the caller graph for this function:

◆ _isLogoutRequest()

CAS_Client::_isLogoutRequest ( )
private

Check of the current request is a logout request.

Returns
bool is logout request.

Definition at line 1720 of file Client.php.

1721 {
1722 return !empty($_POST['logoutRequest']);
1723 }
$_POST
$_POST["username"]
Definition: cfg.phpunit.template.php:11

References $_POST.

Referenced by CAS_Client\__construct(), and CAS_Client\handleLogoutRequests().

+ Here is the caller graph for this function:

◆ _setUser()

CAS_Client::_setUser (   $user)
private

This method sets the CAS user's login name.

Parameters
string$userthe login name of the authenticated user.
Returns
void

Definition at line 1105 of file Client.php.

1106 {
1107 $this->_user = $user;
1108 }

Referenced by CAS_Client\_wasPreviouslyAuthenticated().

+ Here is the caller graph for this function:

◆ _wasPreviouslyAuthenticated()

CAS_Client::_wasPreviouslyAuthenticated ( )
private

This method tells if the user has already been (previously) authenticated by looking into the session variables.

Note
This function switches to callback mode when needed.
Returns
true when the user has already been authenticated; false otherwise.

Definition at line 1549 of file Client.php.

1550 {
1551 phpCAS::traceBegin();
1552
1553 if ( $this->_isCallbackMode() ) {
1554 // Rebroadcast the pgtIou and pgtId to all nodes
1555 if ($this->_rebroadcast&&!isset($_POST['rebroadcast'])) {
1556 $this->_rebroadcast(self::PGTIOU);
1557 }
1558 $this->_callback();
1559 }
1560
1561 $auth = false;
1562
1563 if ( $this->isProxy() ) {
1564 // CAS proxy: username and PGT must be present
1565 if ( $this->isSessionAuthenticated()
1566 && !empty($_SESSION['phpCAS']['pgt'])
1567 ) {
1568 // authentication already done
1569 $this->_setUser($_SESSION['phpCAS']['user']);
1570 if (isset($_SESSION['phpCAS']['attributes'])) {
1571 $this->setAttributes($_SESSION['phpCAS']['attributes']);
1572 }
1573 $this->_setPGT($_SESSION['phpCAS']['pgt']);
1574 phpCAS::trace(
1575 'user = `'.$_SESSION['phpCAS']['user'].'\', PGT = `'
1576 .$_SESSION['phpCAS']['pgt'].'\''
1577 );
1578
1579 // Include the list of proxies
1580 if (isset($_SESSION['phpCAS']['proxies'])) {
1581 $this->_setProxies($_SESSION['phpCAS']['proxies']);
1582 phpCAS::trace(
1583 'proxies = "'
1584 .implode('", "', $_SESSION['phpCAS']['proxies']).'"'
1585 );
1586 }
1587
1588 $auth = true;
1589 } elseif ( $this->isSessionAuthenticated()
1590 && empty($_SESSION['phpCAS']['pgt'])
1591 ) {
1592 // these two variables should be empty or not empty at the same time
1593 phpCAS::trace(
1594 'username found (`'.$_SESSION['phpCAS']['user']
1595 .'\') but PGT is empty'
1596 );
1597 // unset all tickets to enforce authentication
1598 unset($_SESSION['phpCAS']);
1599 $this->setTicket('');
1600 } elseif ( !$this->isSessionAuthenticated()
1601 && !empty($_SESSION['phpCAS']['pgt'])
1602 ) {
1603 // these two variables should be empty or not empty at the same time
1604 phpCAS::trace(
1605 'PGT found (`'.$_SESSION['phpCAS']['pgt']
1606 .'\') but username is empty'
1607 );
1608 // unset all tickets to enforce authentication
1609 unset($_SESSION['phpCAS']);
1610 $this->setTicket('');
1611 } else {
1612 phpCAS::trace('neither user nor PGT found');
1613 }
1614 } else {
1615 // `simple' CAS client (not a proxy): username must be present
1616 if ( $this->isSessionAuthenticated() ) {
1617 // authentication already done
1618 $this->_setUser($_SESSION['phpCAS']['user']);
1619 if (isset($_SESSION['phpCAS']['attributes'])) {
1620 $this->setAttributes($_SESSION['phpCAS']['attributes']);
1621 }
1622 phpCAS::trace('user = `'.$_SESSION['phpCAS']['user'].'\'');
1623
1624 // Include the list of proxies
1625 if (isset($_SESSION['phpCAS']['proxies'])) {
1626 $this->_setProxies($_SESSION['phpCAS']['proxies']);
1627 phpCAS::trace(
1628 'proxies = "'
1629 .implode('", "', $_SESSION['phpCAS']['proxies']).'"'
1630 );
1631 }
1632
1633 $auth = true;
1634 } else {
1635 phpCAS::trace('no user found');
1636 }
1637 }
1638
1639 phpCAS::traceEnd($auth);
1640 return $auth;
1641 }
$auth
$auth
Definition: metadata.php:48
$_SESSION
$_SESSION["AccountId"]
Definition: cfg.phpunit.template.php:10
phpCAS
The phpCAS class is a simple container for the phpCAS library.
Definition: CAS.php:279
CAS_Client\isSessionAuthenticated
isSessionAuthenticated()
This method tells if the current session is authenticated.
Definition: Client.php:1536
CAS_Client\_setUser
_setUser($user)
This method sets the CAS user's login name.
Definition: Client.php:1105
CAS_Client\setAttributes
setAttributes($attributes)
Set an array of attributes.
Definition: Client.php:1162
CAS_Client\setTicket
setTicket($st)
This method stores the Service Ticket.
Definition: Client.php:1882
CAS_Client\_callback
_callback()
This method is called by CAS_Client::CAS_Client() when running in callback mode.
Definition: Client.php:2400
CAS_Client\_isCallbackMode
_isCallbackMode()
This method returns true when the CAs client is running i callback mode, false otherwise.
Definition: Client.php:2339
CAS_Client\_rebroadcast
_rebroadcast($type)
This method rebroadcasts logout/pgtIou requests.
Definition: Client.php:3860
CAS_Client\isProxy
isProxy()
Tells if a CAS client is a CAS proxy or not.
Definition: Client.php:2242
CAS_Client\_setPGT
_setPGT($pgt)
This method stores the Proxy Granting Ticket.
Definition: Client.php:2283
CAS_Client\_setProxies
_setProxies($proxies)
Set the Proxy array, probably from persistant storage.
Definition: Client.php:3110
phpCAS\trace
static trace($str)
This method is used to log something in debug mode.
Definition: CAS.php:579
phpCAS\traceEnd
static traceEnd($res='')
This method is used to indicate the end of the execution of a function in debug mode.
Definition: CAS.php:638
phpCAS\traceBegin
static traceBegin()
This method is used to indicate the start of the execution of a function in debug mode.
Definition: CAS.php:591

References $_POST, $_SESSION, $auth, CAS_Client\_callback(), CAS_Client\_isCallbackMode(), CAS_Client\_rebroadcast(), CAS_Client\_setPGT(), CAS_Client\_setProxies(), CAS_Client\_setUser(), CAS_Client\isProxy(), CAS_Client\isSessionAuthenticated(), CAS_Client\setAttributes(), CAS_Client\setTicket(), phpCAS\trace(), phpCAS\traceBegin(), and phpCAS\traceEnd().

Referenced by CAS_Client\isAuthenticated().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ checkAuthentication()

CAS_Client::checkAuthentication ( )

This method is called to check whether the user is authenticated or not.

Returns
true when the user is authenticated, false when a previous gateway login failed or the function will not return if the user is redirected to the cas server for a gateway login attempt

Definition at line 1327 of file Client.php.

1328 {
1329 phpCAS::traceBegin();
1330 $res = false;
1331 if ( $this->isAuthenticated() ) {
1332 phpCAS::trace('user is authenticated');
1333 /* The 'auth_checked' variable is removed just in case it's set. */
1334 unset($_SESSION['phpCAS']['auth_checked']);
1335 $res = true;
1336 } else if (isset($_SESSION['phpCAS']['auth_checked'])) {
1337 // the previous request has redirected the client to the CAS server
1338 // with gateway=true
1339 unset($_SESSION['phpCAS']['auth_checked']);
1340 $res = false;
1341 } else {
1342 // avoid a check against CAS on every request
1343 if (!isset($_SESSION['phpCAS']['unauth_count'])) {
1344 $_SESSION['phpCAS']['unauth_count'] = -2; // uninitialized
1345 }
1346
1347 if (($_SESSION['phpCAS']['unauth_count'] != -2
1348 && $this->_cache_times_for_auth_recheck == -1)
1349 || ($_SESSION['phpCAS']['unauth_count'] >= 0
1350 && $_SESSION['phpCAS']['unauth_count'] < $this->_cache_times_for_auth_recheck)
1351 ) {
1352 $res = false;
1353
1354 if ($this->_cache_times_for_auth_recheck != -1) {
1355 $_SESSION['phpCAS']['unauth_count']++;
1356 phpCAS::trace(
1357 'user is not authenticated (cached for '
1358 .$_SESSION['phpCAS']['unauth_count'].' times of '
1359 .$this->_cache_times_for_auth_recheck.')'
1360 );
1361 } else {
1362 phpCAS::trace(
1363 'user is not authenticated (cached for until login pressed)'
1364 );
1365 }
1366 } else {
1367 $_SESSION['phpCAS']['unauth_count'] = 0;
1368 $_SESSION['phpCAS']['auth_checked'] = true;
1369 phpCAS::trace('user is not authenticated (cache reset)');
1370 $this->redirectToCas(true/* gateway */);
1371 // never reached
1372 $res = false;
1373 }
1374 }
1375 phpCAS::traceEnd($res);
1376 return $res;
1377 }
CAS_Client\isAuthenticated
isAuthenticated($renew=false)
This method is called to check if the user is authenticated (previously or by tickets given in the UR...
Definition: Client.php:1388
CAS_Client\redirectToCas
redirectToCas($gateway=false, $renew=false)
This method is used to redirect the client to the CAS server.
Definition: Client.php:1653
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15

References $_SESSION, $res, CAS_Client\isAuthenticated(), CAS_Client\redirectToCas(), phpCAS\trace(), phpCAS\traceBegin(), and phpCAS\traceEnd().

+ Here is the call graph for this function:

◆ forceAuthentication()

CAS_Client::forceAuthentication ( )

This method is called to be sure that the user is authenticated.

When not authenticated, halt by redirecting to the CAS server; otherwise return true.

Returns
true when the user is authenticated; otherwise halt.

Definition at line 1276 of file Client.php.

1277 {
1278 phpCAS::traceBegin();
1279
1280 if ( $this->isAuthenticated() ) {
1281 // the user is authenticated, nothing to be done.
1282 phpCAS::trace('no need to authenticate');
1283 $res = true;
1284 } else {
1285 // the user is not authenticated, redirect to the CAS server
1286 if (isset($_SESSION['phpCAS']['auth_checked'])) {
1287 unset($_SESSION['phpCAS']['auth_checked']);
1288 }
1289 $this->redirectToCas(false/* no gateway */);
1290 // never reached
1291 $res = false;
1292 }
1293 phpCAS::traceEnd($res);
1294 return $res;
1295 }

References $_SESSION, $res, CAS_Client\isAuthenticated(), CAS_Client\redirectToCas(), phpCAS\trace(), phpCAS\traceBegin(), and phpCAS\traceEnd().

+ Here is the call graph for this function:

◆ getAttribute()

CAS_Client::getAttribute (   $key)

Get a specific attribute by name.

Parameters
string$keyname of attribute
Returns
string attribute values

Definition at line 1234 of file Client.php.

1235 {
1236 // Sequence validation
1237 $this->ensureAuthenticationCallSuccessful();
1238
1239 if ($this->_hasAttribute($key)) {
1240 return $this->_attributes[$key];
1241 }
1242 }
CAS_Client\_hasAttribute
_hasAttribute($key)
Check whether a specific attribute with a name is available.
Definition: Client.php:1221
CAS_Client\ensureAuthenticationCallSuccessful
ensureAuthenticationCallSuccessful()
Ensure that authentication was checked.
Definition: Client.php:822

References $key, CAS_Client\_hasAttribute(), and CAS_Client\ensureAuthenticationCallSuccessful().

+ Here is the call graph for this function:

◆ getAttributes()

CAS_Client::getAttributes ( )

Get an key values arry of attributes.

Returns
arry of attributes

Definition at line 1172 of file Client.php.

1173 {
1174 // Sequence validation
1175 $this->ensureAuthenticationCallSuccessful();
1176 // This is likely a duplicate check that could be removed....
1177 if ( empty($this->_user) ) {
1178 // if no user is set, there shouldn't be any attributes also...
1179 phpCAS::error(
1180 'this method should be used only after '.__CLASS__
1181 .'::forceAuthentication() or '.__CLASS__.'::isAuthenticated()'
1182 );
1183 }
1184 return $this->_attributes;
1185 }
CAS_Client\$_attributes
$_attributes
The Authenticated users attributes.
Definition: Client.php:1153

References CAS_Client\$_attributes, CAS_Client\ensureAuthenticationCallSuccessful(), and phpCAS\error().

+ Here is the call graph for this function:

◆ getUser()

CAS_Client::getUser ( )

This method returns the CAS user's login name.

Returns
string the login name of the authenticated user
Warning
should be called only after CAS_Client::forceAuthentication() or CAS_Client::isAuthenticated(), otherwise halt with an error.

Definition at line 1118 of file Client.php.

1119 {
1120 // Sequence validation
1121 $this->ensureAuthenticationCallSuccessful();
1122
1123 return $this->_getUser();
1124 }
CAS_Client\_getUser
_getUser()
This method returns the CAS user's login name.
Definition: Client.php:1134

References CAS_Client\_getUser(), and CAS_Client\ensureAuthenticationCallSuccessful().

+ Here is the call graph for this function:

◆ handleLogoutRequests()

CAS_Client::handleLogoutRequests (   $check_client = true,
  $allowed_clients = false 
)

This method handles logout requests.

Parameters
bool$check_clienttrue to check the client bofore handling the request, false not to perform any access control. True by default.
bool$allowed_clientsan array of host names allowed to send logout requests.
Returns
void

Definition at line 1735 of file Client.php.

1736 {
1737 phpCAS::traceBegin();
1738 if (!$this->_isLogoutRequest()) {
1739 phpCAS::trace("Not a logout request");
1740 phpCAS::traceEnd();
1741 return;
1742 }
1743 if (!$this->getChangeSessionID()
1744 && is_null($this->_signoutCallbackFunction)
1745 ) {
1746 phpCAS::trace(
1747 "phpCAS can't handle logout requests if it is not allowed to change session_id."
1748 );
1749 }
1750 phpCAS::trace("Logout requested");
1751 $decoded_logout_rq = urldecode($_POST['logoutRequest']);
1752 phpCAS::trace("SAML REQUEST: ".$decoded_logout_rq);
1753 $allowed = false;
1754 if ($check_client) {
1755 if (!$allowed_clients) {
1756 $allowed_clients = array( $this->_getServerHostname() );
1757 }
1758 $client_ip = $_SERVER['REMOTE_ADDR'];
1759 $client = gethostbyaddr($client_ip);
1760 phpCAS::trace("Client: ".$client."/".$client_ip);
1761 foreach ($allowed_clients as $allowed_client) {
1762 if (($client == $allowed_client)
1763 || ($client_ip == $allowed_client)
1764 ) {
1765 phpCAS::trace(
1766 "Allowed client '".$allowed_client
1767 ."' matches, logout request is allowed"
1768 );
1769 $allowed = true;
1770 break;
1771 } else {
1772 phpCAS::trace(
1773 "Allowed client '".$allowed_client."' does not match"
1774 );
1775 }
1776 }
1777 } else {
1778 phpCAS::trace("No access control set");
1779 $allowed = true;
1780 }
1781 // If Logout command is permitted proceed with the logout
1782 if ($allowed) {
1783 phpCAS::trace("Logout command allowed");
1784 // Rebroadcast the logout request
1785 if ($this->_rebroadcast && !isset($_POST['rebroadcast'])) {
1786 $this->_rebroadcast(self::LOGOUT);
1787 }
1788 // Extract the ticket from the SAML Request
1789 preg_match(
1790 "|<samlp:SessionIndex>(.*)</samlp:SessionIndex>|",
1791 $decoded_logout_rq, $tick, PREG_OFFSET_CAPTURE, 3
1792 );
1793 $wrappedSamlSessionIndex = preg_replace(
1794 '|<samlp:SessionIndex>|', '', $tick[0][0]
1795 );
1796 $ticket2logout = preg_replace(
1797 '|</samlp:SessionIndex>|', '', $wrappedSamlSessionIndex
1798 );
1799 phpCAS::trace("Ticket to logout: ".$ticket2logout);
1800
1801 // call the post-authenticate callback if registered.
1802 if ($this->_signoutCallbackFunction) {
1803 $args = $this->_signoutCallbackArgs;
1804 array_unshift($args, $ticket2logout);
1805 call_user_func_array($this->_signoutCallbackFunction, $args);
1806 }
1807
1808 // If phpCAS is managing the session_id, destroy session thanks to
1809 // session_id.
1810 if ($this->getChangeSessionID()) {
1811 $session_id = preg_replace('/[^a-zA-Z0-9\-]/', '', $ticket2logout);
1812 phpCAS::trace("Session id: ".$session_id);
1813
1814 // destroy a possible application session created before phpcas
1815 if (session_id() !== "") {
1816 session_unset();
1817 session_destroy();
1818 }
1819 // fix session ID
1820 session_id($session_id);
1821 $_COOKIE[session_name()]=$session_id;
1822 $_GET[session_name()]=$session_id;
1823
1824 // Overwrite session
1825 session_start();
1826 session_unset();
1827 session_destroy();
1828 phpCAS::trace("Session ". $session_id . " destroyed");
1829 }
1830 } else {
1831 phpCAS::error("Unauthorized logout request from client '".$client."'");
1832 phpCAS::trace("Unauthorized logout request from client '".$client."'");
1833 }
1834 flush();
1835 phpCAS::traceExit();
1836 throw new CAS_GracefullTerminationException();
1837
1838 }
$_COOKIE
$_COOKIE['client_id']
Definition: server.php:9
$client
$client
Definition: resume.php:9
$_GET
$_GET["client_id"]
Definition: cfg.phpunit.template.php:12
CAS_GracefullTerminationException
Definition: GracefullTerminationException.php:46
CAS_Client\_isLogoutRequest
_isLogoutRequest()
Check of the current request is a logout request.
Definition: Client.php:1720
CAS_Client\$_signoutCallbackArgs
$_signoutCallbackArgs
Definition: Client.php:712
CAS_Client\_getServerHostname
_getServerHostname()
This method is used to retrieve the hostname of the CAS server.
Definition: Client.php:283
CAS_Client\getChangeSessionID
getChangeSessionID()
Get whether phpCas is allowed to change session_id.
Definition: Client.php:1072
phpCAS\traceExit
static traceExit()
This method is used to indicate the end of the execution of the program.
Definition: CAS.php:661
$_SERVER
if((!isset($_SERVER['DOCUMENT_ROOT'])) OR(empty($_SERVER['DOCUMENT_ROOT']))) $_SERVER['DOCUMENT_ROOT']
Definition: tcpdf_autoconfig.php:54

References $_COOKIE, $_GET, $_POST, $_SERVER, CAS_Client\$_signoutCallbackArgs, $client, CAS_Client\_getServerHostname(), CAS_Client\_isLogoutRequest(), CAS_Client\_rebroadcast(), phpCAS\error(), CAS_Client\getChangeSessionID(), phpCAS\trace(), phpCAS\traceBegin(), phpCAS\traceEnd(), and phpCAS\traceExit().

+ Here is the call graph for this function:

◆ hasAttribute()

CAS_Client::hasAttribute (   $key)

Check whether a specific attribute with a name is available.

Parameters
string$keyname of attribute
Returns
bool is attribute available

Definition at line 1206 of file Client.php.

1207 {
1208 // Sequence validation
1209 $this->ensureAuthenticationCallSuccessful();
1210
1211 return $this->_hasAttribute($key);
1212 }

References $key, CAS_Client\_hasAttribute(), and CAS_Client\ensureAuthenticationCallSuccessful().

+ Here is the call graph for this function:

◆ hasAttributes()

CAS_Client::hasAttributes ( )

Check whether attributes are available.

Returns
bool attributes available

Definition at line 1192 of file Client.php.

1193 {
1194 // Sequence validation
1195 $this->ensureAuthenticationCallSuccessful();
1196
1197 return !empty($this->_attributes);
1198 }

References CAS_Client\ensureAuthenticationCallSuccessful().

+ Here is the call graph for this function:

◆ isAuthenticated()

CAS_Client::isAuthenticated (   $renew = false)

This method is called to check if the user is authenticated (previously or by tickets given in the URL).

Parameters
bool$renewtrue to force the authentication with the CAS server
Returns
true when the user is authenticated. Also may redirect to the same URL without the ticket.

Definition at line 1388 of file Client.php.

1389 {
1390 phpCAS::traceBegin();
1391 $res = false;
1392 $validate_url = '';
1393 if ( $this->_wasPreviouslyAuthenticated() ) {
1394 if ($this->hasTicket()) {
1395 // User has a additional ticket but was already authenticated
1396 phpCAS::trace(
1397 'ticket was present and will be discarded, use renewAuthenticate()'
1398 );
1399 if ($this->_clearTicketsFromUrl) {
1400 phpCAS::trace("Prepare redirect to : ".$this->getURL());
1401 session_write_close();
1402 header('Location: '.$this->getURL());
1403 flush();
1404 phpCAS::traceExit();
1405 throw new CAS_GracefullTerminationException();
1406 } else {
1407 phpCAS::trace(
1408 'Already authenticated, but skipping ticket clearing since setNoClearTicketsFromUrl() was used.'
1409 );
1410 $res = true;
1411 }
1412 } else {
1413 // the user has already (previously during the session) been
1414 // authenticated, nothing to be done.
1415 phpCAS::trace(
1416 'user was already authenticated, no need to look for tickets'
1417 );
1418 $res = true;
1419 }
1420
1421 // Mark the auth-check as complete to allow post-authentication
1422 // callbacks to make use of phpCAS::getUser() and similar methods
1423 $this->markAuthenticationCall($res);
1424 } else {
1425 if ($this->hasTicket()) {
1426 switch ($this->getServerVersion()) {
1427 case CAS_VERSION_1_0:
1428 // if a Service Ticket was given, validate it
1429 phpCAS::trace(
1430 'CAS 1.0 ticket `'.$this->getTicket().'\' is present'
1431 );
1432 $this->validateCAS10(
1433 $validate_url, $text_response, $tree_response, $renew
1434 ); // if it fails, it halts
1435 phpCAS::trace(
1436 'CAS 1.0 ticket `'.$this->getTicket().'\' was validated'
1437 );
1438 $_SESSION['phpCAS']['user'] = $this->_getUser();
1439 $res = true;
1440 $logoutTicket = $this->getTicket();
1441 break;
1442 case CAS_VERSION_2_0:
1443 case CAS_VERSION_3_0:
1444 // if a Proxy Ticket was given, validate it
1445 phpCAS::trace(
1446 'CAS '.$this->getServerVersion().' ticket `'.$this->getTicket().'\' is present'
1447 );
1448 $this->validateCAS20(
1449 $validate_url, $text_response, $tree_response, $renew
1450 ); // note: if it fails, it halts
1451 phpCAS::trace(
1452 'CAS '.$this->getServerVersion().' ticket `'.$this->getTicket().'\' was validated'
1453 );
1454 if ( $this->isProxy() ) {
1455 $this->_validatePGT(
1456 $validate_url, $text_response, $tree_response
1457 ); // idem
1458 phpCAS::trace('PGT `'.$this->_getPGT().'\' was validated');
1459 $_SESSION['phpCAS']['pgt'] = $this->_getPGT();
1460 }
1461 $_SESSION['phpCAS']['user'] = $this->_getUser();
1462 if (!empty($this->_attributes)) {
1463 $_SESSION['phpCAS']['attributes'] = $this->_attributes;
1464 }
1465 $proxies = $this->getProxies();
1466 if (!empty($proxies)) {
1467 $_SESSION['phpCAS']['proxies'] = $this->getProxies();
1468 }
1469 $res = true;
1470 $logoutTicket = $this->getTicket();
1471 break;
1472 case SAML_VERSION_1_1:
1473 // if we have a SAML ticket, validate it.
1474 phpCAS::trace(
1475 'SAML 1.1 ticket `'.$this->getTicket().'\' is present'
1476 );
1477 $this->validateSA(
1478 $validate_url, $text_response, $tree_response, $renew
1479 ); // if it fails, it halts
1480 phpCAS::trace(
1481 'SAML 1.1 ticket `'.$this->getTicket().'\' was validated'
1482 );
1483 $_SESSION['phpCAS']['user'] = $this->_getUser();
1484 $_SESSION['phpCAS']['attributes'] = $this->_attributes;
1485 $res = true;
1486 $logoutTicket = $this->getTicket();
1487 break;
1488 default:
1489 phpCAS::trace('Protocoll error');
1490 break;
1491 }
1492 } else {
1493 // no ticket given, not authenticated
1494 phpCAS::trace('no ticket found');
1495 }
1496
1497 // Mark the auth-check as complete to allow post-authentication
1498 // callbacks to make use of phpCAS::getUser() and similar methods
1499 $this->markAuthenticationCall($res);
1500
1501 if ($res) {
1502 // call the post-authenticate callback if registered.
1503 if ($this->_postAuthenticateCallbackFunction) {
1504 $args = $this->_postAuthenticateCallbackArgs;
1505 array_unshift($args, $logoutTicket);
1506 call_user_func_array(
1507 $this->_postAuthenticateCallbackFunction, $args
1508 );
1509 }
1510
1511 // if called with a ticket parameter, we need to redirect to the
1512 // app without the ticket so that CAS-ification is transparent
1513 // to the browser (for later POSTS) most of the checks and
1514 // errors should have been made now, so we're safe for redirect
1515 // without masking error messages. remove the ticket as a
1516 // security precaution to prevent a ticket in the HTTP_REFERRER
1517 if ($this->_clearTicketsFromUrl) {
1518 phpCAS::trace("Prepare redirect to : ".$this->getURL());
1519 session_write_close();
1520 header('Location: '.$this->getURL());
1521 flush();
1522 phpCAS::traceExit();
1523 throw new CAS_GracefullTerminationException();
1524 }
1525 }
1526 }
1527 phpCAS::traceEnd($res);
1528 return $res;
1529 }
user
user()
Definition: user.php:4
CAS
Licensed to Jasig under one or more contributor license agreements.
error
error($a_errmsg)
set error message @access public
Definition: class.ilIniFile.php:395
CAS_Client\_wasPreviouslyAuthenticated
_wasPreviouslyAuthenticated()
This method tells if the user has already been (previously) authenticated by looking into the session...
Definition: Client.php:1549
CAS_Client\hasTicket
hasTicket()
This method tells if a Service Ticket was stored.
Definition: Client.php:1892
CAS_Client\getTicket
getTicket()
This method returns the Service Ticket provided in the URL of the request.
Definition: Client.php:1870
CAS_Client\markAuthenticationCall
markAuthenticationCall($auth)
Mark the caller of authentication.
Definition: Client.php:761
CAS_Client\getServerVersion
getServerVersion()
This method is used to retrieve the version of the CAS server.
Definition: Client.php:273
CAS_Client\getURL
getURL()
This method returns the URL of the current request (without any ticket CGI parameter).
Definition: Client.php:3524
CAS_Client\_validatePGT
_validatePGT(&$validate_url, $text_response, $tree_response)
This method is used to validate a PGT; halt on failure.
Definition: Client.php:2604
CAS_Client\_getPGT
_getPGT()
This method returns the Proxy Granting Ticket given by the CAS server.
Definition: Client.php:2271
CAS_Client\validateSA
validateSA(&$validate_url, &$text_response, &$tree_response, $renew=false)
This method is used to validate a SAML TICKET; halt on failure, and sets $validate_url,...
Definition: Client.php:2065
CAS_VERSION_3_0
const CAS_VERSION_3_0
CAS version 3.0.
Definition: CAS.php:82
CAS_VERSION_1_0
const CAS_VERSION_1_0
CAS version 1.0.
Definition: CAS.php:74
CAS_VERSION_2_0
const CAS_VERSION_2_0
Definition: CAS.php:78

References $_SESSION, $res, CAS_Client\_getPGT(), CAS_Client\_getUser(), CAS_Client\_validatePGT(), CAS_Client\_wasPreviouslyAuthenticated(), CAS_VERSION_1_0, CAS_VERSION_2_0, CAS_VERSION_3_0, error(), CAS_Client\getServerVersion(), CAS_Client\getTicket(), CAS_Client\getURL(), CAS_Client\hasTicket(), CAS_Client\isProxy(), CAS_Client\markAuthenticationCall(), phpCAS\trace(), phpCAS\traceBegin(), phpCAS\traceEnd(), phpCAS\traceExit(), user(), and CAS_Client\validateSA().

Referenced by CAS_Client\checkAuthentication(), CAS_Client\forceAuthentication(), and CAS_Client\renewAuthentication().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ isSessionAuthenticated()

CAS_Client::isSessionAuthenticated ( )

This method tells if the current session is authenticated.

Returns
true if authenticated based soley on $_SESSION variable

Definition at line 1536 of file Client.php.

1537 {
1538 return !empty($_SESSION['phpCAS']['user']);
1539 }

References $_SESSION.

Referenced by CAS_Client\__construct(), and CAS_Client\_wasPreviouslyAuthenticated().

+ Here is the caller graph for this function:

◆ logout()

CAS_Client::logout (   $params)

This method is used to logout from CAS.

Parameters
array$paramsan array that contains the optional url and service parameters that will be passed to the CAS server
Returns
void

Definition at line 1681 of file Client.php.

1682 {
1683 phpCAS::traceBegin();
1684 $cas_url = $this->getServerLogoutURL();
1685 $paramSeparator = '?';
1686 if (isset($params['url'])) {
1687 $cas_url = $cas_url . $paramSeparator . "url="
1688 . urlencode($params['url']);
1689 $paramSeparator = '&';
1690 }
1691 if (isset($params['service'])) {
1692 $cas_url = $cas_url . $paramSeparator . "service="
1693 . urlencode($params['service']);
1694 }
1695 header('Location: '.$cas_url);
1696 phpCAS::trace("Prepare redirect to : ".$cas_url);
1697
1698 phpCAS::trace("Destroying session : ".session_id());
1699 session_unset();
1700 session_destroy();
1701 if (session_status() === PHP_SESSION_NONE) {
1702 phpCAS::trace("Session terminated");
1703 } else {
1704 phpCAS::error("Session was not terminated");
1705 phpCAS::trace("Session was not terminated");
1706 }
1707 $lang = $this->getLangObj();
1708 $this->printHTMLHeader($lang->getLogout());
1709 printf('<p>'.$lang->getShouldHaveBeenRedirected(). '</p>', $cas_url);
1710 $this->printHTMLFooter();
1711 phpCAS::traceExit();
1712 throw new CAS_GracefullTerminationException();
1713 }
$lang
$lang
Definition: consent.php:3
CAS_Client\getServerLogoutURL
getServerLogoutURL()
This method is used to retrieve the logout URL of the CAS server.
Definition: Client.php:541
CAS_Client\getLangObj
getLangObj()
Create the language.
Definition: Client.php:222
CAS_Client\printHTMLFooter
printHTMLFooter()
This method prints the footer of the HTML output (after filtering).
Definition: Client.php:129
CAS_Client\printHTMLHeader
printHTMLHeader($title)
This method prints the header of the HTML output (after filtering).
Definition: Client.php:101
$params
$params
Definition: disable.php:11

References $lang, $params, phpCAS\error(), CAS_Client\getLangObj(), CAS_Client\getServerLogoutURL(), CAS_Client\printHTMLFooter(), CAS_Client\printHTMLHeader(), phpCAS\trace(), phpCAS\traceBegin(), and phpCAS\traceExit().

+ Here is the call graph for this function:

◆ redirectToCas()

CAS_Client::redirectToCas (   $gateway = false,
  $renew = false 
)

This method is used to redirect the client to the CAS server.

It is used by CAS_Client::forceAuthentication() and CAS_Client::checkAuthentication().

Parameters
bool$gatewaytrue to check authentication, false to force it
bool$renewtrue to force the authentication with the CAS server
Returns
void

Definition at line 1653 of file Client.php.

1654 {
1655 phpCAS::traceBegin();
1656 $cas_url = $this->getServerLoginURL($gateway, $renew);
1657 session_write_close();
1658 if (php_sapi_name() === 'cli') {
1659 @header('Location: '.$cas_url);
1660 } else {
1661 header('Location: '.$cas_url);
1662 }
1663 phpCAS::trace("Redirect to : ".$cas_url);
1664 $lang = $this->getLangObj();
1665 $this->printHTMLHeader($lang->getAuthenticationWanted());
1666 printf('<p>'. $lang->getShouldHaveBeenRedirected(). '</p>', $cas_url);
1667 $this->printHTMLFooter();
1668 phpCAS::traceExit();
1669 throw new CAS_GracefullTerminationException();
1670 }
CAS_Client\getServerLoginURL
getServerLoginURL($gateway=false, $renew=false)
This method is used to retrieve the login URL of the CAS server.
Definition: Client.php:337

References $lang, CAS_Client\getLangObj(), CAS_Client\getServerLoginURL(), CAS_Client\printHTMLFooter(), CAS_Client\printHTMLHeader(), phpCAS\trace(), phpCAS\traceBegin(), and phpCAS\traceExit().

Referenced by CAS_Client\checkAuthentication(), CAS_Client\forceAuthentication(), and CAS_Client\renewAuthentication().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ renewAuthentication()

CAS_Client::renewAuthentication ( )

This method is called to renew the authentication of the user If the user is authenticated, renew the connection If not, redirect to CAS.

Returns
true when the user is authenticated; otherwise halt.

Definition at line 1251 of file Client.php.

1252 {
1253 phpCAS::traceBegin();
1254 // Either way, the user is authenticated by CAS
1255 if (isset( $_SESSION['phpCAS']['auth_checked'])) {
1256 unset($_SESSION['phpCAS']['auth_checked']);
1257 }
1258 if ( $this->isAuthenticated(true) ) {
1259 phpCAS::trace('user already authenticated');
1260 $res = true;
1261 } else {
1262 $this->redirectToCas(false, true);
1263 // never reached
1264 $res = false;
1265 }
1266 phpCAS::traceEnd();
1267 return $res;
1268 }

References $_SESSION, $res, CAS_Client\isAuthenticated(), CAS_Client\redirectToCas(), phpCAS\trace(), phpCAS\traceBegin(), and phpCAS\traceEnd().

+ Here is the call graph for this function:

◆ setAttributes()

CAS_Client::setAttributes (   $attributes)

Set an array of attributes.

Parameters
array$attributesa key value array of attributes
Returns
void

Definition at line 1162 of file Client.php.

1163 {
1164 $this->_attributes = $attributes;
1165 }
$attributes
$attributes
Definition: serviceValidate.php:33

References $attributes.

Referenced by CAS_Client\_wasPreviouslyAuthenticated().

+ Here is the caller graph for this function:

◆ setCacheTimesForAuthRecheck()

CAS_Client::setCacheTimesForAuthRecheck (   $n)

Set the number of times authentication will be cached before rechecked.

Parameters
int$nnumber of times to wait for a recheck
Returns
void

Definition at line 1312 of file Client.php.

1313 {
1314 if (gettype($n) != 'integer')
1315 throw new CAS_TypeMismatchException($n, '$n', 'string');
1316
1317 $this->_cache_times_for_auth_recheck = $n;
1318 }
$n
$n
Definition: RandomTest.php:85
CAS_TypeMismatchException
Definition: TypeMismatchException.php:42

References $n.

Variable Documentation

◆ $_attributes

CAS_Client::$_attributes
private

The Authenticated users attributes.

Written by CAS_Client::setAttributes(), read by CAS_Client::getAttributes().

Attention
client applications should use phpCAS::getAttributes().

Definition at line 1153 of file Client.php.

Referenced by CAS_Client\getAttributes().

◆ $_cache_times_for_auth_recheck

CAS_Client::$_cache_times_for_auth_recheck
private

An integer that gives the number of times authentication will be cached before rechecked.

Definition at line 1303 of file Client.php.

◆ $_user

CAS_Client::$_user
private

The Authenticated user.

Written by CAS_Client::_setUser(), read by CAS_Client::getUser().

Definition at line 1096 of file Client.php.

Referenced by CAS_Client\_getUser().