ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
Public Member Functions | Data Fields | Protected Member Functions | Private Member Functions | Private Attributes
sspmod_cas_Auth_Source_CAS Class Reference
+ Inheritance diagram for sspmod_cas_Auth_Source_CAS:
+ Collaboration diagram for sspmod_cas_Auth_Source_CAS:

Public Member Functions

 __construct ($info, $config)
 Constructor for this authentication source. More...
 
 finalStep (&$state)
 Called by linkback, to finish validate/ finish logging in. More...
 
 authenticate (&$state)
 Log-in using cas. More...
 
 logout (&$state)
 Log out from this authentication source. More...
 
- Public Member Functions inherited from SimpleSAML_Auth_Source
 __construct ($info, &$config)
 Constructor for an authentication source. More...
 
 getAuthId ()
 Retrieve the ID of this authentication source. More...
 
 authenticate (&$state)
 Process a request. More...
 
 reauthenticate (array &$state)
 Reauthenticate an user. More...
 
 initLogin ($return, $errorURL=null, array $params=array())
 Start authentication. More...
 
 logout (&$state)
 Log out from this authentication source. More...
 

Data Fields

const STAGE_INIT = 'sspmod_cas_Auth_Source_CAS.state'
 The string used to identify our states. More...
 
const AUTHID = 'sspmod_cas_Auth_Source_CAS.AuthId'
 The key of the AuthId field in the state. More...
 

Protected Member Functions

 casValidation ($ticket, $service)
 Main validation method, redirects to correct method (keeps finalStep clean) More...
 
- Protected Member Functions inherited from SimpleSAML_Auth_Source
 addLogoutCallback ($assoc, $state)
 Add a logout callback association. More...
 
 callLogoutCallback ($assoc)
 Call a logout callback based on association. More...
 

Private Member Functions

 casValidate ($ticket, $service)
 This the most simple version of validating, this provides only authentication validation. More...
 
 casServiceValidate ($ticket, $service)
 Uses the cas service validate, this provides additional attributes. More...
 

Private Attributes

 $_ldapConfig
 
 $_casConfig
 
 $_validationMethod
 
 $_loginMethod
 

Additional Inherited Members

- Static Public Member Functions inherited from SimpleSAML_Auth_Source
static getSourcesOfType ($type)
 Get sources of a specific type. More...
 
static completeAuth (&$state)
 Complete authentication. More...
 
static loginCompleted ($state)
 Called when a login operation has finished. More...
 
static completeLogout (&$state)
 Complete logout. More...
 
static getById ($authId, $type=null)
 Retrieve authentication source. More...
 
static logoutCallback ($state)
 Called when the authentication source receives an external logout request. More...
 
static getSources ()
 Retrieve list of authentication sources. More...
 
- Static Protected Member Functions inherited from SimpleSAML_Auth_Source
static validateSource ($source, $id)
 Make sure that the first element of an auth source is its identifier. More...
 
- Protected Attributes inherited from SimpleSAML_Auth_Source
 $authId
 

Detailed Description

Definition at line 11 of file CAS.php.

Constructor & Destructor Documentation

◆ __construct()

sspmod_cas_Auth_Source_CAS::__construct (   $info,
  $config 
)

Constructor for this authentication source.

Parameters
array$infoInformation about this authentication source.
array$configConfiguration.

Definition at line 50 of file CAS.php.

References $config, and $info.

50  {
51  assert('is_array($info)');
52  assert('is_array($config)');
53 
54  // Call the parent constructor first, as required by the interface
55  parent::__construct($info, $config);
56 
57  if (!array_key_exists('cas', $config)){
58  throw new Exception('cas authentication source is not properly configured: missing [cas]');
59  }
60 
61  if (!array_key_exists('ldap', $config)){
62  throw new Exception('ldap authentication source is not properly configured: missing [ldap]');
63  }
64 
65  $this->_casConfig = $config['cas'];
66  $this->_ldapConfig = $config['ldap'];
67 
68  if(isset($this->_casConfig['serviceValidate'])){
69  $this->_validationMethod = 'serviceValidate';
70  }elseif(isset($this->_casConfig['validate'])){
71  $this->_validationMethod = 'validate';
72  }else{
73  throw new Exception("validate or serviceValidate not specified");
74  }
75 
76  if(isset($this->_casConfig['login'])){
77  $this->_loginMethod = $this->_casConfig['login'];
78  }else{
79  throw new Exception("cas login URL not specified");
80  }
81  }
$info
$info
Definition: index.php:5

Member Function Documentation

◆ authenticate()

sspmod_cas_Auth_Source_CAS::authenticate ( $state)

Log-in using cas.

Parameters
array&$stateInformation about the current authentication.

Definition at line 196 of file CAS.php.

References SimpleSAML_Auth_Source\$authId, $state, array, SimpleSAML\Module\getModuleURL(), SimpleSAML\Utils\HTTP\redirectTrustedURL(), and SimpleSAML_Auth_State\saveState().

196  {
197  assert('is_array($state)');
198 
199  // We are going to need the authId in order to retrieve this authentication source later
200  $state[self::AUTHID] = $this->authId;
201 
202  $stateID = SimpleSAML_Auth_State::saveState($state, self::STAGE_INIT);
203 
204 
205 
206  $serviceUrl = SimpleSAML\Module::getModuleURL('cas/linkback.php', array('stateID' => $stateID));
207 
208  \SimpleSAML\Utils\HTTP::redirectTrustedURL($this->_loginMethod, array(
209  'service' => $serviceUrl));
210  }
SimpleSAML_Auth_Source\$authId
$authId
Definition: Source.php:22
SimpleSAML\Utils\HTTP\redirectTrustedURL
static redirectTrustedURL($url, $parameters=array())
This function redirects to the specified URL without performing any security checks.
Definition: HTTP.php:962
SimpleSAML\Module\getModuleURL
static getModuleURL($resource, array $parameters=array())
Get absolute URL to a specified module resource.
Definition: Module.php:303
$state
if(!array_key_exists('stateid', $_REQUEST)) $state
Handle linkback() response from LinkedIn.
Definition: linkback.php:10
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
SimpleSAML_Auth_State\saveState
static saveState(&$state, $stage, $rawId=false)
Save the state.
Definition: State.php:194
+ Here is the call graph for this function:

◆ casServiceValidate()

sspmod_cas_Auth_Source_CAS::casServiceValidate (   $ticket,
  $service 
)
private

Uses the cas service validate, this provides additional attributes.

Parameters
string$ticket
string$service
Returns
list username and attributes

Definition at line 114 of file CAS.php.

References $attributes, $failure, $name, $query, $result, $service, $success, $url, array, SimpleSAML\Utils\HTTP\fetch(), SAML2\DOMDocumentFactory\fromString(), is, and to.

Referenced by casValidation().

114  {
115  $url = \SimpleSAML\Utils\HTTP::addURLParameters($this->_casConfig['serviceValidate'], array(
116  'ticket' => $ticket,
117  'service' => $service,
118  ));
119  $result = \SimpleSAML\Utils\HTTP::fetch($url);
120 
121  $dom = \SAML2\DOMDocumentFactory::fromString($result);
122  $xPath = new DOMXpath($dom);
123  $xPath->registerNamespace("cas", 'http://www.yale.edu/tp/cas');
124  $success = $xPath->query("/cas:serviceResponse/cas:authenticationSuccess/cas:user");
125  if ($success->length == 0) {
126  $failure = $xPath->evaluate("/cas:serviceResponse/cas:authenticationFailure");
127  throw new Exception("Error when validating CAS service ticket: " . $failure->item(0)->textContent);
128  } else {
129 
130  $attributes = array();
131  if ($casattributes = $this->_casConfig['attributes']) { # some has attributes in the xml - attributes is a list of XPath expressions to get them
132  foreach ($casattributes as $name => $query) {
133  $attrs = $xPath->query($query);
134  foreach ($attrs as $attrvalue) $attributes[$name][] = $attrvalue->textContent;
135  }
136  }
137  $casusername = $success->item(0)->textContent;
138 
139  return array($casusername, $attributes);
140 
141  }
142  }
to
File written to
Definition: 01pharSimple.php:86
$failure
$failure
Definition: UtfNormalTest.php:79
is
Sum of both Ranges is
Definition: 03formulas.php:77
$result
$result
Definition: CleanUpTest.php:463
$attributes
$attributes
Definition: serviceValidate.php:33
$service
$service
Definition: login.php:15
$name
if($format !==null) $name
Definition: metadata.php:146
$success
$success
Definition: Utf8Test.php:86
$query
$query
Definition: proxy_ylocal.php:13
SimpleSAML\Utils\HTTP\fetch
static fetch($url, $context=array(), $getHeaders=false)
Helper function to retrieve a file or URL with proxy support, also supporting proxy basic authorizati...
Definition: HTTP.php:409
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
$url
$url
Definition: proxy_ylocal.php:28
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ casValidate()

sspmod_cas_Auth_Source_CAS::casValidate (   $ticket,
  $service 
)
private

This the most simple version of validating, this provides only authentication validation.

Parameters
string$ticket
string$service
Returns
list username and attributes

Definition at line 91 of file CAS.php.

References $res, $result, $service, $url, array, and SimpleSAML\Utils\HTTP\fetch().

Referenced by casValidation().

91  {
92  $url = \SimpleSAML\Utils\HTTP::addURLParameters($this->_casConfig['validate'], array(
93  'ticket' => $ticket,
94  'service' => $service,
95  ));
96  $result = \SimpleSAML\Utils\HTTP::fetch($url);
97  $res = preg_split("/\r?\n/",$result);
98 
99  if (strcmp($res[0], "yes") == 0) {
100  return array($res[1], array());
101  } else {
102  throw new Exception("Failed to validate CAS service ticket: $ticket");
103  }
104  }
$result
$result
Definition: CleanUpTest.php:463
$service
$service
Definition: login.php:15
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
SimpleSAML\Utils\HTTP\fetch
static fetch($url, $context=array(), $getHeaders=false)
Helper function to retrieve a file or URL with proxy support, also supporting proxy basic authorizati...
Definition: HTTP.php:409
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
$url
$url
Definition: proxy_ylocal.php:28
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ casValidation()

sspmod_cas_Auth_Source_CAS::casValidation (   $ticket,
  $service 
)
protected

Main validation method, redirects to correct method (keeps finalStep clean)

Parameters
string$ticket
string$service
Returns
list username and attributes

Definition at line 153 of file CAS.php.

References $service, casServiceValidate(), and casValidate().

Referenced by finalStep().

153  {
154  switch($this->_validationMethod){
155  case 'validate':
156  return $this->casValidate($ticket, $service);
157  break;
158  case 'serviceValidate':
159  return $this->casServiceValidate($ticket, $service);
160  break;
161  default:
162  throw new Exception("validate or serviceValidate not specified");
163  }
164  }
$service
$service
Definition: login.php:15
sspmod_cas_Auth_Source_CAS\casServiceValidate
casServiceValidate($ticket, $service)
Uses the cas service validate, this provides additional attributes.
Definition: CAS.php:114
sspmod_cas_Auth_Source_CAS\casValidate
casValidate($ticket, $service)
This the most simple version of validating, this provides only authentication validation.
Definition: CAS.php:91
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ finalStep()

sspmod_cas_Auth_Source_CAS::finalStep ( $state)

Called by linkback, to finish validate/ finish logging in.

Parameters
state$state
Returns
list username, casattributes/ldap attributes

Definition at line 172 of file CAS.php.

References $attributes, $service, $state, array, casValidation(), SimpleSAML_Auth_Source\completeAuth(), SimpleSAML\Module\getModuleURL(), and SimpleSAML_Auth_State\saveState().

172  {
173 
174 
175  $ticket = $state['cas:ticket'];
176  $stateID = SimpleSAML_Auth_State::saveState($state, self::STAGE_INIT);
177  $service = SimpleSAML\Module::getModuleURL('cas/linkback.php', array('stateID' => $stateID));
178  list($username, $casattributes) = $this->casValidation($ticket, $service);
179  $ldapattributes = array();
180  if ($this->_ldapConfig['servers']) {
181  $ldap = new SimpleSAML_Auth_LDAP($this->_ldapConfig['servers'], $this->_ldapConfig['enable_tls']);
182  $ldapattributes = $ldap->validate($this->_ldapConfig, $username);
183  }
184  $attributes = array_merge_recursive($casattributes, $ldapattributes);
185  $state['Attributes'] = $attributes;
186 
187  SimpleSAML_Auth_Source::completeAuth($state);
188  }
SimpleSAML_Auth_LDAP
Definition: LDAP.php:25
$attributes
$attributes
Definition: serviceValidate.php:33
$service
$service
Definition: login.php:15
SimpleSAML\Module\getModuleURL
static getModuleURL($resource, array $parameters=array())
Get absolute URL to a specified module resource.
Definition: Module.php:303
$state
if(!array_key_exists('stateid', $_REQUEST)) $state
Handle linkback() response from LinkedIn.
Definition: linkback.php:10
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
sspmod_cas_Auth_Source_CAS\casValidation
casValidation($ticket, $service)
Main validation method, redirects to correct method (keeps finalStep clean)
Definition: CAS.php:153
SimpleSAML_Auth_Source\completeAuth
static completeAuth(&$state)
Complete authentication.
Definition: Source.php:135
SimpleSAML_Auth_State\saveState
static saveState(&$state, $stage, $rawId=false)
Save the state.
Definition: State.php:194
+ Here is the call graph for this function:

◆ logout()

sspmod_cas_Auth_Source_CAS::logout ( $state)

Log out from this authentication source.

This function should be overridden if the authentication source requires special steps to complete a logout operation.

If the logout process requires a redirect, the state should be saved. Once the logout operation is completed, the state should be restored, and completeLogout should be called with the state. If this operation can be completed without showing the user a page, or redirecting, this function should return.

Parameters
array&$stateInformation about the current logout operation.

Definition at line 226 of file CAS.php.

References $state, SimpleSAML_Auth_State\deleteState(), and SimpleSAML\Utils\HTTP\redirectTrustedURL().

226  {
227  assert('is_array($state)');
228  $logoutUrl = $this->_casConfig['logout'];
229 
230  SimpleSAML_Auth_State::deleteState($state);
231  // we want cas to log us out
232  \SimpleSAML\Utils\HTTP::redirectTrustedURL($logoutUrl);
233  }
SimpleSAML\Utils\HTTP\redirectTrustedURL
static redirectTrustedURL($url, $parameters=array())
This function redirects to the specified URL without performing any security checks.
Definition: HTTP.php:962
$state
if(!array_key_exists('stateid', $_REQUEST)) $state
Handle linkback() response from LinkedIn.
Definition: linkback.php:10
SimpleSAML_Auth_State\deleteState
static deleteState(&$state)
Delete state.
Definition: State.php:319
+ Here is the call graph for this function:

Field Documentation

◆ $_casConfig

sspmod_cas_Auth_Source_CAS::$_casConfig
private

Definition at line 32 of file CAS.php.

◆ $_ldapConfig

sspmod_cas_Auth_Source_CAS::$_ldapConfig
private

Definition at line 27 of file CAS.php.

◆ $_loginMethod

sspmod_cas_Auth_Source_CAS::$_loginMethod
private

Definition at line 41 of file CAS.php.

◆ $_validationMethod

sspmod_cas_Auth_Source_CAS::$_validationMethod
private

Definition at line 37 of file CAS.php.

◆ AUTHID

const sspmod_cas_Auth_Source_CAS::AUTHID = 'sspmod_cas_Auth_Source_CAS.AuthId'

The key of the AuthId field in the state.

Definition at line 21 of file CAS.php.

◆ STAGE_INIT

const sspmod_cas_Auth_Source_CAS::STAGE_INIT = 'sspmod_cas_Auth_Source_CAS.state'

The string used to identify our states.

Definition at line 16 of file CAS.php.

The documentation for this class was generated from the following file: