Inheritance diagram for sspmod_cas_Auth_Source_CAS:

Collaboration diagram for sspmod_cas_Auth_Source_CAS:

Public Member Functions
	__construct ($info, $config)
	Constructor for this authentication source. More...

	finalStep (&$state)
	Called by linkback, to finish validate/ finish logging in. More...

	authenticate (&$state)
	Log-in using cas. More...

	logout (&$state)
	Log out from this authentication source. More...

Public Member Functions inherited from SimpleSAML_Auth_Source
	__construct ($info, &$config)
	Constructor for an authentication source. More...

	getAuthId ()
	Retrieve the ID of this authentication source. More...

	authenticate (&$state)
	Process a request. More...

	reauthenticate (array &$state)
	Reauthenticate an user. More...

	initLogin ($return, $errorURL=null, array $params=array())
	Start authentication. More...

	logout (&$state)
	Log out from this authentication source. More...

Data Fields
const	STAGE_INIT = 'sspmod_cas_Auth_Source_CAS.state'
	The string used to identify our states. More...

const	AUTHID = 'sspmod_cas_Auth_Source_CAS.AuthId'
	The key of the AuthId field in the state. More...

Protected Member Functions
	casValidation ($ticket, $service)
	Main validation method, redirects to correct method (keeps finalStep clean) More...

Protected Member Functions inherited from SimpleSAML_Auth_Source
	addLogoutCallback ($assoc, $state)
	Add a logout callback association. More...

	callLogoutCallback ($assoc)
	Call a logout callback based on association. More...

Private Member Functions
	casValidate ($ticket, $service)
	This the most simple version of validating, this provides only authentication validation. More...

	casServiceValidate ($ticket, $service)
	Uses the cas service validate, this provides additional attributes. More...

Private Attributes
	$_ldapConfig

	$_casConfig

	$_validationMethod

	$_loginMethod

Additional Inherited Members
Static Public Member Functions inherited from SimpleSAML_Auth_Source
static	getSourcesOfType ($type)
	Get sources of a specific type. More...

static	completeAuth (&$state)
	Complete authentication. More...

static	loginCompleted ($state)
	Called when a login operation has finished. More...

static	completeLogout (&$state)
	Complete logout. More...

static	getById ($authId, $type=null)
	Retrieve authentication source. More...

static	logoutCallback ($state)
	Called when the authentication source receives an external logout request. More...

static	getSources ()
	Retrieve list of authentication sources. More...

Static Protected Member Functions inherited from SimpleSAML_Auth_Source
static	validateSource ($source, $id)
	Make sure that the first element of an auth source is its identifier. More...

Protected Attributes inherited from SimpleSAML_Auth_Source
	$authId

Detailed Description

Definition at line 11 of file CAS.php.

Constructor & Destructor Documentation

◆ __construct()

sspmod_cas_Auth_Source_CAS::__construct	(	$info,
		$config
	)

Constructor for this authentication source.

Parameters

array	$info	Information about this authentication source.
array	$config	Configuration.

Definition at line 50 of file CAS.php.

                                                    {
                assert('is_array($info)');
                assert('is_array($config)');
 
                // Call the parent constructor first, as required by the interface
                parent::__construct($info, $config);
 
                if (!array_key_exists('cas', $config)){
                        throw new Exception('cas authentication source is not properly configured: missing [cas]');
                }
 
                if (!array_key_exists('ldap', $config)){
                        throw new Exception('ldap authentication source is not properly configured: missing [ldap]');
                }
 
                $this->_casConfig = $config['cas'];
                $this->_ldapConfig = $config['ldap'];
 
                if(isset($this->_casConfig['serviceValidate'])){
                        $this->_validationMethod = 'serviceValidate';
                }elseif(isset($this->_casConfig['validate'])){
                        $this->_validationMethod = 'validate';
                }else{
                        throw new Exception("validate or serviceValidate not specified");
                }
 
                if(isset($this->_casConfig['login'])){
                        $this->_loginMethod =  $this->_casConfig['login'];
                }else{
                        throw new Exception("cas login URL not specified");
                }
        }

References $config, and $info.

Member Function Documentation

◆ authenticate()

sspmod_cas_Auth_Source_CAS::authenticate ( & $state )

Log-in using cas.

Parameters

array &$state Information about the current authentication.

Reimplemented from SimpleSAML_Auth_Source.

Definition at line 196 of file CAS.php.

                                              {
                assert('is_array($state)');
 
                // We are going to need the authId in order to retrieve this authentication source later
                $state[self::AUTHID] = $this->authId;
 
                $stateID = SimpleSAML_Auth_State::saveState($state, self::STAGE_INIT);
 
 
 
                $serviceUrl = SimpleSAML\Module::getModuleURL('cas/linkback.php', array('stateID' => $stateID));
 
                \SimpleSAML\Utils\HTTP::redirectTrustedURL($this->_loginMethod, array(
                        'service' => $serviceUrl));
        }

References SimpleSAML_Auth_Source\$authId, $state, AUTHID, SimpleSAML\Module\getModuleURL(), SimpleSAML\Utils\HTTP\redirectTrustedURL(), and SimpleSAML_Auth_State\saveState().

Here is the call graph for this function:

◆ casServiceValidate()

sspmod_cas_Auth_Source_CAS::casServiceValidate	(	$ticket,
		$service
	)

private

Uses the cas service validate, this provides additional attributes.

Parameters

string	$ticket
string	$service

Returns: list username and attributes

Definition at line 114 of file CAS.php.

                                                              {
                $url = \SimpleSAML\Utils\HTTP::addURLParameters($this->_casConfig['serviceValidate'], array(
                                'ticket' => $ticket,
                                'service' => $service,
                ));
                $result = \SimpleSAML\Utils\HTTP::fetch($url);
 
                $dom = \SAML2\DOMDocumentFactory::fromString($result);
                $xPath = new DOMXpath($dom);
                $xPath->registerNamespace("cas", 'http://www.yale.edu/tp/cas');
                $success = $xPath->query("/cas:serviceResponse/cas:authenticationSuccess/cas:user");
                if ($success->length == 0) {
                        $failure = $xPath->evaluate("/cas:serviceResponse/cas:authenticationFailure");
                        throw new Exception("Error when validating CAS service ticket: " . $failure->item(0)->textContent);
                } else {
 
                        $attributes = array();
                        if ($casattributes = $this->_casConfig['attributes']) { # some has attributes in the xml - attributes is a list of XPath expressions to get them
                                foreach ($casattributes as $name => $query) {
                                        $attrs = $xPath->query($query);
                                        foreach ($attrs as $attrvalue) $attributes[$name][] = $attrvalue->textContent;
                                }
                        }
                        $casusername = $success->item(0)->textContent;
 
                        return array($casusername, $attributes);
 
                }
        }

References $attributes, $failure, $name, $query, $result, $service, $success, $url, SimpleSAML\Utils\HTTP\fetch(), and SAML2\DOMDocumentFactory\fromString().

Referenced by casValidation().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ casValidate()

sspmod_cas_Auth_Source_CAS::casValidate	(	$ticket,
		$service
	)

private

This the most simple version of validating, this provides only authentication validation.

Parameters

string	$ticket
string	$service

Returns: list username and attributes

Definition at line 91 of file CAS.php.

                                                       {
                $url = \SimpleSAML\Utils\HTTP::addURLParameters($this->_casConfig['validate'], array(
                                'ticket' => $ticket,
                                'service' => $service,
                ));
                $result = \SimpleSAML\Utils\HTTP::fetch($url);
                $res = preg_split("/\r?\n/",$result);
 
                if (strcmp($res[0], "yes") == 0) {
                        return array($res[1], array());
                } else {
                        throw new Exception("Failed to validate CAS service ticket: $ticket");
                }
        }

References $res, $result, $service, $url, and SimpleSAML\Utils\HTTP\fetch().

Referenced by casValidation().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ casValidation()

sspmod_cas_Auth_Source_CAS::casValidation	(	$ticket,
		$service
	)

protected

Main validation method, redirects to correct method (keeps finalStep clean)

Parameters

string	$ticket
string	$service

Returns: list username and attributes

Definition at line 153 of file CAS.php.

                                                           {
                switch($this->_validationMethod){
                        case 'validate':
                                return  $this->casValidate($ticket, $service);
                                break;
                        case 'serviceValidate':
                                return $this->casServiceValidate($ticket, $service);
                                break;
                        default:
                                throw new Exception("validate or serviceValidate not specified");
                }
        }

References $service, casServiceValidate(), and casValidate().

Referenced by finalStep().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ finalStep()

sspmod_cas_Auth_Source_CAS::finalStep ( & $state )

Called by linkback, to finish validate/ finish logging in.

Parameters

state $state

Returns: list username, casattributes/ldap attributes

Definition at line 172 of file CAS.php.

                                           {
 
 
                $ticket = $state['cas:ticket'];
                $stateID = SimpleSAML_Auth_State::saveState($state, self::STAGE_INIT);
                $service =  SimpleSAML\Module::getModuleURL('cas/linkback.php', array('stateID' => $stateID));
                list($username, $casattributes) = $this->casValidation($ticket, $service);
                $ldapattributes = array();
                if ($this->_ldapConfig['servers']) {
                        $ldap = new SimpleSAML_Auth_LDAP($this->_ldapConfig['servers'], $this->_ldapConfig['enable_tls']);
                        $ldapattributes = $ldap->validate($this->_ldapConfig, $username);
                }
                $attributes = array_merge_recursive($casattributes, $ldapattributes);
                $state['Attributes'] = $attributes;
 
                SimpleSAML_Auth_Source::completeAuth($state);
        }

References $attributes, $service, $state, casValidation(), SimpleSAML_Auth_Source\completeAuth(), SimpleSAML\Module\getModuleURL(), and SimpleSAML_Auth_State\saveState().

Here is the call graph for this function:

◆ logout()

sspmod_cas_Auth_Source_CAS::logout ( & $state )

Log out from this authentication source.

This function should be overridden if the authentication source requires special steps to complete a logout operation.

If the logout process requires a redirect, the state should be saved. Once the logout operation is completed, the state should be restored, and completeLogout should be called with the state. If this operation can be completed without showing the user a page, or redirecting, this function should return.

Parameters

array &$state Information about the current logout operation.

Reimplemented from SimpleSAML_Auth_Source.

Definition at line 226 of file CAS.php.

                                        {
                assert('is_array($state)');
                $logoutUrl = $this->_casConfig['logout'];
 
                SimpleSAML_Auth_State::deleteState($state);
                // we want cas to log us out
                \SimpleSAML\Utils\HTTP::redirectTrustedURL($logoutUrl);
        }

References $state, SimpleSAML_Auth_State\deleteState(), and SimpleSAML\Utils\HTTP\redirectTrustedURL().

Here is the call graph for this function:

Field Documentation

◆ $_casConfig

sspmod_cas_Auth_Source_CAS::$_casConfig

private

Definition at line 32 of file CAS.php.

◆ $_ldapConfig

sspmod_cas_Auth_Source_CAS::$_ldapConfig

private

Definition at line 27 of file CAS.php.

◆ $_loginMethod

sspmod_cas_Auth_Source_CAS::$_loginMethod

private

Definition at line 41 of file CAS.php.

◆ $_validationMethod

sspmod_cas_Auth_Source_CAS::$_validationMethod

private

Definition at line 37 of file CAS.php.

◆ AUTHID

const sspmod_cas_Auth_Source_CAS::AUTHID = 'sspmod_cas_Auth_Source_CAS.AuthId'

The key of the AuthId field in the state.

Definition at line 21 of file CAS.php.

Referenced by authenticate().

◆ STAGE_INIT

const sspmod_cas_Auth_Source_CAS::STAGE_INIT = 'sspmod_cas_Auth_Source_CAS.state'

The string used to identify our states.

Definition at line 16 of file CAS.php.

The documentation for this class was generated from the following file:

libs/composer/vendor/simplesamlphp/simplesamlphp/modules/cas/lib/Auth/Source/CAS.php

Public Member Functions

Data Fields

Protected Member Functions

Private Member Functions

Private Attributes

Additional Inherited Members

Detailed Description

Constructor & Destructor Documentation

◆ __construct()

Member Function Documentation

◆ authenticate()

◆ casServiceValidate()

◆ casValidate()

◆ casValidation()

◆ finalStep()

◆ logout()

Field Documentation

◆ $_casConfig

◆ $_ldapConfig

◆ $_loginMethod

◆ $_validationMethod

◆ AUTHID

◆ STAGE_INIT