InternalProxied
Functions | |
| CAS_Client::validateCAS20 (&$validate_url, &$text_response, &$tree_response, $renew=false) | |
| This method is used to validate a cas 2.0 ST or PT; halt on failure Used for all CAS 2.0 validations. More... | |
| CAS_Client::_readExtraAttributesCas20 ($success_elements) | |
| This method will parse the DOM and pull out the attributes from the XML payload and put them into an array, then put the array into the session. More... | |
| CAS_Client::_addAttributeToArray (array &$attributeArray, $name, $value) | |
| Add an attribute value to an array of attributes. More... | |
Detailed Description
Function Documentation
◆ _addAttributeToArray()
|
private |
Add an attribute value to an array of attributes.
- Parameters
-
array &$attributeArray reference to array string $name name of attribute string $value value of attribute
- Returns
- void
Definition at line 3461 of file Client.php.
3462 {
3463 // If multiple attributes exist, add as an array value
3465 // Initialize the array with the existing value
3467 $existingValue = $attributeArray[$name];
3468 $attributeArray[$name] = array($existingValue);
3469 }
3470
3471 $attributeArray[$name][] = trim($value);
3472 } else {
3473 $attributeArray[$name] = trim($value);
3474 }
3475 }
References $name.
◆ _readExtraAttributesCas20()
|
private |
This method will parse the DOM and pull out the attributes from the XML payload and put them into an array, then put the array into the session.
- Parameters
-
string $success_elements payload of the response
- Returns
- bool true when successfull, halt otherwise by calling CAS_Client::_authError().
Definition at line 3311 of file Client.php.
3312 {
3313 phpCAS::traceBegin();
3314
3315 $extra_attributes = array();
3316
3317 // "Jasig Style" Attributes:
3318 //
3319 // <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
3320 // <cas:authenticationSuccess>
3321 // <cas:user>jsmith</cas:user>
3322 // <cas:attributes>
3323 // <cas:attraStyle>RubyCAS</cas:attraStyle>
3324 // <cas:surname>Smith</cas:surname>
3325 // <cas:givenName>John</cas:givenName>
3326 // <cas:memberOf>CN=Staff,OU=Groups,DC=example,DC=edu</cas:memberOf>
3327 // <cas:memberOf>CN=Spanish Department,OU=Departments,OU=Groups,DC=example,DC=edu</cas:memberOf>
3328 // </cas:attributes>
3329 // <cas:proxyGrantingTicket>PGTIOU-84678-8a9d2sfa23casd</cas:proxyGrantingTicket>
3330 // </cas:authenticationSuccess>
3331 // </cas:serviceResponse>
3332 //
3333 if ($this->_casAttributeParserCallbackFunction !== null
3334 && is_callable($this->_casAttributeParserCallbackFunction)
3335 ) {
3336 array_unshift($this->_casAttributeParserCallbackArgs, $success_elements->item(0));
3337 phpCas :: trace("Calling attritubeParser callback");
3338 $extra_attributes = call_user_func_array(
3339 $this->_casAttributeParserCallbackFunction,
3340 $this->_casAttributeParserCallbackArgs
3341 );
3342 } elseif ( $success_elements->item(0)->getElementsByTagName("attributes")->length != 0) {
3343 $attr_nodes = $success_elements->item(0)
3344 ->getElementsByTagName("attributes");
3345 phpCas :: trace("Found nested jasig style attributes");
3346 if ($attr_nodes->item(0)->hasChildNodes()) {
3347 // Nested Attributes
3348 foreach ($attr_nodes->item(0)->childNodes as $attr_child) {
3349 phpCas :: trace(
3350 "Attribute [".$attr_child->localName."] = "
3351 .$attr_child->nodeValue
3352 );
3353 $this->_addAttributeToArray(
3354 $extra_attributes, $attr_child->localName,
3355 $attr_child->nodeValue
3356 );
3357 }
3358 }
3359 } else {
3360 // "RubyCAS Style" attributes
3361 //
3362 // <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
3363 // <cas:authenticationSuccess>
3364 // <cas:user>jsmith</cas:user>
3365 //
3366 // <cas:attraStyle>RubyCAS</cas:attraStyle>
3367 // <cas:surname>Smith</cas:surname>
3368 // <cas:givenName>John</cas:givenName>
3369 // <cas:memberOf>CN=Staff,OU=Groups,DC=example,DC=edu</cas:memberOf>
3370 // <cas:memberOf>CN=Spanish Department,OU=Departments,OU=Groups,DC=example,DC=edu</cas:memberOf>
3371 //
3372 // <cas:proxyGrantingTicket>PGTIOU-84678-8a9d2sfa23casd</cas:proxyGrantingTicket>
3373 // </cas:authenticationSuccess>
3374 // </cas:serviceResponse>
3375 //
3376 phpCas :: trace("Testing for rubycas style attributes");
3377 $childnodes = $success_elements->item(0)->childNodes;
3378 foreach ($childnodes as $attr_node) {
3379 switch ($attr_node->localName) {
3380 case 'user':
3381 case 'proxies':
3382 case 'proxyGrantingTicket':
3383 continue;
3384 default:
3385 if (strlen(trim($attr_node->nodeValue))) {
3386 phpCas :: trace(
3387 "Attribute [".$attr_node->localName."] = ".$attr_node->nodeValue
3388 );
3389 $this->_addAttributeToArray(
3390 $extra_attributes, $attr_node->localName,
3391 $attr_node->nodeValue
3392 );
3393 }
3394 }
3395 }
3396 }
3397
3398 // "Name-Value" attributes.
3399 //
3400 // Attribute format from these mailing list thread:
3401 // http://jasig.275507.n4.nabble.com/CAS-attributes-and-how-they-appear-in-the-CAS-response-td264272.html
3402 // Note: This is a less widely used format, but in use by at least two institutions.
3403 //
3404 // <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
3405 // <cas:authenticationSuccess>
3406 // <cas:user>jsmith</cas:user>
3407 //
3408 // <cas:attribute name='attraStyle' value='Name-Value' />
3409 // <cas:attribute name='surname' value='Smith' />
3410 // <cas:attribute name='givenName' value='John' />
3411 // <cas:attribute name='memberOf' value='CN=Staff,OU=Groups,DC=example,DC=edu' />
3412 // <cas:attribute name='memberOf' value='CN=Spanish Department,OU=Departments,OU=Groups,DC=example,DC=edu' />
3413 //
3414 // <cas:proxyGrantingTicket>PGTIOU-84678-8a9d2sfa23casd</cas:proxyGrantingTicket>
3415 // </cas:authenticationSuccess>
3416 // </cas:serviceResponse>
3417 //
3418 if (!count($extra_attributes)
3419 && $success_elements->item(0)->getElementsByTagName("attribute")->length != 0
3420 ) {
3421 $attr_nodes = $success_elements->item(0)
3422 ->getElementsByTagName("attribute");
3423 $firstAttr = $attr_nodes->item(0);
3424 if (!$firstAttr->hasChildNodes()
3425 && $firstAttr->hasAttribute('name')
3426 && $firstAttr->hasAttribute('value')
3427 ) {
3428 phpCas :: trace("Found Name-Value style attributes");
3429 // Nested Attributes
3430 foreach ($attr_nodes as $attr_node) {
3431 if ($attr_node->hasAttribute('name')
3432 && $attr_node->hasAttribute('value')
3433 ) {
3434 phpCas :: trace(
3435 "Attribute [".$attr_node->getAttribute('name')
3436 ."] = ".$attr_node->getAttribute('value')
3437 );
3438 $this->_addAttributeToArray(
3439 $extra_attributes, $attr_node->getAttribute('name'),
3440 $attr_node->getAttribute('value')
3441 );
3442 }
3443 }
3444 }
3445 }
3446
3447 $this->setAttributes($extra_attributes);
3448 phpCAS::traceEnd();
3449 return true;
3450 }
_addAttributeToArray(array &$attributeArray, $name, $value)
Add an attribute value to an array of attributes.
Definition: Client.php:3461
static traceEnd($res='')
This method is used to indicate the end of the execution of a function in debug mode.
Definition: CAS.php:638
static traceBegin()
This method is used to indicate the start of the execution of a function in debug mode.
Definition: CAS.php:591
◆ validateCAS20()
| CAS_Client::validateCAS20 | ( | & | $validate_url, |
| & | $text_response, | ||
| & | $tree_response, | ||
$renew = false |
|||
| ) |
This method is used to validate a cas 2.0 ST or PT; halt on failure Used for all CAS 2.0 validations.
- Parameters
-
string &$validate_url the url of the reponse string &$text_response the text of the repsones string &$tree_response the domxml tree of the respones bool $renew true to force the authentication with the CAS server
- Returns
- bool true when successfull and issue a CAS_AuthenticationException and false on an error
Definition at line 3166 of file Client.php.
3167 {
3168 phpCAS::traceBegin();
3169 phpCAS::trace($text_response);
3171 // build the URL to validate the ticket
3174 .urlencode($this->getTicket());
3175 } else {
3177 .urlencode($this->getTicket());
3178 }
3179
3181 // pass the callback url for CAS proxies
3183 }
3184
3185 if ( $renew ) {
3186 // pass the renew
3187 $validate_url .= '&renew=true';
3188 }
3189
3190 // open and read the URL
3192 phpCAS::trace(
3193 'could not open URL \''.$validate_url.'\' to validate ('.$err_msg.')'
3194 );
3195 throw new CAS_AuthenticationException(
3196 $this, 'Ticket not validated', $validate_url,
3197 true/*$no_response*/
3198 );
3199 $result = false;
3200 }
3201
3202 // create new DOMDocument object
3203 $dom = new DOMDocument();
3204 // Fix possible whitspace problems
3205 $dom->preserveWhiteSpace = false;
3206 // CAS servers should only return data in utf-8
3207 $dom->encoding = "utf-8";
3208 // read the response of the CAS server into a DOMDocument object
3209 if ( !($dom->loadXML($text_response))) {
3210 // read failed
3211 throw new CAS_AuthenticationException(
3212 $this, 'Ticket not validated', $validate_url,
3213 false/*$no_response*/, true/*$bad_response*/, $text_response
3214 );
3215 $result = false;
3216 } else if ( !($tree_response = $dom->documentElement) ) {
3217 // read the root node of the XML tree
3218 // read failed
3219 throw new CAS_AuthenticationException(
3220 $this, 'Ticket not validated', $validate_url,
3221 false/*$no_response*/, true/*$bad_response*/, $text_response
3222 );
3223 $result = false;
3224 } else if ($tree_response->localName != 'serviceResponse') {
3225 // insure that tag name is 'serviceResponse'
3226 // bad root node
3227 throw new CAS_AuthenticationException(
3228 $this, 'Ticket not validated', $validate_url,
3229 false/*$no_response*/, true/*$bad_response*/, $text_response
3230 );
3231 $result = false;
3232 } else if ( $tree_response->getElementsByTagName("authenticationFailure")->length != 0) {
3233 // authentication failed, extract the error code and message and throw exception
3234 $auth_fail_list = $tree_response
3235 ->getElementsByTagName("authenticationFailure");
3236 throw new CAS_AuthenticationException(
3237 $this, 'Ticket not validated', $validate_url,
3238 false/*$no_response*/, false/*$bad_response*/,
3239 $text_response,
3240 $auth_fail_list->item(0)->getAttribute('code')/*$err_code*/,
3241 trim($auth_fail_list->item(0)->nodeValue)/*$err_msg*/
3242 );
3243 $result = false;
3244 } else if ($tree_response->getElementsByTagName("authenticationSuccess")->length != 0) {
3245 // authentication succeded, extract the user name
3246 $success_elements = $tree_response
3247 ->getElementsByTagName("authenticationSuccess");
3248 if ( $success_elements->item(0)->getElementsByTagName("user")->length == 0) {
3249 // no user specified => error
3250 throw new CAS_AuthenticationException(
3251 $this, 'Ticket not validated', $validate_url,
3252 false/*$no_response*/, true/*$bad_response*/, $text_response
3253 );
3254 $result = false;
3255 } else {
3256 $this->_setUser(
3257 trim(
3258 $success_elements->item(0)->getElementsByTagName("user")->item(0)->nodeValue
3259 )
3260 );
3261 $this->_readExtraAttributesCas20($success_elements);
3262 // Store the proxies we are sitting behind for authorization checking
3263 $proxyList = array();
3264 if ( sizeof($arr = $success_elements->item(0)->getElementsByTagName("proxy")) > 0) {
3265 foreach ($arr as $proxyElem) {
3266 phpCAS::trace("Found Proxy: ".$proxyElem->nodeValue);
3267 $proxyList[] = trim($proxyElem->nodeValue);
3268 }
3269 $this->_setProxies($proxyList);
3270 phpCAS::trace("Storing Proxy List");
3271 }
3272 // Check if the proxies in front of us are allowed
3273 if (!$this->getAllowedProxyChains()->isProxyListAllowed($proxyList)) {
3274 throw new CAS_AuthenticationException(
3275 $this, 'Proxy not allowed', $validate_url,
3276 false/*$no_response*/, true/*$bad_response*/,
3277 $text_response
3278 );
3279 $result = false;
3280 } else {
3281 $result = true;
3282 }
3283 }
3284 } else {
3285 throw new CAS_AuthenticationException(
3286 $this, 'Ticket not validated', $validate_url,
3287 false/*$no_response*/, true/*$bad_response*/,
3288 $text_response
3289 );
3290 $result = false;
3291 }
3292 if ($result) {
3293 $this->_renameSession($this->getTicket());
3294 }
3295 // at this step, Ticket has been validated and $this->_user has been set,
3296
3297 phpCAS::traceEnd($result);
3298 return $result;
3299 }
getTicket()
This method returns the Service Ticket provided in the URL of the request.
Definition: Client.php:1870
_getCallbackURL()
This method returns the URL that should be used for the PGT callback (in fact the URL of the current ...
Definition: Client.php:2360
getServerServiceValidateURL()
This method is used to retrieve the service validating URL of the CAS server.
Definition: Client.php:431
getServerProxyValidateURL()
This method is used to retrieve the proxy validating URL of the CAS server.
Definition: Client.php:488
_readURL($url, &$headers, &$body, &$err_msg)
This method is used to acces a remote URL.
Definition: Client.php:2790
getAllowedProxyChains()
Answer the CAS_ProxyChain_AllowedList object for this client.
Definition: Client.php:3137
References $result, CAS_Client\_getCallbackURL(), CAS_Client\_readURL(), CAS_Client\getAllowedProxyChains(), CAS_Client\getServerProxyValidateURL(), CAS_Client\getServerServiceValidateURL(), CAS_Client\getTicket(), CAS_Client\isProxy(), phpCAS\trace(), and phpCAS\traceBegin().
Here is the call graph for this function:
