106 (empty($this->_output_header)
107 ?
'<html><head><title>__TITLE__</title></head><body><h1>__TITLE__</h1>'
108 : $this->_output_header)
133 empty($this->_output_footer)?
134 (phpcas::getVerbose())?
135 '<hr><address>phpCAS __PHPCAS_VERSION__ '
136 .
$lang->getUsingServer()
137 .
' <a href="__SERVER_BASE_URL__">__SERVER_BASE_URL__</a> (CAS __CAS_VERSION__)</a></address></body></html>'
139 :$this->_output_footer
153 if (gettype(
$header) !=
'string')
156 $this->_output_header =
$header;
169 if (gettype($footer) !=
'string')
172 $this->_output_footer = $footer;
204 if (gettype(
$lang) !=
'string')
211 '$className must implement the CAS_Languages_LanguageInterface'
214 $this->_lang =
$lang;
225 return new $classname();
264 'hostname' =>
'none',
275 return $this->_server[
'version'];
285 return $this->_server[
'hostname'];
295 return $this->_server[
'port'];
305 return $this->_server[
'uri'];
316 if ( empty($this->_server[
'base_url']) ) {
319 $this->_server[
'base_url'] .=
':'
320 .$this->_getServerPort();
324 return $this->_server[
'base_url'];
341 if ( empty($this->_server[
'login_url']) ) {
344 $url = $this->_server[
'login_url'];
349 } elseif ($gateway) {
368 if (gettype(
$url) !=
'string')
371 return $this->_server[
'login_url'] =
$url;
385 if (gettype(
$url) !=
'string')
388 return $this->_server[
'service_validate_url'] =
$url;
402 if (gettype(
$url) !=
'string')
405 return $this->_server[
'proxy_validate_url'] =
$url;
419 if (gettype(
$url) !=
'string')
422 return $this->_server[
'saml_validate_url'] =
$url;
435 if ( empty($this->_server[
'service_validate_url']) ) {
447 .
'p3/serviceValidate';
452 $this->_server[
'service_validate_url'],
453 'service='.urlencode($this->
getURL())
467 if ( empty($this->_server[
'saml_validate_url']) ) {
476 $this->_server[
'saml_validate_url'],
477 'TARGET='.urlencode($this->
getURL())
492 if ( empty($this->_server[
'proxy_validate_url']) ) {
495 $this->_server[
'proxy_validate_url'] =
'';
498 $this->_server[
'proxy_validate_url'] = $this->
_getServerBaseURL().
'proxyValidate';
501 $this->_server[
'proxy_validate_url'] = $this->
_getServerBaseURL().
'p3/proxyValidate';
506 $this->_server[
'proxy_validate_url'],
507 'service='.urlencode($this->
getURL())
522 if ( empty($this->_server[
'proxy_url']) ) {
525 $this->_server[
'proxy_url'] =
'';
533 return $this->_server[
'proxy_url'];
544 if ( empty($this->_server[
'logout_url']) ) {
547 return $this->_server[
'logout_url'];
560 if (gettype(
$url) !=
'string')
563 return $this->_server[
'logout_url'] =
$url;
581 $this->_curl_options[
$key] = $value;
613 $obj =
new $className;
616 '$className must implement the CAS_Request_RequestInterface'
619 $this->_requestImplementation = $className;
640 $this->_clearTicketsFromUrl =
false;
666 $this->_casAttributeParserCallbackFunction =
$function;
667 $this->_casAttributeParserCallbackArgs = $additionalArgs;
700 $this->_postAuthenticateCallbackFunction =
$function;
701 $this->_postAuthenticateCallbackArgs = $additionalArgs;
730 $this->_signoutCallbackFunction =
$function;
731 $this->_signoutCallbackArgs = $additionalArgs;
764 $dbg = debug_backtrace();
765 $this->_authentication_caller = array (
766 'file' => $dbg[1][
'file'],
767 'line' => $dbg[1][
'line'],
768 'method' => $dbg[1][
'class'] .
'::' . $dbg[1][
'function'],
769 'result' => (
boolean)
$auth
781 return !empty($this->_authentication_caller);
810 return $this->_authentication_caller[
'result'];
825 if (!$this->_authentication_caller[
'result']) {
827 'authentication was checked (by '
831 .
') but the method returned false'
847 return $this->_authentication_caller[
'file'];
861 return $this->_authentication_caller[
'line'];
875 return $this->_authentication_caller[
'method'];
908 $changeSessionID =
true
911 if (gettype($server_version) !=
'string')
913 if (gettype($proxy) !=
'boolean')
915 if (gettype($server_hostname) !=
'string')
917 if (gettype($server_port) !=
'integer')
919 if (gettype($server_uri) !=
'string')
921 if (gettype($changeSessionID) !=
'boolean')
941 $this->_proxy = $proxy;
948 if (!isset(
$_SESSION[
'phpCAS'][
'service_cookies'])) {
949 $_SESSION[
'phpCAS'][
'service_cookies'] = array();
957 switch ($server_version) {
961 'CAS proxies are not supported in CAS '.$server_version
972 'this version of CAS (`'.$server_version
973 .
'\') is not supported by
phpCAS '.phpCAS::getVersion()
976 $this->_server['version
'] = $server_version;
979 if ( empty($server_hostname)
980 || !preg_match('/[\.\d\-abcdefghijklmnopqrstuvwxyz]*/
', $server_hostname)
982 phpCAS::error('bad
CAS server hostname (`
'.$server_hostname.'\
')');
984 $this->_server[
'hostname'] = $server_hostname;
987 if ( $server_port == 0
988 || !is_int($server_port)
990 phpCAS::error(
'bad CAS server port (`'.$server_hostname.
'\')
');
992 $this->_server['port
'] = $server_port;
995 if ( !preg_match('/[\.\d\-_abcdefghijklmnopqrstuvwxyz\/]*/
', $server_uri) ) {
996 phpCAS::error('bad
CAS server URI (`
'.$server_uri.'\
')');
999 if(strstr($server_uri,
'?') ===
false) $server_uri .=
'/';
1000 $server_uri = preg_replace(
'/\/\//',
'/',
'/'.$server_uri);
1001 $this->_server[
'uri'] = $server_uri;
1012 'CAS proxies must be secured to use phpCAS; PGT\'s will not be received from the CAS server'
1018 $ticket = (isset(
$_GET[
'ticket']) ?
$_GET[
'ticket'] :
null);
1019 if (preg_match(
'/^[SP]T-/', $ticket) ) {
1021 $this->setTicket($ticket);
1022 unset($_GET['ticket
']);
1023 } else if ( !empty($ticket) ) {
1024 //ill-formed ticket, halt
1026 'ill-formed ticket found in the URL (ticket=`
'
1027 .htmlentities($ticket).'\
')'
1064 $this->_change_session_id = $allowed;
1107 $this->_user = $user;
1137 if ( empty($this->_user) ) {
1139 'this method should be used only after '.__CLASS__
1140 .
'::forceAuthentication() or '.__CLASS__.
'::isAuthenticated()'
1177 if ( empty($this->_user) ) {
1180 'this method should be used only after '.__CLASS__
1181 .
'::forceAuthentication() or '.__CLASS__.
'::isAuthenticated()'
1197 return !empty($this->_attributes);
1223 return (is_array($this->_attributes)
1224 && array_key_exists(
$key, $this->_attributes));
1240 return $this->_attributes[
$key];
1255 if (isset(
$_SESSION[
'phpCAS'][
'auth_checked'])) {
1256 unset(
$_SESSION[
'phpCAS'][
'auth_checked']);
1286 if (isset(
$_SESSION[
'phpCAS'][
'auth_checked'])) {
1287 unset(
$_SESSION[
'phpCAS'][
'auth_checked']);
1314 if (gettype(
$n) !=
'integer')
1317 $this->_cache_times_for_auth_recheck =
$n;
1334 unset(
$_SESSION[
'phpCAS'][
'auth_checked']);
1336 }
else if (isset(
$_SESSION[
'phpCAS'][
'auth_checked'])) {
1339 unset(
$_SESSION[
'phpCAS'][
'auth_checked']);
1343 if (!isset(
$_SESSION[
'phpCAS'][
'unauth_count'])) {
1344 $_SESSION[
'phpCAS'][
'unauth_count'] = -2;
1347 if ((
$_SESSION[
'phpCAS'][
'unauth_count'] != -2
1348 && $this->_cache_times_for_auth_recheck == -1)
1349 || (
$_SESSION[
'phpCAS'][
'unauth_count'] >= 0
1350 &&
$_SESSION[
'phpCAS'][
'unauth_count'] < $this->_cache_times_for_auth_recheck)
1354 if ($this->_cache_times_for_auth_recheck != -1) {
1357 'user is not authenticated (cached for '
1358 .
$_SESSION[
'phpCAS'][
'unauth_count'].
' times of '
1359 .$this->_cache_times_for_auth_recheck.
')'
1363 'user is not authenticated (cached for until login pressed)'
1367 $_SESSION[
'phpCAS'][
'unauth_count'] = 0;
1368 $_SESSION[
'phpCAS'][
'auth_checked'] =
true;
1397 'ticket was present and will be discarded, use renewAuthenticate()'
1399 if ($this->_clearTicketsFromUrl) {
1401 session_write_close();
1402 header(
'Location: '.$this->
getURL());
1408 'Already authenticated, but skipping ticket clearing since setNoClearTicketsFromUrl() was used.'
1416 'user was already authenticated, no need to look for tickets'
1430 'CAS 1.0 ticket `'.$this->
getTicket().
'\' is present
'
1432 $this->validateCAS10(
1433 $validate_url, $text_response, $tree_response, $renew
1434 ); // if it fails, it halts
1436 'CAS 1.0 ticket `
'.$this->getTicket().'\
' was validated'
1448 $this->validateCAS20(
1449 $validate_url, $text_response, $tree_response, $renew
1450 ); // note: if it fails, it halts
1452 'CAS '.$this->getServerVersion().' ticket `
'.$this->getTicket().'\
' was validated'
1456 $validate_url, $text_response, $tree_response
1459 $_SESSION['phpCAS']['pgt
'] = $this->_getPGT();
1461 $_SESSION['phpCAS']['user'] = $this->_getUser();
1462 if (!empty($this->_attributes)) {
1463 $_SESSION['phpCAS']['attributes
'] = $this->_attributes;
1465 $proxies = $this->getProxies();
1466 if (!empty($proxies)) {
1467 $_SESSION['phpCAS']['proxies
'] = $this->getProxies();
1470 $logoutTicket = $this->getTicket();
1472 case SAML_VERSION_1_1:
1473 // if we have a SAML ticket, validate it.
1475 'SAML 1.1 ticket `
'.$this->getTicket().'\
' is present'
1478 $validate_url, $text_response, $tree_response, $renew
1481 'SAML 1.1 ticket `'.$this->
getTicket().
'\' was validated
'
1483 $_SESSION['phpCAS']['user'] = $this->_getUser();
1484 $_SESSION['phpCAS']['attributes
'] = $this->_attributes;
1486 $logoutTicket = $this->getTicket();
1489 phpCAS::trace('Protocoll
error');
1493 // no ticket given, not authenticated
1494 phpCAS::trace('no ticket found
');
1497 // Mark the auth-check as complete to allow post-authentication
1498 // callbacks to make use of phpCAS::getUser() and similar methods
1499 $this->markAuthenticationCall($res);
1502 // call the post-authenticate callback if registered.
1503 if ($this->_postAuthenticateCallbackFunction) {
1504 $args = $this->_postAuthenticateCallbackArgs;
1505 array_unshift($args, $logoutTicket);
1506 call_user_func_array(
1507 $this->_postAuthenticateCallbackFunction, $args
1511 // if called with a ticket parameter, we need to redirect to the
1512 // app without the ticket so that CAS-ification is transparent
1513 // to the browser (for later POSTS) most of the checks and
1514 // errors should have been made now, so we're safe
for redirect
1517 if ($this->_clearTicketsFromUrl) {
1519 session_write_close();
1520 header(
'Location: '.$this->
getURL());
1538 return !empty(
$_SESSION[
'phpCAS'][
'user']);
1570 if (isset(
$_SESSION[
'phpCAS'][
'attributes'])) {
1575 'user = `'.
$_SESSION[
'phpCAS'][
'user'].
'\', PGT = `
'
1576 .$_SESSION['phpCAS']['pgt
'].'\
''
1580 if (isset(
$_SESSION[
'phpCAS'][
'proxies'])) {
1584 .implode(
'", "',
$_SESSION[
'phpCAS'][
'proxies']).
'"'
1594 'username found (`'.
$_SESSION[
'phpCAS'][
'user']
1595 .
'\') but PGT is empty
'
1597 // unset all tickets to enforce authentication
1598 unset($_SESSION['phpCAS']);
1599 $this->setTicket('');
1600 } elseif ( !$this->isSessionAuthenticated()
1601 && !empty($_SESSION['phpCAS']['pgt
'])
1603 // these two variables should be empty or not empty at the same time
1605 'PGT found (`
'.$_SESSION['phpCAS']['pgt
']
1606 .'\
') but username is empty'
1619 if (isset(
$_SESSION[
'phpCAS'][
'attributes'])) {
1625 if (isset(
$_SESSION[
'phpCAS'][
'proxies'])) {
1629 .implode(
'", "',
$_SESSION[
'phpCAS'][
'proxies']).
'"'
1657 session_write_close();
1658 if (php_sapi_name() ===
'cli') {
1659 @header(
'Location: '.$cas_url);
1661 header(
'Location: '.$cas_url);
1666 printf(
'<p>'.
$lang->getShouldHaveBeenRedirected().
'</p>', $cas_url);
1685 $paramSeparator =
'?';
1687 $cas_url = $cas_url . $paramSeparator .
"url="
1689 $paramSeparator =
'&';
1691 if (isset(
$params[
'service'])) {
1692 $cas_url = $cas_url . $paramSeparator .
"service="
1693 . urlencode(
$params[
'service']);
1695 header(
'Location: '.$cas_url);
1701 if (session_status() === PHP_SESSION_NONE) {
1709 printf(
'<p>'.
$lang->getShouldHaveBeenRedirected().
'</p>', $cas_url);
1722 return !empty(
$_POST[
'logoutRequest']);
1744 && is_null($this->_signoutCallbackFunction)
1747 "phpCAS can't handle logout requests if it is not allowed to change session_id."
1751 $decoded_logout_rq = urldecode(
$_POST[
'logoutRequest']);
1754 if ($check_client) {
1755 if (!$allowed_clients) {
1758 $client_ip =
$_SERVER[
'REMOTE_ADDR'];
1759 $client = gethostbyaddr($client_ip);
1761 foreach ($allowed_clients as $allowed_client) {
1762 if ((
$client == $allowed_client)
1763 || ($client_ip == $allowed_client)
1766 "Allowed client '".$allowed_client
1767 .
"' matches, logout request is allowed"
1773 "Allowed client '".$allowed_client.
"' does not match"
1790 "|<samlp:SessionIndex>(.*)</samlp:SessionIndex>|",
1791 $decoded_logout_rq, $tick, PREG_OFFSET_CAPTURE, 3
1793 $wrappedSamlSessionIndex = preg_replace(
1794 '|<samlp:SessionIndex>|',
'', $tick[0][0]
1796 $ticket2logout = preg_replace(
1797 '|</samlp:SessionIndex>|',
'', $wrappedSamlSessionIndex
1802 if ($this->_signoutCallbackFunction) {
1804 array_unshift($args, $ticket2logout);
1805 call_user_func_array($this->_signoutCallbackFunction, $args);
1811 $session_id = preg_replace(
'/[^a-zA-Z0-9\-]/',
'', $ticket2logout);
1815 if (session_id() !==
"") {
1820 session_id($session_id);
1821 $_COOKIE[session_name()]=$session_id;
1822 $_GET[session_name()]=$session_id;
1884 $this->_ticket = $st;
1894 return !empty($this->_ticket);
1947 if (gettype($cert) !=
'string') {
1950 if (gettype($validate_cn) !=
'boolean') {
1953 if ( !file_exists($cert) && $this->_requestImplementation !==
'CAS_TestHarness_DummyRequest'){
1956 $this->_cas_server_ca_cert = $cert;
1957 $this->_cas_server_cn_validate = $validate_cn;
1967 $this->_no_cas_server_validation =
true;
1985 public function validateCAS10(&$validate_url,&$text_response,&$tree_response,$renew=
false)
1991 .
'&ticket='.urlencode($this->
getTicket());
1995 $validate_url .=
'&renew=true';
1999 if ( !$this->
_readURL($validate_url, $headers, $text_response, $err_msg) ) {
2001 'could not open URL \''.$validate_url.
'\' to validate (
'.$err_msg.')
'
2003 throw new CAS_AuthenticationException(
2004 $this, 'CAS 1.0 ticket not validated
', $validate_url,
2005 true/*$no_response*/
2010 if (preg_match('/^no\n/
', $text_response)) {
2011 phpCAS::trace('Ticket has not been validated
');
2012 throw new CAS_AuthenticationException(
2013 $this, 'ST not validated
', $validate_url, false/*$no_response*/,
2014 false/*$bad_response*/, $text_response
2017 } else if (!preg_match('/^yes\n/
', $text_response)) {
2018 phpCAS::trace('ill-formed response
');
2019 throw new CAS_AuthenticationException(
2020 $this, 'Ticket not validated
', $validate_url,
2021 false/*$no_response*/, true/*$bad_response*/, $text_response
2025 // ticket has been validated, extract the user name
2026 $arr = preg_split('/\n/
', $text_response);
2027 $this->_setUser(trim($arr[1]));
2031 $this->_renameSession($this->getTicket());
2033 // at this step, ticket has been validated and $this->_user has been set,
2034 phpCAS::traceEnd(true);
2041 // ########################################################################
2043 // ########################################################################
2065 public function validateSA(&$validate_url,&$text_response,&$tree_response,$renew=false)
2067 phpCAS::traceBegin();
2069 // build the URL to validate the ticket
2070 $validate_url = $this->getServerSamlValidateURL();
2074 $validate_url .= '&renew=
true';
2077 // open and read the URL
2078 if ( !$this->_readURL($validate_url, $headers, $text_response, $err_msg) ) {
2080 'could not open URL \
''.$validate_url.
'\' to validate (
'.$err_msg.')
'
2082 throw new CAS_AuthenticationException(
2083 $this, 'SA not validated
', $validate_url, true/*$no_response*/
2087 phpCAS::trace('server version:
'.$this->getServerVersion());
2089 // analyze the result depending on the version
2090 switch ($this->getServerVersion()) {
2091 case SAML_VERSION_1_1:
2092 // create new DOMDocument Object
2093 $dom = new DOMDocument();
2094 // Fix possible whitspace problems
2095 $dom->preserveWhiteSpace = false;
2096 // read the response of the CAS server into a DOM object
2097 if (!($dom->loadXML($text_response))) {
2098 phpCAS::trace('dom->loadXML() failed
');
2099 throw new CAS_AuthenticationException(
2100 $this, 'SA not validated
', $validate_url,
2101 false/*$no_response*/, true/*$bad_response*/,
2106 // read the root node of the XML tree
2107 if (!($tree_response = $dom->documentElement)) {
2108 phpCAS::trace('documentElement() failed
');
2109 throw new CAS_AuthenticationException(
2110 $this, 'SA not validated
', $validate_url,
2111 false/*$no_response*/, true/*$bad_response*/,
2115 } else if ( $tree_response->localName != 'Envelope
' ) {
2116 // insure that tag name is 'Envelope
'
2118 'bad XML root node (should be `Envelope\
' instead of `'
2119 .$tree_response->localName.
'\''
2122 $this,
'SA not validated', $validate_url,
2127 }
else if ($tree_response->getElementsByTagName(
"NameIdentifier")->length != 0) {
2129 $success_elements = $tree_response->getElementsByTagName(
"NameIdentifier");
2130 phpCAS::trace(
'NameIdentifier found');
2131 $user = trim($success_elements->item(0)->nodeValue);
2132 phpCAS::trace(
'user = `'.$user.
'`');
2133 $this->_setUser($user);
2134 $this->_setSessionAttributes($text_response);
2137 phpCAS::trace(
'no <NameIdentifier> tag found in SAML payload');
2138 throw new CAS_AuthenticationException(
2139 $this,
'SA not validated', $validate_url,
2168 $attr_array = array();
2171 $dom =
new DOMDocument();
2173 $dom->preserveWhiteSpace =
false;
2174 if (($dom->loadXML($text_response))) {
2175 $xPath =
new DOMXpath($dom);
2176 $xPath->registerNamespace(
'samlp',
'urn:oasis:names:tc:SAML:1.0:protocol');
2177 $xPath->registerNamespace(
'saml',
'urn:oasis:names:tc:SAML:1.0:assertion');
2178 $nodelist = $xPath->query(
"//saml:Attribute");
2181 foreach ($nodelist as $node) {
2182 $xres = $xPath->query(
"saml:AttributeValue", $node);
2183 $name = $node->getAttribute(
"AttributeName");
2184 $value_array = array();
2185 foreach ($xres as $node2) {
2186 $value_array[] = $node2->nodeValue;
2188 $attr_array[
$name] = $value_array;
2191 foreach ($attr_array as $attr_key => $attr_value) {
2192 if (count($attr_value) > 1) {
2193 $this->_attributes[$attr_key] = $attr_value;
2194 phpCAS::trace(
"* " . $attr_key .
"=" . print_r($attr_value,
true));
2196 $this->_attributes[$attr_key] = $attr_value[0];
2295 return !empty($this->_pgt);
2330 $this->_callback_mode = $callback_mode;
2363 if ( empty($this->_callback_url) ) {
2366 $final_uri =
'https://';
2368 $request_uri =
$_SERVER[
'REQUEST_URI'];
2369 $request_uri = preg_replace(
'/\?.*$/',
'', $request_uri);
2370 $final_uri .= $request_uri;
2371 $this->_callback_url = $final_uri;
2388 if (gettype(
$url) !=
'string')
2391 return $this->_callback_url =
$url;
2403 if (preg_match(
'/PGTIOU-[\.\-\w]/',
$_GET[
'pgtIou'])) {
2404 if (preg_match(
'/[PT]GT-[\.\-\w]/',
$_GET[
'pgtId'])) {
2406 $pgt_iou =
$_GET[
'pgtIou'];
2407 $pgt =
$_GET[
'pgtId'];
2408 phpCAS::trace(
'Storing PGT `'.$pgt.
'\' (
id=`
'.$pgt_iou.'\
')');
2409 echo
'<p>Storing PGT `'.$pgt.
'\' (
id=`
'.$pgt_iou.'\
').</p>';
2410 $this->_storePGT($pgt, $pgt_iou);
2411 $this->printHTMLFooter();
2458 if ( !is_object($this->_pgt_storage) ) {
2463 $this->_pgt_storage->init();
2479 $this->_pgt_storage->write($pgt, $pgt_iou);
2495 return $this->_pgt_storage->read($pgt_iou);
2512 if ( is_object($this->_pgt_storage) ) {
2521 $this->_pgt_storage = $storage;
2542 $dsn_or_pdo, $username=
'',
$password=
'',
$table=
'', $driver_options=
null
2548 if ((is_object($dsn_or_pdo) && !($dsn_or_pdo instanceof PDO)) || gettype($dsn_or_pdo) !=
'string')
2550 if (gettype($username) !=
'string')
2554 if (gettype(
$table) !=
'string')
2579 if (gettype(
$path) !=
'string')
2604 private function _validatePGT(&$validate_url,$text_response,$tree_response)
2607 if ( $tree_response->getElementsByTagName(
"proxyGrantingTicket")->length == 0) {
2611 $this,
'Ticket validated but no PGT Iou transmitted',
2612 $validate_url,
false,
false,
2618 $tree_response->getElementsByTagName(
"proxyGrantingTicket")->item(0)->nodeValue
2620 if (preg_match(
'/PGTIOU-[\.\-\w]/', $pgt_iou)) {
2622 if ( $pgt ==
false ) {
2626 'PGT Iou was transmitted but PGT could not be retrieved',
2627 $validate_url,
false,
2628 false, $text_response
2635 $this,
'PGT Iou was transmitted but has wrong format',
2636 $validate_url,
false,
false,
2661 if (gettype($target_service) !=
'string')
2674 .urlencode($target_service).
'&pgt='.$this->
_getPGT();
2677 if ( !$this->
_readURL($cas_url, $headers, $cas_response, $err_msg) ) {
2679 'could not open URL \''.$cas_url.
'\' to validate (
'.$err_msg.')
'
2681 $err_code = PHPCAS_SERVICE_PT_NO_SERVER_RESPONSE;
2682 $err_msg = 'could not retrieve PT (no response from the
CAS server)
';
2683 phpCAS::traceEnd(false);
2687 $bad_response = false;
2689 if ( !$bad_response ) {
2690 // create new DOMDocument object
2691 $dom = new DOMDocument();
2692 // Fix possible whitspace problems
2693 $dom->preserveWhiteSpace = false;
2694 // read the response of the CAS server into a DOM object
2695 if ( !($dom->loadXML($cas_response))) {
2696 phpCAS::trace('dom->loadXML() failed
');
2698 $bad_response = true;
2702 if ( !$bad_response ) {
2703 // read the root node of the XML tree
2704 if ( !($root = $dom->documentElement) ) {
2705 phpCAS::trace('documentElement failed
');
2707 $bad_response = true;
2711 if ( !$bad_response ) {
2712 // insure that tag name is 'serviceResponse
'
2713 if ( $root->localName != 'serviceResponse
' ) {
2714 phpCAS::trace('localName failed
');
2716 $bad_response = true;
2720 if ( !$bad_response ) {
2721 // look for a proxySuccess tag
2722 if ( $root->getElementsByTagName("proxySuccess")->length != 0) {
2723 $proxy_success_list = $root->getElementsByTagName("proxySuccess");
2725 // authentication succeded, look for a proxyTicket tag
2726 if ( $proxy_success_list->item(0)->getElementsByTagName("proxyTicket")->length != 0) {
2727 $err_code = PHPCAS_SERVICE_OK;
2730 $proxy_success_list->item(0)->getElementsByTagName("proxyTicket")->item(0)->nodeValue
2732 phpCAS::trace('original PT:
'.trim($pt));
2733 phpCAS::traceEnd($pt);
2736 phpCAS::trace('<proxySuccess> was found, but not <proxyTicket>
');
2738 } else if ($root->getElementsByTagName("proxyFailure")->length != 0) {
2739 // look for a proxyFailure tag
2740 $proxy_failure_list = $root->getElementsByTagName("proxyFailure");
2742 // authentication failed, extract the error
2743 $err_code = PHPCAS_SERVICE_PT_FAILURE;
2744 $err_msg = 'PT retrieving failed (code=`
'
2745 .$proxy_failure_list->item(0)->getAttribute('code
')
2747 .trim($proxy_failure_list->item(0)->nodeValue)
2749 phpCAS::traceEnd(false);
2752 phpCAS::trace('neither <proxySuccess> nor <proxyFailure> found
');
2756 // at this step, we are sure that the response of the CAS server was
2758 $err_code = PHPCAS_SERVICE_PT_BAD_SERVER_RESPONSE;
2759 $err_msg = 'Invalid response from the
CAS server (response=`
'
2760 .$cas_response.'\
')';
2794 $request =
new $className();
2796 if (count($this->_curl_options)) {
2797 $request->setCurlOptions($this->_curl_options);
2800 $request->setUrl(
$url);
2802 if (empty($this->_cas_server_ca_cert) && !$this->_no_cas_server_validation) {
2804 'one of the methods phpCAS::setCasServerCACert() or phpCAS::setNoCasServerValidation() must be called.'
2807 if ($this->_cas_server_ca_cert !=
'') {
2808 $request->setSslCaCert(
2809 $this->_cas_server_ca_cert, $this->_cas_server_cn_validate
2815 $request->addHeader(
"soapaction: http://www.oasis-open.org/committees/security");
2816 $request->addHeader(
"cache-control: no-cache");
2817 $request->addHeader(
"pragma: no-cache");
2818 $request->addHeader(
"accept: text/xml");
2819 $request->addHeader(
"connection: keep-alive");
2820 $request->addHeader(
"content-type: text/xml");
2821 $request->makePost();
2825 if ($request->send()) {
2826 $headers = $request->getResponseHeaders();
2827 $body = $request->getResponseBody();
2834 $err_msg = $request->getErrorMessage();
2853 .SAML_ASSERTION_ARTIFACT.$sa.SAML_ASSERTION_ARTIFACT_CLOSE
2854 .SAMLP_REQUEST_CLOSE.SAML_SOAP_BODY_CLOSE.SAML_SOAP_ENV_CLOSE;
2889 if (gettype(
$type) !=
'string')
2896 $request =
new $requestClass();
2897 if (count($this->_curl_options)) {
2898 $request->setCurlOptions($this->_curl_options);
2900 $proxiedService =
new $type($request, $this->_serviceCookieJar);
2902 $proxiedService->setCasClient($this);
2904 return $proxiedService;
2908 $proxiedService->setCasClient($this);
2910 return $proxiedService;
2913 "Unknown proxied-service type, $type."
2940 if (!is_string(
$url)) {
2942 "Proxied Service ".get_class($proxiedService)
2943 .
"->getServiceUrl() should have returned a string, returned a "
2944 .gettype(
$url).
" instead."
2975 if (gettype(
$url) !=
'string')
2986 $err_code = $e->getCode();
2992 $lang->getServiceUnavailable(),
$url, $e->getMessage()
3025 if (gettype(
$url) !=
'string')
3027 if (gettype($serviceUrl) !=
'string')
3029 if (gettype($flags) !=
'integer')
3034 $service->setServiceUrl($serviceUrl);
3040 $pt =
$service->getImapProxyTicket();
3043 $err_msg = $e->getMessage();
3044 $err_code = $e->getCode();
3050 $lang->getServiceUnavailable(),
3112 $this->_proxies = $proxies;
3113 if (!empty($proxies)) {
3139 if (empty($this->_allowed_proxy_chains)) {
3166 public function validateCAS20(&$validate_url,&$text_response,&$tree_response, $renew=
false)
3187 $validate_url .=
'&renew=true';
3191 if ( !$this->
_readURL($validate_url, $headers, $text_response, $err_msg) ) {
3193 'could not open URL \''.$validate_url.
'\' to validate (
'.$err_msg.')
'
3195 throw new CAS_AuthenticationException(
3196 $this, 'Ticket not validated
', $validate_url,
3197 true/*$no_response*/
3202 // create new DOMDocument object
3203 $dom = new DOMDocument();
3204 // Fix possible whitspace problems
3205 $dom->preserveWhiteSpace = false;
3206 // CAS servers should only return data in utf-8
3207 $dom->encoding = "utf-8";
3208 // read the response of the CAS server into a DOMDocument object
3209 if ( !($dom->loadXML($text_response))) {
3211 throw new CAS_AuthenticationException(
3212 $this, 'Ticket not validated
', $validate_url,
3213 false/*$no_response*/, true/*$bad_response*/, $text_response
3216 } else if ( !($tree_response = $dom->documentElement) ) {
3217 // read the root node of the XML tree
3219 throw new CAS_AuthenticationException(
3220 $this, 'Ticket not validated
', $validate_url,
3221 false/*$no_response*/, true/*$bad_response*/, $text_response
3224 } else if ($tree_response->localName != 'serviceResponse
') {
3225 // insure that tag name is 'serviceResponse
'
3227 throw new CAS_AuthenticationException(
3228 $this, 'Ticket not validated
', $validate_url,
3229 false/*$no_response*/, true/*$bad_response*/, $text_response
3232 } else if ( $tree_response->getElementsByTagName("authenticationFailure")->length != 0) {
3233 // authentication failed, extract the error code and message and throw exception
3234 $auth_fail_list = $tree_response
3235 ->getElementsByTagName("authenticationFailure");
3236 throw new CAS_AuthenticationException(
3237 $this, 'Ticket not validated
', $validate_url,
3238 false/*$no_response*/, false/*$bad_response*/,
3240 $auth_fail_list->item(0)->getAttribute('code
')/*$err_code*/,
3241 trim($auth_fail_list->item(0)->nodeValue)/*$err_msg*/
3244 } else if ($tree_response->getElementsByTagName("authenticationSuccess")->length != 0) {
3245 // authentication succeded, extract the user name
3246 $success_elements = $tree_response
3247 ->getElementsByTagName("authenticationSuccess");
3248 if ( $success_elements->item(0)->getElementsByTagName("user")->length == 0) {
3249 // no user specified => error
3250 throw new CAS_AuthenticationException(
3251 $this, 'Ticket not validated
', $validate_url,
3252 false/*$no_response*/, true/*$bad_response*/, $text_response
3258 $success_elements->item(0)->getElementsByTagName("user")->item(0)->nodeValue
3261 $this->_readExtraAttributesCas20($success_elements);
3262 // Store the proxies we are sitting behind for authorization checking
3263 $proxyList = array();
3264 if ( sizeof($arr = $success_elements->item(0)->getElementsByTagName("proxy")) > 0) {
3265 foreach ($arr as $proxyElem) {
3266 phpCAS::trace("Found Proxy: ".$proxyElem->nodeValue);
3267 $proxyList[] = trim($proxyElem->nodeValue);
3269 $this->_setProxies($proxyList);
3270 phpCAS::trace("Storing Proxy List");
3272 // Check if the proxies in front of us are allowed
3273 if (!$this->getAllowedProxyChains()->isProxyListAllowed($proxyList)) {
3274 throw new CAS_AuthenticationException(
3275 $this, 'Proxy not allowed
', $validate_url,
3276 false/*$no_response*/, true/*$bad_response*/,
3285 throw new CAS_AuthenticationException(
3286 $this, 'Ticket not validated
', $validate_url,
3287 false/*$no_response*/, true/*$bad_response*/,
3293 $this->_renameSession($this->getTicket());
3295 // at this step, Ticket has been validated and $this->_user has been set,
3297 phpCAS::traceEnd($result);
3311 private function _readExtraAttributesCas20($success_elements)
3313 phpCAS::traceBegin();
3315 $extra_attributes = array();
3317 // "Jasig Style" Attributes:
3319 // <cas:serviceResponse xmlns:cas='http:
3333 if ($this->_casAttributeParserCallbackFunction !==
null
3334 && is_callable($this->_casAttributeParserCallbackFunction)
3336 array_unshift($this->_casAttributeParserCallbackArgs, $success_elements->item(0));
3337 phpCas :: trace(
"Calling attritubeParser callback");
3338 $extra_attributes = call_user_func_array(
3339 $this->_casAttributeParserCallbackFunction,
3340 $this->_casAttributeParserCallbackArgs
3342 } elseif ( $success_elements->item(0)->getElementsByTagName(
"attributes")->length != 0) {
3343 $attr_nodes = $success_elements->item(0)
3344 ->getElementsByTagName(
"attributes");
3345 phpCas :: trace(
"Found nested jasig style attributes");
3346 if ($attr_nodes->item(0)->hasChildNodes()) {
3348 foreach ($attr_nodes->item(0)->childNodes as $attr_child) {
3350 "Attribute [".$attr_child->localName.
"] = "
3351 .$attr_child->nodeValue
3354 $extra_attributes, $attr_child->localName,
3355 $attr_child->nodeValue
3376 phpCas :: trace(
"Testing for rubycas style attributes");
3377 $childnodes = $success_elements->item(0)->childNodes;
3378 foreach ($childnodes as $attr_node) {
3379 switch ($attr_node->localName) {
3382 case 'proxyGrantingTicket':
3385 if (strlen(trim($attr_node->nodeValue))) {
3387 "Attribute [".$attr_node->localName.
"] = ".$attr_node->nodeValue
3390 $extra_attributes, $attr_node->localName,
3391 $attr_node->nodeValue
3418 if (!count($extra_attributes)
3419 && $success_elements->item(0)->getElementsByTagName(
"attribute")->length != 0
3421 $attr_nodes = $success_elements->item(0)
3422 ->getElementsByTagName(
"attribute");
3423 $firstAttr = $attr_nodes->item(0);
3424 if (!$firstAttr->hasChildNodes()
3425 && $firstAttr->hasAttribute(
'name')
3426 && $firstAttr->hasAttribute(
'value')
3428 phpCas :: trace(
"Found Name-Value style attributes");
3430 foreach ($attr_nodes as $attr_node) {
3431 if ($attr_node->hasAttribute(
'name')
3432 && $attr_node->hasAttribute(
'value')
3435 "Attribute [".$attr_node->getAttribute(
'name')
3436 .
"] = ".$attr_node->getAttribute(
'value')
3439 $extra_attributes, $attr_node->getAttribute(
'name'),
3440 $attr_node->getAttribute(
'value')
3464 if (isset($attributeArray[
$name])) {
3466 if (!is_array($attributeArray[
$name])) {
3467 $existingValue = $attributeArray[
$name];
3468 $attributeArray[
$name] = array($existingValue);
3471 $attributeArray[
$name][] = trim($value);
3473 $attributeArray[
$name] = trim($value);
3512 if (gettype(
$url) !=
'string')
3528 if ( empty($this->_url) ) {
3531 $final_uri = ($this->
_isHttps()) ?
'https' :
'http';
3532 $final_uri .=
'://';
3535 $request_uri = explode(
'?',
$_SERVER[
'REQUEST_URI'], 2);
3536 $final_uri .= $request_uri[0];
3538 if (isset($request_uri[1]) && $request_uri[1]) {
3543 if ($query_string !==
'') {
3544 $final_uri .=
"?$query_string";
3549 $this->
setURL($final_uri);
3565 if (gettype(
$url) !=
'string')
3568 return $this->_server[
'base_url'] =
$url;
3580 if (!empty(
$_SERVER[
'HTTP_X_FORWARDED_HOST'])) {
3582 $hosts = explode(
',',
$_SERVER[
'HTTP_X_FORWARDED_HOST']);
3585 }
else if (!empty(
$_SERVER[
'HTTP_X_FORWARDED_SERVER'])) {
3586 $server_url =
$_SERVER[
'HTTP_X_FORWARDED_SERVER'];
3588 if (empty(
$_SERVER[
'SERVER_NAME'])) {
3589 $server_url =
$_SERVER[
'HTTP_HOST'];
3591 $server_url =
$_SERVER[
'SERVER_NAME'];
3594 if (!strpos($server_url,
':')) {
3595 if (empty(
$_SERVER[
'HTTP_X_FORWARDED_PORT'])) {
3596 $server_port =
$_SERVER[
'SERVER_PORT'];
3598 $ports = explode(
',',
$_SERVER[
'HTTP_X_FORWARDED_PORT']);
3599 $server_port = $ports[0];
3602 if ( ($this->
_isHttps() && $server_port!=443)
3603 || (!$this->
_isHttps() && $server_port!=80)
3606 $server_url .= $server_port;
3619 if (!empty(
$_SERVER[
'HTTP_X_FORWARDED_PROTO'])) {
3620 return (
$_SERVER[
'HTTP_X_FORWARDED_PROTO'] ===
'https');
3621 } elseif (!empty(
$_SERVER[
'HTTP_X_FORWARDED_PROTOCOL'])) {
3622 return (
$_SERVER[
'HTTP_X_FORWARDED_PROTOCOL'] ===
'https');
3623 } elseif ( isset(
$_SERVER[
'HTTPS'])
3625 && strcasecmp(
$_SERVER[
'HTTPS'],
'off') !== 0
3645 $parameterName = preg_quote($parameterName);
3646 return preg_replace(
3647 "/&$parameterName(=[^&]*)?|^$parameterName(=[^&]*)?&?/",
3664 $url .= (strstr(
$url,
'?') ===
false) ?
'?' :
'&';
3680 if (!empty($this->_user)) {
3685 $session_id = preg_replace(
'/[^a-zA-Z0-9\-]/',
'', $ticket);
3687 session_id($session_id);
3693 'Session should only be renamed after successfull authentication'
3698 "Skipping session rename since phpCAS is not handling the session."
3737 $lang->getYouWereNotAuthenticated(), htmlentities($this->
getURL()),
3742 if ( $no_response ) {
3745 if ( $bad_response ) {
3754 if ( empty($err_code) ) {
3758 'Reason: ['.$err_code.
'] CAS error: '.$err_msg
3799 if (preg_match(
"/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/", $nodeURL)) {
3818 if ( !(
bool)preg_match(
"/^(http|https):\/\/([A-Z0-9][A-Z0-9_-]*(?:\.[A-Z0-9][A-Z0-9_-]*)+):?(\d+)?\/?/i", $rebroadcastNodeUrl))
3823 $this->_rebroadcast_nodes[] = $rebroadcastNodeUrl;
3841 if (gettype(
$header) !=
'string')
3844 $this->_rebroadcast_headers[] =
$header;
3864 $rebroadcast_curl_options = array(
3865 CURLOPT_FAILONERROR => 1,
3866 CURLOPT_FOLLOWLOCATION => 1,
3867 CURLOPT_RETURNTRANSFER => 1,
3868 CURLOPT_CONNECTTIMEOUT => 1,
3869 CURLOPT_TIMEOUT => 4);
3872 if (!empty(
$_SERVER[
'SERVER_ADDR'])) {
3874 }
else if (!empty(
$_SERVER[
'LOCAL_ADDR'])) {
3880 $dns = gethostbyaddr($ip);
3882 $multiClassName =
'CAS_Request_CurlMultiRequest';
3883 $multiRequest =
new $multiClassName();
3886 if ((($this->
_getNodeType($this->_rebroadcast_nodes[
$i]) == self::HOSTNAME) && !empty($dns) && (stripos($this->_rebroadcast_nodes[
$i], $dns) ===
false))
3887 || (($this->
_getNodeType($this->_rebroadcast_nodes[
$i]) ==
self::IP) && !empty($ip) && (stripos($this->_rebroadcast_nodes[
$i], $ip) ===
false))
3890 'Rebroadcast target URL: '.$this->_rebroadcast_nodes[
$i]
3894 $request =
new $className();
3896 $url = $this->_rebroadcast_nodes[
$i].$_SERVER[
'REQUEST_URI'];
3897 $request->setUrl(
$url);
3899 if (count($this->_rebroadcast_headers)) {
3900 $request->addHeaders($this->_rebroadcast_headers);
3903 $request->makePost();
3904 if (
$type == self::LOGOUT) {
3906 $request->setPostBody(
3907 'rebroadcast=false&logoutRequest='.
$_POST[
'logoutRequest']
3909 }
else if (
$type == self::PGTIOU) {
3911 $request->setPostBody(
'rebroadcast=false');
3914 $request->setCurlOptions($rebroadcast_curl_options);
3916 $multiRequest->addRequest($request);
3919 'Rebroadcast not sent to self: '
3920 .$this->_rebroadcast_nodes[
$i].
' == '.(!empty($ip)?$ip:
'')
3921 .
'/'.(!empty($dns)?$dns:
'')
3926 if ($multiRequest->getNumRequests() > 0) {
3927 $multiRequest->send();
sprintf('%.4f', $callTime)
This interface defines methods that allow proxy-authenticated service handlers to interact with phpCA...
The CAS_Client class is a client interface that provides CAS authentication to PHP applications.
This class provides access to service cookies and handles parsing of response headers to pull out coo...
An exception for terminatinating execution or to throw for unit testing.
Exception that denotes invalid arguments were passed.
This class defines Exceptions that should be thrown when the sequence of operations is invalid.
This class defines Exceptions that should be thrown when the sequence of operations is invalid.
This class defines Exceptions that should be thrown when the sequence of operations is invalid.
Basic class for PGT storage The CAS_PGTStorage_AbstractStorage class is a generic class for PGT stora...
Basic class for PGT database storage The CAS_PGTStorage_Db class is a class for PGT database storage.
The CAS_PGTStorage_File class is a class for PGT file storage.
An Exception for problems communicating with a proxied service.
Provides access to a proxy-authenticated IMAP stream.
ProxyChain is a container for storing chains of valid proxies that can be used to validate proxied re...
An Exception for errors related to fetching or validating proxy tickets.
Licensed to Jasig under one or more contributor license agreements.
error($a_errmsg)
set error message @access public
The phpCAS class is a simple container for the phpCAS library.
if(!is_dir( $entity_dir)) exit("Fatal Error ([A-Za-z0-9]+)\s+" &#(? foreach( $entity_files as $file) $output
getUser()
This method returns the CAS user's login name.
$_user
The Authenticated user.
_hasAttribute($key)
Check whether a specific attribute with a name is available.
getAttributes()
Get an key values arry of attributes.
hasAttribute($key)
Check whether a specific attribute with a name is available.
checkAuthentication()
This method is called to check whether the user is authenticated or not.
isSessionAuthenticated()
This method tells if the current session is authenticated.
_setUser($user)
This method sets the CAS user's login name.
$_cache_times_for_auth_recheck
An integer that gives the number of times authentication will be cached before rechecked.
isAuthenticated($renew=false)
This method is called to check if the user is authenticated (previously or by tickets given in the UR...
getAttribute($key)
Get a specific attribute by name.
setAttributes($attributes)
Set an array of attributes.
hasAttributes()
Check whether attributes are available.
_getUser()
This method returns the CAS user's login name.
_isLogoutRequest()
Check of the current request is a logout request.
setCacheTimesForAuthRecheck($n)
Set the number of times authentication will be cached before rechecked.
_wasPreviouslyAuthenticated()
This method tells if the user has already been (previously) authenticated by looking into the session...
$_attributes
The Authenticated users attributes.
redirectToCas($gateway=false, $renew=false)
This method is used to redirect the client to the CAS server.
logout($params)
This method is used to logout from CAS.
handleLogoutRequests($check_client=true, $allowed_clients=false)
This method handles logout requests.
forceAuthentication()
This method is called to be sure that the user is authenticated.
renewAuthentication()
This method is called to renew the authentication of the user If the user is authenticated,...
$_cas_server_ca_cert
the certificate of the CAS server CA.
hasTicket()
This method tells if a Service Ticket was stored.
getTicket()
This method returns the Service Ticket provided in the URL of the request.
$_ticket
The Ticket provided in the URL of the request if present (empty otherwise).
validateCAS10(&$validate_url, &$text_response, &$tree_response, $renew=false)
This method is used to validate a CAS 1,0 ticket; halt on failure, and sets $validate_url,...
$_cas_server_cn_validate
validate CN of the CAS server certificate
$_no_cas_server_validation
Set to true not to validate the CAS server.
setTicket($st)
This method stores the Service Ticket.
setCasServerCACert($cert, $validate_cn)
Set the CA certificate of the CAS server.
setNoCasServerValidation()
Set no SSL validation for the CAS server.
$_signoutCallbackFunction
$_casAttributeParserCallbackArgs
$_requestImplementation
The class to instantiate for making web requests in readUrl().
wasAuthenticationCallSuccessful()
Answer the result of the authentication call.
$_postAuthenticateCallbackArgs
setRequestImplementation($className)
Override the default implementation used to make web requests in readUrl().
setPostAuthenticateCallback($function, array $additionalArgs=array())
Set a callback function to be run when a user authenticates.
getAuthenticationCallerMethod()
Answer information about the authentication caller.
setSingleSignoutCallback($function, array $additionalArgs=array())
Set a callback function to be run when a single-signout request is received.
$_casAttributeParserCallbackFunction
getAuthenticationCallerFile()
Answer information about the authentication caller.
markAuthenticationCall($auth)
Mark the caller of authentication.
setCasAttributeParserCallback($function, array $additionalArgs=array())
Set a callback function to be run when parsing CAS attributes.
wasAuthenticationCalled()
Answer true if authentication has been checked.
_ensureAuthenticationCalled()
Ensure that authentication was checked.
getAuthenticationCallerLine()
Answer information about the authentication caller.
ensureAuthenticationCallSuccessful()
Ensure that authentication was checked.
$_postAuthenticateCallbackFunction
ensureIsProxy()
Ensure that this is actually a proxy object or fail with an exception.
setNoClearTicketsFromUrl()
Configure the client to not send redirect headers and call exit() on authentication success.
_setCallbackMode($callback_mode)
This method sets/unsets callback mode.
$_callback_url
the URL that should be used for the PGT callback (in fact the URL of the current request without any ...
_callback()
This method is called by CAS_Client::CAS_Client() when running in callback mode.
setCallbackURL($url)
This method sets the callback url.
_getCallbackURL()
This method returns the URL that should be used for the PGT callback (in fact the URL of the current ...
$_callback_mode
each PHP script using phpCAS in proxy mode is its own callback to get the PGT back from the CAS serve...
_isCallbackMode()
This method returns true when the CAs client is running i callback mode, false otherwise.
getServerServiceValidateURL()
This method is used to retrieve the service validating URL of the CAS server.
_getServerHostname()
This method is used to retrieve the hostname of the CAS server.
getServerVersion()
This method is used to retrieve the version of the CAS server.
getServerProxyValidateURL()
This method is used to retrieve the proxy validating URL of the CAS server.
_setChangeSessionID($allowed)
Set a parameter whether to allow phpCas to change session_id.
setServerServiceValidateURL($url)
This method sets the serviceValidate URL of the CAS server.
getChangeSessionID()
Get whether phpCas is allowed to change session_id.
getServerProxyURL()
This method is used to retrieve the proxy URL of the CAS server.
setServerSamlValidateURL($url)
This method sets the samlValidate URL of the CAS server.
getServerLogoutURL()
This method is used to retrieve the logout URL of the CAS server.
setServerLogoutURL($url)
This method sets the logout URL of the CAS server.
__construct( $server_version, $proxy, $server_hostname, $server_port, $server_uri, $changeSessionID=true)
CAS_Client constructor.
getServerLoginURL($gateway=false, $renew=false)
This method is used to retrieve the login URL of the CAS server.
_getServerURI()
This method is used to retrieve the URI of the CAS server.
setExtraCurlOption($key, $value)
This method is used to set additional user curl options.
$_server
a record to store information about the CAS server.
setServerLoginURL($url)
This method sets the login URL of the CAS server.
_getServerPort()
This method is used to retrieve the port of the CAS server.
setServerProxyValidateURL($url)
This method sets the proxyValidate URL of the CAS server.
getServerSamlValidateURL()
This method is used to retrieve the SAML validating URL of the CAS server.
_getServerBaseURL()
This method is used to retrieve the base URL of the CAS server.
$_change_session_id
A variable to whether phpcas will use its own session handling.
$_curl_options
An array to store extra curl options.
setLang($lang)
This method is used to set the language used by phpCAS.
$_lang
A string corresponding to the language used by phpCAS.
const PHPCAS_LANG_DEFAULT
phpCAS default language (when phpCAS::setLang() is not used)
getLangObj()
Create the language.
$_rebroadcast_headers
An array to store extra rebroadcast curl options.
_renameSession($ticket)
Renaming the session.
_buildQueryUrl($url, $query)
This method is used to append query parameters to an url.
_rebroadcast($type)
This method rebroadcasts logout/pgtIou requests.
const HOSTNAME
Constants used for determining rebroadcast node type.
$_rebroadcast
Boolean of whether to rebroadcast pgtIou/pgtId and logoutRequest, and array of the nodes.
const LOGOUT
Constants used for determining rebroadcast type (logout or pgtIou/pgtId).
addRebroadcastHeader($header)
This method is used to add header parameters when rebroadcasting pgtIou/pgtId or logoutRequest.
_authError( $failure, $cas_url, $no_response, $bad_response='', $cas_response='', $err_code='', $err_msg='')
This method is used to print the HTML output when the user was not authenticated.
_buildSAMLPayload()
This method is used to build the SAML POST body sent to /samlValidate URL.
_getNodeType($nodeURL)
Determine the node type from the URL.
setURL($url)
This method sets the URL of the current request.
setBaseURL($url)
This method sets the base URL of the CAS server.
addRebroadcastNode($rebroadcastNodeUrl)
Store the rebroadcast node for pgtIou/pgtId and logout requests.
getURL()
This method returns the URL of the current request (without any ticket CGI parameter).
_removeParameterFromQueryString($parameterName, $queryString)
Removes a parameter from a query string.
_isHttps()
This method checks to see if the request is secured via HTTPS.
_readURL($url, &$headers, &$body, &$err_msg)
This method is used to acces a remote URL.
$_url
the URL of the current request (without any ticket CGI parameter).
_getClientUrl()
Try to figure out the phpCas client URL with possible Proxys / Ports etc.
printHTMLFooter()
This method prints the footer of the HTML output (after filtering).
setHTMLFooter($footer)
This method set the HTML footer used for all outputs.
printHTMLHeader($title)
This method prints the header of the HTML output (after filtering).
setHTMLHeader($header)
This method set the HTML header used for all outputs.
_htmlFilterOutput($str)
This method filters a string by replacing special tokens by appropriate values and prints it.
$_output_footer
A string used to print the footer of HTML pages.
$_output_header
A string used to print the header of HTML pages.
_loadPGT($pgt_iou)
This method reads a PGT from its Iou and deletes the corresponding storage entry.
retrievePT($target_service, &$err_code, &$err_msg)
This method is used to retrieve PT's from the CAS server thanks to a PGT.
_validatePGT(&$validate_url, $text_response, $tree_response)
This method is used to validate a PGT; halt on failure.
setPGTStorage($storage)
This method can be used to set a custom PGT storage object.
_initPGTStorage()
This method is used to initialize the storage of PGT's.
setPGTStorageFile($path='')
This method is used to tell phpCAS to store the response of the CAS server to PGT requests onto the f...
$_pgt_storage
an instance of a class inheriting of PGTStorage, used to deal with PGT storage.
_storePGT($pgt, $pgt_iou)
This method stores a PGT.
setPGTStorageDb( $dsn_or_pdo, $username='', $password='', $table='', $driver_options=null)
This method is used to tell phpCAS to store the response of the CAS server to PGT requests in a datab...
validateCAS20(&$validate_url, &$text_response, &$tree_response, $renew=false)
This method is used to validate a cas 2.0 ST or PT; halt on failure Used for all CAS 2....
_addAttributeToArray(array &$attributeArray, $name, $value)
Add an attribute value to an array of attributes.
getProxiedService($type)
Answer a proxy-authenticated service handler.
serviceWeb($url, &$err_code, &$output)
This method is used to access an HTTP[S] service.
serviceMail($url, $serviceUrl, $flags, &$err_code, &$err_msg, &$pt)
This method is used to access an IMAP/POP3/NNTP service.
initializeProxiedService(CAS_ProxiedService $proxiedService)
Initialize a proxied-service handler with the proxy-ticket it should use.
isProxy()
Tells if a CAS client is a CAS proxy or not.
$_serviceCookieJar
Handler for managing service cookies.
$_pgt
the Proxy Grnting Ticket given by the CAS server (empty otherwise).
_setPGT($pgt)
This method stores the Proxy Granting Ticket.
$_proxy
A boolean telling if the client is a CAS proxy or not.
_hasPGT()
This method tells if a Proxy Granting Ticket was stored.
_getPGT()
This method returns the Proxy Granting Ticket given by the CAS server.
_setSessionAttributes($text_response)
This method will parse the DOM and pull out the attributes from the SAML payload and put them into an...
validateSA(&$validate_url, &$text_response, &$tree_response, $renew=false)
This method is used to validate a SAML TICKET; halt on failure, and sets $validate_url,...
$_proxies
This array will store a list of proxies in front of this application.
getAllowedProxyChains()
Answer the CAS_ProxyChain_AllowedList object for this client.
_setProxies($proxies)
Set the Proxy array, probably from persistant storage.
getProxies()
Answer an array of proxies that are sitting in front of this application.
static trace($str)
This method is used to log something in debug mode.
static traceEnd($res='')
This method is used to indicate the end of the execution of a function in debug mode.
static traceBegin()
This method is used to indicate the start of the execution of a function in debug mode.
static error($msg)
This method is used by interface methods to print an error and where the function was originally call...
static traceExit()
This method is used to indicate the end of the execution of the program.
const PHPCAS_PROXIED_SERVICE_HTTP_POST
phpCAS::getProxiedService() type for HTTP POST
const PHPCAS_PROXIED_SERVICE_HTTP_GET
phpCAS::getProxiedService() type for HTTP GET
const PHPCAS_SERVICE_OK
phpCAS::service() error code on success
const PHPCAS_SERVICE_NOT_AVAILABLE
phpCAS::service() error code when the service was not available.
const PHPCAS_PROXIED_SERVICE_IMAP
phpCAS::getProxiedService() type for IMAP
const CAS_VERSION_3_0
CAS version 3.0.
const SAML_SOAP_ENV
SOAP envelope for SAML POST.
static getVersion()
This method returns the phpCAS version.
const SAML_VERSION_1_1
SAML protocol.
const CAS_VERSION_1_0
CAS version 1.0.
Language Interface class for all internationalization files.
This interface defines methods that allow proxy-authenticated service handlers to interact with phpCA...
getServiceUrl()
Answer a service identifier (URL) for whom we should fetch a proxy ticket.
setProxyTicket($proxyTicket)
Register a proxy ticket with the ProxiedService that it can use when making requests.
This interface defines a class library for performing web requests.
$stream
PHP stream implementation.
static http()
Fetches the global http state from ILIAS.
if(empty($password)) $table
foreach($_POST as $key=> $value) $res
if((!isset($_SERVER['DOCUMENT_ROOT'])) OR(empty($_SERVER['DOCUMENT_ROOT']))) $_SERVER['DOCUMENT_ROOT']
1.9.4 (using Doxyfile)