ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
Functions | Variables
Authentication
Implementation
+ Collaboration diagram for Authentication:

Functions

 CAS_Client::_setUser ($user)
 This method sets the CAS user's login name. More...
 
 CAS_Client::getUser ()
 This method returns the CAS user's login name. More...
 
 CAS_Client::_getUser ()
 This method returns the CAS user's login name. More...
 
 CAS_Client::setAttributes ($attributes)
 Set an array of attributes. More...
 
 CAS_Client::getAttributes ()
 Get an key values arry of attributes. More...
 
 CAS_Client::hasAttributes ()
 Check whether attributes are available. More...
 
 CAS_Client::hasAttribute ($key)
 Check whether a specific attribute with a name is available. More...
 
 CAS_Client::_hasAttribute ($key)
 Check whether a specific attribute with a name is available. More...
 
 CAS_Client::getAttribute ($key)
 Get a specific attribute by name. More...
 
 CAS_Client::renewAuthentication ()
 This method is called to renew the authentication of the user If the user is authenticated, renew the connection If not, redirect to CAS. More...
 
 CAS_Client::forceAuthentication ()
 This method is called to be sure that the user is authenticated. More...
 
 CAS_Client::setCacheTimesForAuthRecheck ($n)
 Set the number of times authentication will be cached before rechecked. More...
 
 CAS_Client::checkAuthentication ()
 This method is called to check whether the user is authenticated or not. More...
 
 CAS_Client::isAuthenticated ($renew=false)
 This method is called to check if the user is authenticated (previously or by tickets given in the URL). More...
 
 CAS_Client::isSessionAuthenticated ()
 This method tells if the current session is authenticated. More...
 
 CAS_Client::_wasPreviouslyAuthenticated ()
 This method tells if the user has already been (previously) authenticated by looking into the session variables. More...
 
 CAS_Client::redirectToCas ($gateway=false, $renew=false)
 This method is used to redirect the client to the CAS server. More...
 
 CAS_Client::logout ($params)
 This method is used to logout from CAS. More...
 
 CAS_Client::_isLogoutRequest ()
 Check of the current request is a logout request. More...
 
 CAS_Client::handleLogoutRequests ($check_client=true, $allowed_clients=false)
 This method handles logout requests. More...
 

Variables

 CAS_Client::$_user
 The Authenticated user. More...
 
 CAS_Client::$_attributes
 The Authenticated users attributes. More...
 
 CAS_Client::$_cache_times_for_auth_recheck
 An integer that gives the number of times authentication will be cached before rechecked. More...
 

Detailed Description

Function Documentation

◆ _getUser()

CAS_Client::_getUser ( )
private

This method returns the CAS user's login name.

Returns
string the login name of the authenticated user
Warning
should be called only after CAS_Client::forceAuthentication() or CAS_Client::isAuthenticated(), otherwise halt with an error.

Definition at line 1150 of file Client.php.

References CAS_Client\$_user, and phpCAS\error().

Referenced by CAS_Client\getProxiedService(), CAS_Client\getUser(), and CAS_Client\isAuthenticated().

1151  {
1152  // This is likely a duplicate check that could be removed....
1153  if (empty($this->_user)) {
1154  phpCAS::error(
1155  'this method should be used only after ' . __CLASS__
1156  . '::forceAuthentication() or ' . __CLASS__ . '::isAuthenticated()'
1157  );
1158  }
1159  return $this->_user;
1160  }
phpCAS\error
static error($msg)
This method is used by interface methods to print an error and where the function was originally call...
Definition: CAS.php:563
CAS_Client\$_user
$_user
The Authenticated user.
Definition: Client.php:1112
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ _hasAttribute()

CAS_Client::_hasAttribute (   $key)
private

Check whether a specific attribute with a name is available.

Parameters
string$keyname of attribute
Returns
bool is attribute available

Definition at line 1237 of file Client.php.

References $key.

Referenced by CAS_Client\getAttribute(), and CAS_Client\hasAttribute().

1238  {
1239  return (is_array($this->_attributes)
1240  && array_key_exists($key, $this->_attributes));
1241  }
$key
$key
Definition: croninfo.php:18
+ Here is the caller graph for this function:

◆ _isLogoutRequest()

CAS_Client::_isLogoutRequest ( )
private

Check of the current request is a logout request.

Returns
bool is logout request.

Definition at line 1749 of file Client.php.

References $_POST.

Referenced by CAS_Client\__construct(), and CAS_Client\handleLogoutRequests().

1750  {
1751  return !empty($_POST['logoutRequest']);
1752  }
$_POST
$_POST["username"]
Definition: cfg.phpunit.template.php:11
+ Here is the caller graph for this function:

◆ _setUser()

CAS_Client::_setUser (   $user)
private

This method sets the CAS user's login name.

Parameters
string$userthe login name of the authenticated user.
Returns
void

Definition at line 1121 of file Client.php.

References $user.

Referenced by CAS_Client\_wasPreviouslyAuthenticated(), and CAS_Client\validateSA().

1122  {
1123  $this->_user = $user;
1124  }
$user
$user
Definition: migrateto20.php:57
+ Here is the caller graph for this function:

◆ _wasPreviouslyAuthenticated()

CAS_Client::_wasPreviouslyAuthenticated ( )
private

This method tells if the user has already been (previously) authenticated by looking into the session variables.

Note
This function switches to callback mode when needed.
Returns
true when the user has already been authenticated; false otherwise.

Definition at line 1578 of file Client.php.

References $_POST, $_SESSION, $auth, CAS_Client\_callback(), CAS_Client\_isCallbackMode(), CAS_Client\_rebroadcast(), CAS_Client\_setPGT(), CAS_Client\_setProxies(), CAS_Client\_setUser(), CAS_Client\isProxy(), CAS_Client\isSessionAuthenticated(), CAS_Client\setAttributes(), CAS_Client\setTicket(), phpCAS\trace(), phpCAS\traceBegin(), and phpCAS\traceEnd().

Referenced by CAS_Client\isAuthenticated().

1579  {
1580  phpCAS::traceBegin();
1581 
1582  if ($this->_isCallbackMode()) {
1583  // Rebroadcast the pgtIou and pgtId to all nodes
1584  if ($this->_rebroadcast && !isset($_POST['rebroadcast'])) {
1585  $this->_rebroadcast(self::PGTIOU);
1586  }
1587  $this->_callback();
1588  }
1589 
1590  $auth = false;
1591 
1592  if ($this->isProxy()) {
1593  // CAS proxy: username and PGT must be present
1594  if ($this->isSessionAuthenticated()
1595  && !empty($_SESSION['phpCAS']['pgt'])
1596  ) {
1597  // authentication already done
1598  $this->_setUser($_SESSION['phpCAS']['user']);
1599  if (isset($_SESSION['phpCAS']['attributes'])) {
1600  $this->setAttributes($_SESSION['phpCAS']['attributes']);
1601  }
1602  $this->_setPGT($_SESSION['phpCAS']['pgt']);
1603  phpCAS::trace(
1604  'user = `' . $_SESSION['phpCAS']['user'] . '\', PGT = `'
1605  . $_SESSION['phpCAS']['pgt'] . '\''
1606  );
1607 
1608  // Include the list of proxies
1609  if (isset($_SESSION['phpCAS']['proxies'])) {
1610  $this->_setProxies($_SESSION['phpCAS']['proxies']);
1611  phpCAS::trace(
1612  'proxies = "'
1613  . implode('", "', $_SESSION['phpCAS']['proxies']) . '"'
1614  );
1615  }
1616 
1617  $auth = true;
1618  } elseif ($this->isSessionAuthenticated()
1619  && empty($_SESSION['phpCAS']['pgt'])
1620  ) {
1621  // these two variables should be empty or not empty at the same time
1622  phpCAS::trace(
1623  'username found (`' . $_SESSION['phpCAS']['user']
1624  . '\') but PGT is empty'
1625  );
1626  // unset all tickets to enforce authentication
1627  unset($_SESSION['phpCAS']);
1628  $this->setTicket('');
1629  } elseif (!$this->isSessionAuthenticated()
1630  && !empty($_SESSION['phpCAS']['pgt'])
1631  ) {
1632  // these two variables should be empty or not empty at the same time
1633  phpCAS::trace(
1634  'PGT found (`' . $_SESSION['phpCAS']['pgt']
1635  . '\') but username is empty'
1636  );
1637  // unset all tickets to enforce authentication
1638  unset($_SESSION['phpCAS']);
1639  $this->setTicket('');
1640  } else {
1641  phpCAS::trace('neither user nor PGT found');
1642  }
1643  } else {
1644  // `simple' CAS client (not a proxy): username must be present
1645  if ($this->isSessionAuthenticated()) {
1646  // authentication already done
1647  $this->_setUser($_SESSION['phpCAS']['user']);
1648  if (isset($_SESSION['phpCAS']['attributes'])) {
1649  $this->setAttributes($_SESSION['phpCAS']['attributes']);
1650  }
1651  phpCAS::trace('user = `' . $_SESSION['phpCAS']['user'] . '\'');
1652 
1653  // Include the list of proxies
1654  if (isset($_SESSION['phpCAS']['proxies'])) {
1655  $this->_setProxies($_SESSION['phpCAS']['proxies']);
1656  phpCAS::trace(
1657  'proxies = "'
1658  . implode('", "', $_SESSION['phpCAS']['proxies']) . '"'
1659  );
1660  }
1661 
1662  $auth = true;
1663  } else {
1664  phpCAS::trace('no user found');
1665  }
1666  }
1667 
1668  phpCAS::traceEnd($auth);
1669  return $auth;
1670  }
CAS_Client\_setProxies
_setProxies($proxies)
Set the Proxy array, probably from persistant storage.
Definition: Client.php:3203
CAS_Client\_rebroadcast
_rebroadcast($type)
This method rebroadcasts logout/pgtIou requests.
Definition: Client.php:3988
$_SESSION
$_SESSION["AccountId"]
Definition: cfg.phpunit.template.php:10
phpCAS
The phpCAS class is a simple container for the phpCAS library.
Definition: CAS.php:285
phpCAS\traceEnd
static traceEnd($res='')
This method is used to indicate the end of the execution of a function in debug mode.
Definition: CAS.php:658
$auth
$auth
Definition: fileserver.php:48
phpCAS\trace
static trace($str)
This method is used to log something in debug mode.
Definition: CAS.php:599
CAS_Client\_callback
_callback()
This method is called by CAS_Client::CAS_Client() when running in callback mode.
Definition: Client.php:2461
CAS_Client\_setUser
_setUser($user)
This method sets the CAS user's login name.
Definition: Client.php:1121
CAS_Client\setAttributes
setAttributes($attributes)
Set an array of attributes.
Definition: Client.php:1178
CAS_Client\isSessionAuthenticated
isSessionAuthenticated()
This method tells if the current session is authenticated.
Definition: Client.php:1565
phpCAS\traceBegin
static traceBegin()
This method is used to indicate the start of the execution of a function in debug mode...
Definition: CAS.php:611
CAS_Client\isProxy
isProxy()
Tells if a CAS client is a CAS proxy or not.
Definition: Client.php:2302
CAS_Client\_isCallbackMode
_isCallbackMode()
This method returns true when the CAs client is running i callback mode, false otherwise.
Definition: Client.php:2399
CAS_Client\_setPGT
_setPGT($pgt)
This method stores the Proxy Granting Ticket.
Definition: Client.php:2343
$_POST
$_POST["username"]
Definition: cfg.phpunit.template.php:11
CAS_Client\setTicket
setTicket($st)
This method stores the Service Ticket.
Definition: Client.php:1917
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ checkAuthentication()

CAS_Client::checkAuthentication ( )

This method is called to check whether the user is authenticated or not.

Returns
true when the user is authenticated, false when a previous gateway login failed or the function will not return if the user is redirected to the cas server for a gateway login attempt

Definition at line 1344 of file Client.php.

References $_SESSION, $res, CAS_Client\isAuthenticated(), CAS_Client\redirectToCas(), phpCAS\trace(), phpCAS\traceBegin(), and phpCAS\traceEnd().

1345  {
1346  phpCAS::traceBegin();
1347  $res = false;
1348  if ($this->isAuthenticated()) {
1349  phpCAS::trace('user is authenticated');
1350  /* The 'auth_checked' variable is removed just in case it's set. */
1351  unset($_SESSION['phpCAS']['auth_checked']);
1352  $res = true;
1353  } elseif (isset($_SESSION['phpCAS']['auth_checked'])) {
1354  // the previous request has redirected the client to the CAS server
1355  // with gateway=true
1356  unset($_SESSION['phpCAS']['auth_checked']);
1357  $res = false;
1358  } else {
1359  // avoid a check against CAS on every request
1360  if (!isset($_SESSION['phpCAS']['unauth_count'])) {
1361  $_SESSION['phpCAS']['unauth_count'] = -2; // uninitialized
1362  }
1363 
1364  if (($_SESSION['phpCAS']['unauth_count'] != -2
1365  && $this->_cache_times_for_auth_recheck == -1)
1366  || ($_SESSION['phpCAS']['unauth_count'] >= 0
1367  && $_SESSION['phpCAS']['unauth_count'] < $this->_cache_times_for_auth_recheck)
1368  ) {
1369  $res = false;
1370 
1371  if ($this->_cache_times_for_auth_recheck != -1) {
1372  $_SESSION['phpCAS']['unauth_count']++;
1373  phpCAS::trace(
1374  'user is not authenticated (cached for '
1375  . $_SESSION['phpCAS']['unauth_count'] . ' times of '
1376  . $this->_cache_times_for_auth_recheck . ')'
1377  );
1378  } else {
1379  phpCAS::trace(
1380  'user is not authenticated (cached for until login pressed)'
1381  );
1382  }
1383  } else {
1384  $_SESSION['phpCAS']['unauth_count'] = 0;
1385  $_SESSION['phpCAS']['auth_checked'] = true;
1386  phpCAS::trace('user is not authenticated (cache reset)');
1387  $this->redirectToCas(true/* gateway */);
1388  // never reached
1389  $res = false;
1390  }
1391  }
1392  phpCAS::traceEnd($res);
1393  return $res;
1394  }
$_SESSION
$_SESSION["AccountId"]
Definition: cfg.phpunit.template.php:10
phpCAS\traceEnd
static traceEnd($res='')
This method is used to indicate the end of the execution of a function in debug mode.
Definition: CAS.php:658
phpCAS\trace
static trace($str)
This method is used to log something in debug mode.
Definition: CAS.php:599
CAS_Client\isAuthenticated
isAuthenticated($renew=false)
This method is called to check if the user is authenticated (previously or by tickets given in the UR...
Definition: Client.php:1405
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
CAS_Client\redirectToCas
redirectToCas($gateway=false, $renew=false)
This method is used to redirect the client to the CAS server.
Definition: Client.php:1682
phpCAS\traceBegin
static traceBegin()
This method is used to indicate the start of the execution of a function in debug mode...
Definition: CAS.php:611
+ Here is the call graph for this function:

◆ forceAuthentication()

CAS_Client::forceAuthentication ( )

This method is called to be sure that the user is authenticated.

When not authenticated, halt by redirecting to the CAS server; otherwise return true.

Returns
true when the user is authenticated; otherwise halt.

Definition at line 1292 of file Client.php.

References $_SESSION, $res, CAS_Client\isAuthenticated(), CAS_Client\redirectToCas(), phpCAS\trace(), phpCAS\traceBegin(), and phpCAS\traceEnd().

1293  {
1294  phpCAS::traceBegin();
1295 
1296  if ($this->isAuthenticated()) {
1297  // the user is authenticated, nothing to be done.
1298  phpCAS::trace('no need to authenticate');
1299  $res = true;
1300  } else {
1301  // the user is not authenticated, redirect to the CAS server
1302  if (isset($_SESSION['phpCAS']['auth_checked'])) {
1303  unset($_SESSION['phpCAS']['auth_checked']);
1304  }
1305  $this->redirectToCas(false/* no gateway */);
1306  // never reached
1307  $res = false;
1308  }
1309  phpCAS::traceEnd($res);
1310  return $res;
1311  }
$_SESSION
$_SESSION["AccountId"]
Definition: cfg.phpunit.template.php:10
phpCAS\traceEnd
static traceEnd($res='')
This method is used to indicate the end of the execution of a function in debug mode.
Definition: CAS.php:658
phpCAS\trace
static trace($str)
This method is used to log something in debug mode.
Definition: CAS.php:599
CAS_Client\isAuthenticated
isAuthenticated($renew=false)
This method is called to check if the user is authenticated (previously or by tickets given in the UR...
Definition: Client.php:1405
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
CAS_Client\redirectToCas
redirectToCas($gateway=false, $renew=false)
This method is used to redirect the client to the CAS server.
Definition: Client.php:1682
phpCAS\traceBegin
static traceBegin()
This method is used to indicate the start of the execution of a function in debug mode...
Definition: CAS.php:611
+ Here is the call graph for this function:

◆ getAttribute()

CAS_Client::getAttribute (   $key)

Get a specific attribute by name.

Parameters
string$keyname of attribute
Returns
string attribute values

Definition at line 1250 of file Client.php.

References $key, CAS_Client\_hasAttribute(), and CAS_Client\ensureAuthenticationCallSuccessful().

1251  {
1252  // Sequence validation
1253  $this->ensureAuthenticationCallSuccessful();
1254 
1255  if ($this->_hasAttribute($key)) {
1256  return $this->_attributes[$key];
1257  }
1258  }
CAS_Client\_hasAttribute
_hasAttribute($key)
Check whether a specific attribute with a name is available.
Definition: Client.php:1237
CAS_Client\ensureAuthenticationCallSuccessful
ensureAuthenticationCallSuccessful()
Ensure that authentication was checked.
Definition: Client.php:831
$key
$key
Definition: croninfo.php:18
+ Here is the call graph for this function:

◆ getAttributes()

CAS_Client::getAttributes ( )

Get an key values arry of attributes.

Returns
arry of attributes

Definition at line 1188 of file Client.php.

References CAS_Client\$_attributes, CAS_Client\ensureAuthenticationCallSuccessful(), and phpCAS\error().

1189  {
1190  // Sequence validation
1191  $this->ensureAuthenticationCallSuccessful();
1192  // This is likely a duplicate check that could be removed....
1193  if (empty($this->_user)) {
1194  // if no user is set, there shouldn't be any attributes also...
1195  phpCAS::error(
1196  'this method should be used only after ' . __CLASS__
1197  . '::forceAuthentication() or ' . __CLASS__ . '::isAuthenticated()'
1198  );
1199  }
1200  return $this->_attributes;
1201  }
phpCAS\error
static error($msg)
This method is used by interface methods to print an error and where the function was originally call...
Definition: CAS.php:563
CAS_Client\ensureAuthenticationCallSuccessful
ensureAuthenticationCallSuccessful()
Ensure that authentication was checked.
Definition: Client.php:831
CAS_Client\$_attributes
$_attributes
The Authenticated users attributes.
Definition: Client.php:1169
+ Here is the call graph for this function:

◆ getUser()

CAS_Client::getUser ( )

This method returns the CAS user's login name.

Returns
string the login name of the authenticated user
Warning
should be called only after CAS_Client::forceAuthentication() or CAS_Client::isAuthenticated(), otherwise halt with an error.

Definition at line 1134 of file Client.php.

References CAS_Client\_getUser(), and CAS_Client\ensureAuthenticationCallSuccessful().

1135  {
1136  // Sequence validation
1137  $this->ensureAuthenticationCallSuccessful();
1138 
1139  return $this->_getUser();
1140  }
CAS_Client\_getUser
_getUser()
This method returns the CAS user&#39;s login name.
Definition: Client.php:1150
CAS_Client\ensureAuthenticationCallSuccessful
ensureAuthenticationCallSuccessful()
Ensure that authentication was checked.
Definition: Client.php:831
+ Here is the call graph for this function:

◆ handleLogoutRequests()

CAS_Client::handleLogoutRequests (   $check_client = true,
  $allowed_clients = false 
)

This method handles logout requests.

Parameters
bool$check_clienttrue to check the client bofore handling the request, false not to perform any access control. True by default.
bool$allowed_clientsan array of host names allowed to send logout requests.
Returns
void

Definition at line 1764 of file Client.php.

References $_COOKIE, $_GET, $_POST, $_SERVER, CAS_Client\$_signoutCallbackArgs, $client, CAS_Client\_getServerHostname(), CAS_Client\_isLogoutRequest(), CAS_Client\_rebroadcast(), phpCAS\error(), CAS_Client\getChangeSessionID(), phpCAS\trace(), phpCAS\traceBegin(), phpCAS\traceEnd(), and phpCAS\traceExit().

1765  {
1766  phpCAS::traceBegin();
1767  if (!$this->_isLogoutRequest()) {
1768  phpCAS::trace("Not a logout request");
1769  phpCAS::traceEnd();
1770  return;
1771  }
1772  if (!$this->getChangeSessionID()
1773  && is_null($this->_signoutCallbackFunction)
1774  ) {
1775  phpCAS::trace(
1776  "phpCAS can't handle logout requests if it is not allowed to change session_id."
1777  );
1778  }
1779  phpCAS::trace("Logout requested");
1780  $decoded_logout_rq = urldecode($_POST['logoutRequest']);
1781  phpCAS::trace("SAML REQUEST: " . $decoded_logout_rq);
1782  $allowed = false;
1783  if ($check_client) {
1784  if (!$allowed_clients) {
1785  $allowed_clients = array( $this->_getServerHostname() );
1786  }
1787  $client_ip = $_SERVER['REMOTE_ADDR'];
1788  $client = gethostbyaddr($client_ip);
1789  phpCAS::trace("Client: " . $client . "/" . $client_ip);
1790  foreach ($allowed_clients as $allowed_client) {
1791  if (($client == $allowed_client)
1792  || ($client_ip == $allowed_client)
1793  ) {
1794  phpCAS::trace(
1795  "Allowed client '" . $allowed_client
1796  . "' matches, logout request is allowed"
1797  );
1798  $allowed = true;
1799  break;
1800  } else {
1801  phpCAS::trace(
1802  "Allowed client '" . $allowed_client . "' does not match"
1803  );
1804  }
1805  }
1806  } else {
1807  phpCAS::trace("No access control set");
1808  $allowed = true;
1809  }
1810  // If Logout command is permitted proceed with the logout
1811  if ($allowed) {
1812  phpCAS::trace("Logout command allowed");
1813  // Rebroadcast the logout request
1814  if ($this->_rebroadcast && !isset($_POST['rebroadcast'])) {
1815  $this->_rebroadcast(self::LOGOUT);
1816  }
1817  // Extract the ticket from the SAML Request
1818  preg_match(
1819  "|<samlp:SessionIndex>(.*)</samlp:SessionIndex>|",
1820  $decoded_logout_rq,
1821  $tick,
1822  PREG_OFFSET_CAPTURE,
1823  3
1824  );
1825  $wrappedSamlSessionIndex = preg_replace(
1826  '|<samlp:SessionIndex>|',
1827  '',
1828  $tick[0][0]
1829  );
1830  $ticket2logout = preg_replace(
1831  '|</samlp:SessionIndex>|',
1832  '',
1833  $wrappedSamlSessionIndex
1834  );
1835  phpCAS::trace("Ticket to logout: " . $ticket2logout);
1836 
1837  // call the post-authenticate callback if registered.
1838  if ($this->_signoutCallbackFunction) {
1839  $args = $this->_signoutCallbackArgs;
1840  array_unshift($args, $ticket2logout);
1841  call_user_func_array($this->_signoutCallbackFunction, $args);
1842  }
1843 
1844  // If phpCAS is managing the session_id, destroy session thanks to
1845  // session_id.
1846  if ($this->getChangeSessionID()) {
1847  $session_id = preg_replace('/[^a-zA-Z0-9\-]/', '', $ticket2logout);
1848  phpCAS::trace("Session id: " . $session_id);
1849 
1850  // destroy a possible application session created before phpcas
1851  if (session_id() !== "") {
1852  session_unset();
1853  session_destroy();
1854  }
1855  // fix session ID
1856  session_id($session_id);
1857  $_COOKIE[session_name()] = $session_id;
1858  $_GET[session_name()] = $session_id;
1859 
1860  // Overwrite session
1861  session_start();
1862  session_unset();
1863  session_destroy();
1864  phpCAS::trace("Session " . $session_id . " destroyed");
1865  }
1866  } else {
1867  phpCAS::error("Unauthorized logout request from client '" . $client . "'");
1868  phpCAS::trace("Unauthorized logout request from client '" . $client . "'");
1869  }
1870  flush();
1871  phpCAS::traceExit();
1872  throw new CAS_GracefullTerminationException();
1873  }
CAS_Client\_rebroadcast
_rebroadcast($type)
This method rebroadcasts logout/pgtIou requests.
Definition: Client.php:3988
$_COOKIE
$_COOKIE['client_id']
Definition: server.php:9
$_SERVER
if((!isset($_SERVER['DOCUMENT_ROOT'])) OR(empty($_SERVER['DOCUMENT_ROOT']))) $_SERVER['DOCUMENT_ROOT']
Definition: tcpdf_autoconfig.php:54
phpCAS\error
static error($msg)
This method is used by interface methods to print an error and where the function was originally call...
Definition: CAS.php:563
phpCAS\traceExit
static traceExit()
This method is used to indicate the end of the execution of the program.
Definition: CAS.php:681
$_GET
$_GET["client_id"]
Definition: cfg.phpunit.template.php:12
CAS_Client\_getServerHostname
_getServerHostname()
This method is used to retrieve the hostname of the CAS server.
Definition: Client.php:287
$client
if($_SERVER['argc']< 4) $client
Definition: cron.php:12
phpCAS\traceEnd
static traceEnd($res='')
This method is used to indicate the end of the execution of a function in debug mode.
Definition: CAS.php:658
phpCAS\trace
static trace($str)
This method is used to log something in debug mode.
Definition: CAS.php:599
CAS_Client\_isLogoutRequest
_isLogoutRequest()
Check of the current request is a logout request.
Definition: Client.php:1749
CAS_Client\getChangeSessionID
getChangeSessionID()
Get whether phpCas is allowed to change session_id.
Definition: Client.php:1088
CAS_Client\$_signoutCallbackArgs
$_signoutCallbackArgs
Definition: Client.php:721
CAS_GracefullTerminationException
Definition: GracefullTerminationException.php:43
phpCAS\traceBegin
static traceBegin()
This method is used to indicate the start of the execution of a function in debug mode...
Definition: CAS.php:611
$_POST
$_POST["username"]
Definition: cfg.phpunit.template.php:11
+ Here is the call graph for this function:

◆ hasAttribute()

CAS_Client::hasAttribute (   $key)

Check whether a specific attribute with a name is available.

Parameters
string$keyname of attribute
Returns
bool is attribute available

Definition at line 1222 of file Client.php.

References $key, CAS_Client\_hasAttribute(), and CAS_Client\ensureAuthenticationCallSuccessful().

1223  {
1224  // Sequence validation
1225  $this->ensureAuthenticationCallSuccessful();
1226 
1227  return $this->_hasAttribute($key);
1228  }
CAS_Client\_hasAttribute
_hasAttribute($key)
Check whether a specific attribute with a name is available.
Definition: Client.php:1237
CAS_Client\ensureAuthenticationCallSuccessful
ensureAuthenticationCallSuccessful()
Ensure that authentication was checked.
Definition: Client.php:831
$key
$key
Definition: croninfo.php:18
+ Here is the call graph for this function:

◆ hasAttributes()

CAS_Client::hasAttributes ( )

Check whether attributes are available.

Returns
bool attributes available

Definition at line 1208 of file Client.php.

References CAS_Client\ensureAuthenticationCallSuccessful().

1209  {
1210  // Sequence validation
1211  $this->ensureAuthenticationCallSuccessful();
1212 
1213  return !empty($this->_attributes);
1214  }
CAS_Client\ensureAuthenticationCallSuccessful
ensureAuthenticationCallSuccessful()
Ensure that authentication was checked.
Definition: Client.php:831
+ Here is the call graph for this function:

◆ isAuthenticated()

CAS_Client::isAuthenticated (   $renew = false)

This method is called to check if the user is authenticated (previously or by tickets given in the URL).

Parameters
bool$renewtrue to force the authentication with the CAS server
Returns
true when the user is authenticated. Also may redirect to the same URL without the ticket.

Definition at line 1405 of file Client.php.

References $_SESSION, $res, CAS_Client\_getPGT(), CAS_Client\_getUser(), CAS_Client\_validatePGT(), CAS_Client\_wasPreviouslyAuthenticated(), CAS_VERSION_1_0, CAS_VERSION_2_0, CAS_VERSION_3_0, CAS_Client\getServerVersion(), CAS_Client\getTicket(), CAS_Client\getURL(), CAS_Client\hasTicket(), CAS_Client\isProxy(), CAS_Client\markAuthenticationCall(), phpCAS\trace(), phpCAS\traceBegin(), phpCAS\traceEnd(), phpCAS\traceExit(), user(), and CAS_Client\validateSA().

Referenced by CAS_Client\checkAuthentication(), CAS_Client\forceAuthentication(), and CAS_Client\renewAuthentication().

1406  {
1407  phpCAS::traceBegin();
1408  $res = false;
1409  $validate_url = '';
1410  if ($this->_wasPreviouslyAuthenticated()) {
1411  if ($this->hasTicket()) {
1412  // User has a additional ticket but was already authenticated
1413  phpCAS::trace(
1414  'ticket was present and will be discarded, use renewAuthenticate()'
1415  );
1416  if ($this->_clearTicketsFromUrl) {
1417  phpCAS::trace("Prepare redirect to : " . $this->getURL());
1418  session_write_close();
1419  header('Location: ' . $this->getURL());
1420  flush();
1421  phpCAS::traceExit();
1422  throw new CAS_GracefullTerminationException();
1423  } else {
1424  phpCAS::trace(
1425  'Already authenticated, but skipping ticket clearing since setNoClearTicketsFromUrl() was used.'
1426  );
1427  $res = true;
1428  }
1429  } else {
1430  // the user has already (previously during the session) been
1431  // authenticated, nothing to be done.
1432  phpCAS::trace(
1433  'user was already authenticated, no need to look for tickets'
1434  );
1435  $res = true;
1436  }
1437 
1438  // Mark the auth-check as complete to allow post-authentication
1439  // callbacks to make use of phpCAS::getUser() and similar methods
1440  $this->markAuthenticationCall($res);
1441  } else {
1442  if ($this->hasTicket()) {
1443  switch ($this->getServerVersion()) {
1444  case CAS_VERSION_1_0:
1445  // if a Service Ticket was given, validate it
1446  phpCAS::trace(
1447  'CAS 1.0 ticket `' . $this->getTicket() . '\' is present'
1448  );
1449  $this->validateCAS10(
1450  $validate_url,
1451  $text_response,
1452  $tree_response,
1453  $renew
1454  ); // if it fails, it halts
1455  phpCAS::trace(
1456  'CAS 1.0 ticket `' . $this->getTicket() . '\' was validated'
1457  );
1458  $_SESSION['phpCAS']['user'] = $this->_getUser();
1459  $res = true;
1460  $logoutTicket = $this->getTicket();
1461  break;
1462  case CAS_VERSION_2_0:
1463  case CAS_VERSION_3_0:
1464  // if a Proxy Ticket was given, validate it
1465  phpCAS::trace(
1466  'CAS ' . $this->getServerVersion() . ' ticket `' . $this->getTicket() . '\' is present'
1467  );
1468  $this->validateCAS20(
1469  $validate_url,
1470  $text_response,
1471  $tree_response,
1472  $renew
1473  ); // note: if it fails, it halts
1474  phpCAS::trace(
1475  'CAS ' . $this->getServerVersion() . ' ticket `' . $this->getTicket() . '\' was validated'
1476  );
1477  if ($this->isProxy()) {
1478  $this->_validatePGT(
1479  $validate_url,
1480  $text_response,
1481  $tree_response
1482  ); // idem
1483  phpCAS::trace('PGT `' . $this->_getPGT() . '\' was validated');
1484  $_SESSION['phpCAS']['pgt'] = $this->_getPGT();
1485  }
1486  $_SESSION['phpCAS']['user'] = $this->_getUser();
1487  if (!empty($this->_attributes)) {
1488  $_SESSION['phpCAS']['attributes'] = $this->_attributes;
1489  }
1490  $proxies = $this->getProxies();
1491  if (!empty($proxies)) {
1492  $_SESSION['phpCAS']['proxies'] = $this->getProxies();
1493  }
1494  $res = true;
1495  $logoutTicket = $this->getTicket();
1496  break;
1497  case SAML_VERSION_1_1:
1498  // if we have a SAML ticket, validate it.
1499  phpCAS::trace(
1500  'SAML 1.1 ticket `' . $this->getTicket() . '\' is present'
1501  );
1502  $this->validateSA(
1503  $validate_url,
1504  $text_response,
1505  $tree_response,
1506  $renew
1507  ); // if it fails, it halts
1508  phpCAS::trace(
1509  'SAML 1.1 ticket `' . $this->getTicket() . '\' was validated'
1510  );
1511  $_SESSION['phpCAS']['user'] = $this->_getUser();
1512  $_SESSION['phpCAS']['attributes'] = $this->_attributes;
1513  $res = true;
1514  $logoutTicket = $this->getTicket();
1515  break;
1516  default:
1517  phpCAS::trace('Protocoll error');
1518  break;
1519  }
1520  } else {
1521  // no ticket given, not authenticated
1522  phpCAS::trace('no ticket found');
1523  }
1524 
1525  // Mark the auth-check as complete to allow post-authentication
1526  // callbacks to make use of phpCAS::getUser() and similar methods
1527  $this->markAuthenticationCall($res);
1528 
1529  if ($res) {
1530  // call the post-authenticate callback if registered.
1531  if ($this->_postAuthenticateCallbackFunction) {
1532  $args = $this->_postAuthenticateCallbackArgs;
1533  array_unshift($args, $logoutTicket);
1534  call_user_func_array(
1535  $this->_postAuthenticateCallbackFunction,
1536  $args
1537  );
1538  }
1539 
1540  // if called with a ticket parameter, we need to redirect to the
1541  // app without the ticket so that CAS-ification is transparent
1542  // to the browser (for later POSTS) most of the checks and
1543  // errors should have been made now, so we're safe for redirect
1544  // without masking error messages. remove the ticket as a
1545  // security precaution to prevent a ticket in the HTTP_REFERRER
1546  if ($this->_clearTicketsFromUrl) {
1547  phpCAS::trace("Prepare redirect to : " . $this->getURL());
1548  session_write_close();
1549  header('Location: ' . $this->getURL());
1550  flush();
1551  phpCAS::traceExit();
1552  throw new CAS_GracefullTerminationException();
1553  }
1554  }
1555  }
1556  phpCAS::traceEnd($res);
1557  return $res;
1558  }
$_SESSION
$_SESSION["AccountId"]
Definition: cfg.phpunit.template.php:10
CAS_VERSION_1_0
const CAS_VERSION_1_0
CAS version 1.0.
Definition: CAS.php:74
phpCAS
The phpCAS class is a simple container for the phpCAS library.
Definition: CAS.php:285
phpCAS\traceExit
static traceExit()
This method is used to indicate the end of the execution of the program.
Definition: CAS.php:681
CAS_VERSION_3_0
const CAS_VERSION_3_0
CAS version 3.0.
Definition: CAS.php:82
phpCAS\traceEnd
static traceEnd($res='')
This method is used to indicate the end of the execution of a function in debug mode.
Definition: CAS.php:658
CAS_Client\_validatePGT
_validatePGT(&$validate_url, $text_response, $tree_response)
This method is used to validate a PGT; halt on failure.
Definition: Client.php:2680
CAS_Client\getTicket
getTicket()
This method returns the Service Ticket provided in the URL of the request.
Definition: Client.php:1905
user
user()
Definition: user.php:4
phpCAS\trace
static trace($str)
This method is used to log something in debug mode.
Definition: CAS.php:599
CAS_Client\_wasPreviouslyAuthenticated
_wasPreviouslyAuthenticated()
This method tells if the user has already been (previously) authenticated by looking into the session...
Definition: Client.php:1578
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
CAS_Client\_getUser
_getUser()
This method returns the CAS user&#39;s login name.
Definition: Client.php:1150
CAS_Client\markAuthenticationCall
markAuthenticationCall($auth)
Mark the caller of authentication.
Definition: Client.php:770
CAS_GracefullTerminationException
Definition: GracefullTerminationException.php:43
CAS_VERSION_2_0
const CAS_VERSION_2_0
Definition: CAS.php:78
CAS_Client\hasTicket
hasTicket()
This method tells if a Service Ticket was stored.
Definition: Client.php:1927
CAS_Client\validateSA
validateSA(&$validate_url, &$text_response, &$tree_response, $renew=false)
This method is used to validate a SAML TICKET; halt on failure, and sets $validate_url, $text_reponse and $tree_response on success.
Definition: Client.php:2110
CAS_Client\getURL
getURL()
This method returns the URL of the current request (without any ticket CGI parameter).
Definition: Client.php:3648
CAS_Client\getServerVersion
getServerVersion()
This method is used to retrieve the version of the CAS server.
Definition: Client.php:277
CAS
Licensed to Jasig under one or more contributor license agreements.
phpCAS\traceBegin
static traceBegin()
This method is used to indicate the start of the execution of a function in debug mode...
Definition: CAS.php:611
CAS_Client\isProxy
isProxy()
Tells if a CAS client is a CAS proxy or not.
Definition: Client.php:2302
CAS_Client\_getPGT
_getPGT()
This method returns the Proxy Granting Ticket given by the CAS server.
Definition: Client.php:2331
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ isSessionAuthenticated()

CAS_Client::isSessionAuthenticated ( )

This method tells if the current session is authenticated.

Returns
true if authenticated based soley on $_SESSION variable

Definition at line 1565 of file Client.php.

References $_SESSION.

Referenced by CAS_Client\__construct(), and CAS_Client\_wasPreviouslyAuthenticated().

1566  {
1567  return !empty($_SESSION['phpCAS']['user']);
1568  }
$_SESSION
$_SESSION["AccountId"]
Definition: cfg.phpunit.template.php:10
+ Here is the caller graph for this function:

◆ logout()

CAS_Client::logout (   $params)

This method is used to logout from CAS.

Parameters
array$paramsan array that contains the optional url and service parameters that will be passed to the CAS server
Returns
void

Definition at line 1710 of file Client.php.

References $lang, PHPMailer\PHPMailer\$params, phpCAS\error(), CAS_Client\getLangObj(), CAS_Client\getServerLogoutURL(), CAS_Client\printHTMLFooter(), CAS_Client\printHTMLHeader(), phpCAS\trace(), phpCAS\traceBegin(), and phpCAS\traceExit().

1711  {
1712  phpCAS::traceBegin();
1713  $cas_url = $this->getServerLogoutURL();
1714  $paramSeparator = '?';
1715  if (isset($params['url'])) {
1716  $cas_url = $cas_url . $paramSeparator . "url="
1717  . urlencode($params['url']);
1718  $paramSeparator = '&';
1719  }
1720  if (isset($params['service'])) {
1721  $cas_url = $cas_url . $paramSeparator . "service="
1722  . urlencode($params['service']);
1723  }
1724  header('Location: ' . $cas_url);
1725  phpCAS::trace("Prepare redirect to : " . $cas_url);
1726 
1727  phpCAS::trace("Destroying session : " . session_id());
1728  session_unset();
1729  session_destroy();
1730  if (session_status() === PHP_SESSION_NONE) {
1731  phpCAS::trace("Session terminated");
1732  } else {
1733  phpCAS::error("Session was not terminated");
1734  phpCAS::trace("Session was not terminated");
1735  }
1736  $lang = $this->getLangObj();
1737  $this->printHTMLHeader($lang->getLogout());
1738  printf('<p>' . $lang->getShouldHaveBeenRedirected() . '</p>', $cas_url);
1739  $this->printHTMLFooter();
1740  phpCAS::traceExit();
1741  throw new CAS_GracefullTerminationException();
1742  }
CAS_Client\getLangObj
getLangObj()
Create the language.
Definition: Client.php:226
phpCAS\error
static error($msg)
This method is used by interface methods to print an error and where the function was originally call...
Definition: CAS.php:563
CAS_Client\printHTMLFooter
printHTMLFooter()
This method prints the footer of the HTML output (after filtering).
Definition: Client.php:130
phpCAS\traceExit
static traceExit()
This method is used to indicate the end of the execution of the program.
Definition: CAS.php:681
phpCAS\trace
static trace($str)
This method is used to log something in debug mode.
Definition: CAS.php:599
CAS_Client\getServerLogoutURL
getServerLogoutURL()
This method is used to retrieve the logout URL of the CAS server.
Definition: Client.php:549
CAS_GracefullTerminationException
Definition: GracefullTerminationException.php:43
CAS_Client\printHTMLHeader
printHTMLHeader($title)
This method prints the header of the HTML output (after filtering).
Definition: Client.php:101
phpCAS\traceBegin
static traceBegin()
This method is used to indicate the start of the execution of a function in debug mode...
Definition: CAS.php:611
$lang
for($i=1; $i<=count($kw_cases_sel); $i+=1) $lang
Definition: langwiz.php:349
+ Here is the call graph for this function:

◆ redirectToCas()

CAS_Client::redirectToCas (   $gateway = false,
  $renew = false 
)

This method is used to redirect the client to the CAS server.

It is used by CAS_Client::forceAuthentication() and CAS_Client::checkAuthentication().

Parameters
bool$gatewaytrue to check authentication, false to force it
bool$renewtrue to force the authentication with the CAS server
Returns
void

Definition at line 1682 of file Client.php.

References $lang, CAS_Client\getLangObj(), CAS_Client\getServerLoginURL(), CAS_Client\printHTMLFooter(), CAS_Client\printHTMLHeader(), phpCAS\trace(), phpCAS\traceBegin(), and phpCAS\traceExit().

Referenced by CAS_Client\checkAuthentication(), CAS_Client\forceAuthentication(), and CAS_Client\renewAuthentication().

1683  {
1684  phpCAS::traceBegin();
1685  $cas_url = $this->getServerLoginURL($gateway, $renew);
1686  session_write_close();
1687  if (php_sapi_name() === 'cli') {
1688  @header('Location: ' . $cas_url);
1689  } else {
1690  header('Location: ' . $cas_url);
1691  }
1692  phpCAS::trace("Redirect to : " . $cas_url);
1693  $lang = $this->getLangObj();
1694  $this->printHTMLHeader($lang->getAuthenticationWanted());
1695  printf('<p>' . $lang->getShouldHaveBeenRedirected() . '</p>', $cas_url);
1696  $this->printHTMLFooter();
1697  phpCAS::traceExit();
1698  throw new CAS_GracefullTerminationException();
1699  }
CAS_Client\getLangObj
getLangObj()
Create the language.
Definition: Client.php:226
CAS_Client\printHTMLFooter
printHTMLFooter()
This method prints the footer of the HTML output (after filtering).
Definition: Client.php:130
phpCAS\traceExit
static traceExit()
This method is used to indicate the end of the execution of the program.
Definition: CAS.php:681
phpCAS\trace
static trace($str)
This method is used to log something in debug mode.
Definition: CAS.php:599
CAS_GracefullTerminationException
Definition: GracefullTerminationException.php:43
CAS_Client\printHTMLHeader
printHTMLHeader($title)
This method prints the header of the HTML output (after filtering).
Definition: Client.php:101
phpCAS\traceBegin
static traceBegin()
This method is used to indicate the start of the execution of a function in debug mode...
Definition: CAS.php:611
CAS_Client\getServerLoginURL
getServerLoginURL($gateway=false, $renew=false)
This method is used to retrieve the login URL of the CAS server.
Definition: Client.php:341
$lang
for($i=1; $i<=count($kw_cases_sel); $i+=1) $lang
Definition: langwiz.php:349
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ renewAuthentication()

CAS_Client::renewAuthentication ( )

This method is called to renew the authentication of the user If the user is authenticated, renew the connection If not, redirect to CAS.

Returns
true when the user is authenticated; otherwise halt.

Definition at line 1267 of file Client.php.

References $_SESSION, $res, CAS_Client\isAuthenticated(), CAS_Client\redirectToCas(), phpCAS\trace(), phpCAS\traceBegin(), and phpCAS\traceEnd().

1268  {
1269  phpCAS::traceBegin();
1270  // Either way, the user is authenticated by CAS
1271  if (isset($_SESSION['phpCAS']['auth_checked'])) {
1272  unset($_SESSION['phpCAS']['auth_checked']);
1273  }
1274  if ($this->isAuthenticated(true)) {
1275  phpCAS::trace('user already authenticated');
1276  $res = true;
1277  } else {
1278  $this->redirectToCas(false, true);
1279  // never reached
1280  $res = false;
1281  }
1282  phpCAS::traceEnd();
1283  return $res;
1284  }
$_SESSION
$_SESSION["AccountId"]
Definition: cfg.phpunit.template.php:10
phpCAS\traceEnd
static traceEnd($res='')
This method is used to indicate the end of the execution of a function in debug mode.
Definition: CAS.php:658
phpCAS\trace
static trace($str)
This method is used to log something in debug mode.
Definition: CAS.php:599
CAS_Client\isAuthenticated
isAuthenticated($renew=false)
This method is called to check if the user is authenticated (previously or by tickets given in the UR...
Definition: Client.php:1405
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
CAS_Client\redirectToCas
redirectToCas($gateway=false, $renew=false)
This method is used to redirect the client to the CAS server.
Definition: Client.php:1682
phpCAS\traceBegin
static traceBegin()
This method is used to indicate the start of the execution of a function in debug mode...
Definition: CAS.php:611
+ Here is the call graph for this function:

◆ setAttributes()

CAS_Client::setAttributes (   $attributes)

Set an array of attributes.

Parameters
array$attributesa key value array of attributes
Returns
void

Definition at line 1178 of file Client.php.

References $attributes.

Referenced by CAS_Client\_readExtraAttributesCas20(), and CAS_Client\_wasPreviouslyAuthenticated().

1179  {
1180  $this->_attributes = $attributes;
1181  }
$attributes
if(array_key_exists('yes', $_REQUEST)) $attributes
Definition: getconsent.php:85
+ Here is the caller graph for this function:

◆ setCacheTimesForAuthRecheck()

CAS_Client::setCacheTimesForAuthRecheck (   $n)

Set the number of times authentication will be cached before rechecked.

Parameters
int$nnumber of times to wait for a recheck
Returns
void

Definition at line 1328 of file Client.php.

References $n.

1329  {
1330  if (gettype($n) != 'integer') {
1331  throw new CAS_TypeMismatchException($n, '$n', 'string');
1332  }
1333 
1334  $this->_cache_times_for_auth_recheck = $n;
1335  }
CAS_TypeMismatchException
Definition: TypeMismatchException.php:40
$n
$n
Definition: RandomTest.php:85

Variable Documentation

◆ $_attributes

CAS_Client::$_attributes
private

The Authenticated users attributes.

Written by CAS_Client::setAttributes(), read by CAS_Client::getAttributes().

Attention
client applications should use phpCAS::getAttributes().

Definition at line 1169 of file Client.php.

Referenced by CAS_Client\getAttributes().

◆ $_cache_times_for_auth_recheck

CAS_Client::$_cache_times_for_auth_recheck
private

An integer that gives the number of times authentication will be cached before rechecked.

Definition at line 1319 of file Client.php.

◆ $_user

CAS_Client::$_user
private

The Authenticated user.

Written by CAS_Client::_setUser(), read by CAS_Client::getUser().

Definition at line 1112 of file Client.php.

Referenced by CAS_Client\_getUser().