ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
Public Member Functions | Data Fields | Protected Member Functions | Private Member Functions | Private Attributes
sspmod_cas_Auth_Source_CAS Class Reference
+ Inheritance diagram for sspmod_cas_Auth_Source_CAS:
+ Collaboration diagram for sspmod_cas_Auth_Source_CAS:

Public Member Functions

 __construct ($info, $config)
 Constructor for this authentication source. More...
 
 finalStep (&$state)
 Called by linkback, to finish validate/ finish logging in. More...
 
 authenticate (&$state)
 Log-in using cas. More...
 
 logout (&$state)
 Log out from this authentication source. More...
 
- Public Member Functions inherited from SimpleSAML_Auth_Source
 __construct ($info, &$config)
 Constructor for an authentication source. More...
 
 getAuthId ()
 Retrieve the ID of this authentication source. More...
 
 authenticate (&$state)
 Process a request. More...
 
 reauthenticate (array &$state)
 Reauthenticate an user. More...
 
 initLogin ($return, $errorURL=null, array $params=array())
 Start authentication. More...
 
 logout (&$state)
 Log out from this authentication source. More...
 

Data Fields

const STAGE_INIT = 'sspmod_cas_Auth_Source_CAS.state'
 The string used to identify our states. More...
 
const AUTHID = 'sspmod_cas_Auth_Source_CAS.AuthId'
 The key of the AuthId field in the state. More...
 

Protected Member Functions

 casValidation ($ticket, $service)
 Main validation method, redirects to correct method (keeps finalStep clean) More...
 
- Protected Member Functions inherited from SimpleSAML_Auth_Source
 addLogoutCallback ($assoc, $state)
 Add a logout callback association. More...
 
 callLogoutCallback ($assoc)
 Call a logout callback based on association. More...
 

Private Member Functions

 casValidate ($ticket, $service)
 This the most simple version of validating, this provides only authentication validation. More...
 
 casServiceValidate ($ticket, $service)
 Uses the cas service validate, this provides additional attributes. More...
 

Private Attributes

 $_ldapConfig
 
 $_casConfig
 
 $_validationMethod
 
 $_loginMethod
 

Additional Inherited Members

- Static Public Member Functions inherited from SimpleSAML_Auth_Source
static getSourcesOfType ($type)
 Get sources of a specific type. More...
 
static completeAuth (&$state)
 Complete authentication. More...
 
static loginCompleted ($state)
 Called when a login operation has finished. More...
 
static completeLogout (&$state)
 Complete logout. More...
 
static getById ($authId, $type=null)
 Retrieve authentication source. More...
 
static logoutCallback ($state)
 Called when the authentication source receives an external logout request. More...
 
static getSources ()
 Retrieve list of authentication sources. More...
 
- Static Protected Member Functions inherited from SimpleSAML_Auth_Source
static validateSource ($source, $id)
 Make sure that the first element of an auth source is its identifier. More...
 
- Protected Attributes inherited from SimpleSAML_Auth_Source
 $authId
 

Detailed Description

Definition at line 12 of file CAS.php.

Constructor & Destructor Documentation

◆ __construct()

sspmod_cas_Auth_Source_CAS::__construct (   $info,
  $config 
)

Constructor for this authentication source.

Parameters
array$infoInformation about this authentication source.
array$configConfiguration.

Definition at line 50 of file CAS.php.

References $config, and $info.

51  {
52  assert(is_array($info));
53  assert(is_array($config));
54 
55  // Call the parent constructor first, as required by the interface
56  parent::__construct($info, $config);
57 
58  if (!array_key_exists('cas', $config)) {
59  throw new Exception('cas authentication source is not properly configured: missing [cas]');
60  }
61 
62  if (!array_key_exists('ldap', $config)) {
63  throw new Exception('ldap authentication source is not properly configured: missing [ldap]');
64  }
65 
66  $this->_casConfig = $config['cas'];
67  $this->_ldapConfig = $config['ldap'];
68 
69  if (isset($this->_casConfig['serviceValidate'])) {
70  $this->_validationMethod = 'serviceValidate';
71  } elseif(isset($this->_casConfig['validate'])) {
72  $this->_validationMethod = 'validate';
73  } else {
74  throw new Exception("validate or serviceValidate not specified");
75  }
76 
77  if (isset($this->_casConfig['login'])) {
78  $this->_loginMethod = $this->_casConfig['login'];
79  } else {
80  throw new Exception("cas login URL not specified");
81  }
82  }
$config
$config
Definition: bootstrap.php:15
$info
$info
Definition: index.php:5

Member Function Documentation

◆ authenticate()

sspmod_cas_Auth_Source_CAS::authenticate ( $state)

Log-in using cas.

Parameters
array&$stateInformation about the current authentication.

Definition at line 215 of file CAS.php.

References SimpleSAML_Auth_Source\$authId, $state, SimpleSAML\Module\getModuleURL(), SimpleSAML\Utils\HTTP\redirectTrustedURL(), and SimpleSAML_Auth_State\saveState().

216  {
217  assert(is_array($state));
218 
219  // We are going to need the authId in order to retrieve this authentication source later
220  $state[self::AUTHID] = $this->authId;
221 
222  $stateID = SimpleSAML_Auth_State::saveState($state, self::STAGE_INIT);
223 
224  $serviceUrl = SimpleSAML\Module::getModuleURL('cas/linkback.php', array('stateID' => $stateID));
225 
226  \SimpleSAML\Utils\HTTP::redirectTrustedURL($this->_loginMethod, array('service' => $serviceUrl));
227  }
SimpleSAML_Auth_Source\$authId
$authId
Definition: Source.php:23
SimpleSAML\Utils\HTTP\redirectTrustedURL
static redirectTrustedURL($url, $parameters=array())
This function redirects to the specified URL without performing any security checks.
Definition: HTTP.php:959
SimpleSAML\Module\getModuleURL
static getModuleURL($resource, array $parameters=array())
Get absolute URL to a specified module resource.
Definition: Module.php:220
$state
if(!array_key_exists('stateid', $_REQUEST)) $state
Handle linkback() response from LinkedIn.
Definition: linkback.php:10
SimpleSAML_Auth_State\saveState
static saveState(&$state, $stage, $rawId=false)
Save the state.
Definition: State.php:194
+ Here is the call graph for this function:

◆ casServiceValidate()

sspmod_cas_Auth_Source_CAS::casServiceValidate (   $ticket,
  $service 
)
private

Uses the cas service validate, this provides additional attributes.

Parameters
string$ticket
string$service
Returns
list username and attributes

Definition at line 118 of file CAS.php.

References $attributes, $failure, $name, $query, $result, $success, $url, SimpleSAML\Utils\HTTP\fetch(), and SAML2\DOMDocumentFactory\fromString().

Referenced by casValidation().

119  {
120  $url = \SimpleSAML\Utils\HTTP::addURLParameters(
121  $this->_casConfig['serviceValidate'],
122  array(
123  'ticket' => $ticket,
124  'service' => $service,
125  )
126  );
127  $result = \SimpleSAML\Utils\HTTP::fetch($url);
128 
129  $dom = \SAML2\DOMDocumentFactory::fromString($result);
130  $xPath = new DOMXpath($dom);
131  $xPath->registerNamespace("cas", 'http://www.yale.edu/tp/cas');
132  $success = $xPath->query("/cas:serviceResponse/cas:authenticationSuccess/cas:user");
133  if ($success->length == 0) {
134  $failure = $xPath->evaluate("/cas:serviceResponse/cas:authenticationFailure");
135  throw new Exception("Error when validating CAS service ticket: " . $failure->item(0)->textContent);
136  } else {
137  $attributes = array();
138  if ($casattributes = $this->_casConfig['attributes']) { # some has attributes in the xml - attributes is a list of XPath expressions to get them
139  foreach ($casattributes as $name => $query) {
140  $attrs = $xPath->query($query);
141  foreach ($attrs as $attrvalue) {
142  $attributes[$name][] = $attrvalue->textContent;
143  }
144  }
145  }
146  $casusername = $success->item(0)->textContent;
147 
148  return array($casusername, $attributes);
149  }
150  }
$failure
$failure
Definition: UtfNormalTest.php:79
$result
$result
Definition: CleanUpTest.php:463
$success
$success
Definition: Utf8Test.php:86
$query
$query
Definition: proxy_ylocal.php:13
$attributes
if(array_key_exists('yes', $_REQUEST)) $attributes
Definition: getconsent.php:85
SimpleSAML\Utils\HTTP\fetch
static fetch($url, $context=array(), $getHeaders=false)
Helper function to retrieve a file or URL with proxy support, also supporting proxy basic authorizati...
Definition: HTTP.php:408
$name
$name
Definition: client_example.php:35
$url
$url
Definition: proxy_ylocal.php:28
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ casValidate()

sspmod_cas_Auth_Source_CAS::casValidate (   $ticket,
  $service 
)
private

This the most simple version of validating, this provides only authentication validation.

Parameters
string$ticket
string$service
Returns
list username and attributes

Definition at line 93 of file CAS.php.

References $res, $result, $url, and SimpleSAML\Utils\HTTP\fetch().

Referenced by casValidation().

94  {
95  $url = \SimpleSAML\Utils\HTTP::addURLParameters($this->_casConfig['validate'], array(
96  'ticket' => $ticket,
97  'service' => $service,
98  ));
99  $result = \SimpleSAML\Utils\HTTP::fetch($url);
100  $res = preg_split("/\r?\n/",$result);
101 
102  if (strcmp($res[0], "yes") == 0) {
103  return array($res[1], array());
104  } else {
105  throw new Exception("Failed to validate CAS service ticket: $ticket");
106  }
107  }
$result
$result
Definition: CleanUpTest.php:463
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
SimpleSAML\Utils\HTTP\fetch
static fetch($url, $context=array(), $getHeaders=false)
Helper function to retrieve a file or URL with proxy support, also supporting proxy basic authorizati...
Definition: HTTP.php:408
$url
$url
Definition: proxy_ylocal.php:28
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ casValidation()

sspmod_cas_Auth_Source_CAS::casValidation (   $ticket,
  $service 
)
protected

Main validation method, redirects to correct method (keeps finalStep clean)

Parameters
string$ticket
string$service
Returns
list username and attributes

Definition at line 161 of file CAS.php.

References casServiceValidate(), and casValidate().

Referenced by finalStep().

162  {
163  switch ($this->_validationMethod)
164  {
165  case 'validate':
166  return $this->casValidate($ticket, $service);
167  break;
168  case 'serviceValidate':
169  return $this->casServiceValidate($ticket, $service);
170  break;
171  default:
172  throw new Exception("validate or serviceValidate not specified");
173  }
174  }
sspmod_cas_Auth_Source_CAS\casServiceValidate
casServiceValidate($ticket, $service)
Uses the cas service validate, this provides additional attributes.
Definition: CAS.php:118
sspmod_cas_Auth_Source_CAS\casValidate
casValidate($ticket, $service)
This the most simple version of validating, this provides only authentication validation.
Definition: CAS.php:93
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ finalStep()

sspmod_cas_Auth_Source_CAS::finalStep ( $state)

Called by linkback, to finish validate/ finish logging in.

Parameters
state$state
Returns
list username, casattributes/ldap attributes

Definition at line 182 of file CAS.php.

References $attributes, $config, $state, casValidation(), SimpleSAML_Auth_Source\completeAuth(), SimpleSAML\Module\getModuleURL(), SimpleSAML_Configuration\loadFromArray(), SimpleSAML_Auth_State\saveState(), and SimpleSAML_Auth_LDAP\validate().

183  {
184  $ticket = $state['cas:ticket'];
185  $stateID = SimpleSAML_Auth_State::saveState($state, self::STAGE_INIT);
186  $service = SimpleSAML\Module::getModuleURL('cas/linkback.php', array('stateID' => $stateID));
187  list($username, $casattributes) = $this->casValidation($ticket, $service);
188  $ldapattributes = array();
189 
190  $config = SimpleSAML_Configuration::loadFromArray($this->_ldapConfig,
191  'Authentication source ' . var_export($this->authId, true));
192  if ($this->_ldapConfig['servers']) {
193  $ldap = new SimpleSAML_Auth_LDAP(
194  $config->getString('servers'),
195  $config->getBoolean('enable_tls', false),
196  $config->getBoolean('debug', false),
197  $config->getInteger('timeout', 0),
198  $config->getInteger('port', 389),
199  $config->getBoolean('referrals', true)
200  );
201  $ldapattributes = $ldap->validate($this->_ldapConfig, $username);
202  }
203  $attributes = array_merge_recursive($casattributes, $ldapattributes);
204  $state['Attributes'] = $attributes;
205 
206  SimpleSAML_Auth_Source::completeAuth($state);
207  }
SimpleSAML_Auth_LDAP
Definition: LDAP.php:25
$config
$config
Definition: bootstrap.php:15
SimpleSAML\Module\getModuleURL
static getModuleURL($resource, array $parameters=array())
Get absolute URL to a specified module resource.
Definition: Module.php:220
$state
if(!array_key_exists('stateid', $_REQUEST)) $state
Handle linkback() response from LinkedIn.
Definition: linkback.php:10
SimpleSAML_Auth_LDAP\validate
validate($config, $username, $password=null)
Enter description here...
Definition: LDAP.php:618
$attributes
if(array_key_exists('yes', $_REQUEST)) $attributes
Definition: getconsent.php:85
sspmod_cas_Auth_Source_CAS\casValidation
casValidation($ticket, $service)
Main validation method, redirects to correct method (keeps finalStep clean)
Definition: CAS.php:161
SimpleSAML_Auth_Source\completeAuth
static completeAuth(&$state)
Complete authentication.
Definition: Source.php:136
SimpleSAML_Configuration\loadFromArray
static loadFromArray($config, $location='[ARRAY]', $instance=null)
Loads a configuration from the given array.
Definition: Configuration.php:297
SimpleSAML_Auth_State\saveState
static saveState(&$state, $stage, $rawId=false)
Save the state.
Definition: State.php:194
+ Here is the call graph for this function:

◆ logout()

sspmod_cas_Auth_Source_CAS::logout ( $state)

Log out from this authentication source.

This function should be overridden if the authentication source requires special steps to complete a logout operation.

If the logout process requires a redirect, the state should be saved. Once the logout operation is completed, the state should be restored, and completeLogout should be called with the state. If this operation can be completed without showing the user a page, or redirecting, this function should return.

Parameters
array&$stateInformation about the current logout operation.

Definition at line 243 of file CAS.php.

References $state, SimpleSAML_Auth_State\deleteState(), and SimpleSAML\Utils\HTTP\redirectTrustedURL().

244  {
245  assert(is_array($state));
246  $logoutUrl = $this->_casConfig['logout'];
247 
248  SimpleSAML_Auth_State::deleteState($state);
249  // we want cas to log us out
250  \SimpleSAML\Utils\HTTP::redirectTrustedURL($logoutUrl);
251  }
SimpleSAML\Utils\HTTP\redirectTrustedURL
static redirectTrustedURL($url, $parameters=array())
This function redirects to the specified URL without performing any security checks.
Definition: HTTP.php:959
$state
if(!array_key_exists('stateid', $_REQUEST)) $state
Handle linkback() response from LinkedIn.
Definition: linkback.php:10
SimpleSAML_Auth_State\deleteState
static deleteState(&$state)
Delete state.
Definition: State.php:319
+ Here is the call graph for this function:

Field Documentation

◆ $_casConfig

sspmod_cas_Auth_Source_CAS::$_casConfig
private

Definition at line 32 of file CAS.php.

◆ $_ldapConfig

sspmod_cas_Auth_Source_CAS::$_ldapConfig
private

Definition at line 27 of file CAS.php.

◆ $_loginMethod

sspmod_cas_Auth_Source_CAS::$_loginMethod
private

Definition at line 42 of file CAS.php.

◆ $_validationMethod

sspmod_cas_Auth_Source_CAS::$_validationMethod
private

Definition at line 38 of file CAS.php.

◆ AUTHID

const sspmod_cas_Auth_Source_CAS::AUTHID = 'sspmod_cas_Auth_Source_CAS.AuthId'

The key of the AuthId field in the state.

Definition at line 22 of file CAS.php.

◆ STAGE_INIT

const sspmod_cas_Auth_Source_CAS::STAGE_INIT = 'sspmod_cas_Auth_Source_CAS.state'

The string used to identify our states.

Definition at line 17 of file CAS.php.

The documentation for this class was generated from the following file: