ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
Functions
InternalProxied

Functions

 CAS_Client::validateCAS20 (&$validate_url, &$text_response, &$tree_response, $renew=false)
 This method is used to validate a cas 2.0 ST or PT; halt on failure Used for all CAS 2.0 validations. More...
 
 CAS_Client::_readExtraAttributesCas20 ($success_elements)
 This method will parse the DOM and pull out the attributes from the XML payload and put them into an array, then put the array into the session. More...
 
 CAS_Client::_addAttributeToArray (array &$attributeArray, $name, $value)
 Add an attribute value to an array of attributes. More...
 

Detailed Description

Function Documentation

◆ _addAttributeToArray()

CAS_Client::_addAttributeToArray ( array &  $attributeArray,
  $name,
  $value 
)
private

Add an attribute value to an array of attributes.

Parameters
array&$attributeArrayreference to array
string$namename of attribute
string$valuevalue of attribute
Returns
void

Definition at line 3584 of file Client.php.

References $name.

Referenced by CAS_Client\_readExtraAttributesCas20().

3585  {
3586  // If multiple attributes exist, add as an array value
3587  if (isset($attributeArray[$name])) {
3588  // Initialize the array with the existing value
3589  if (!is_array($attributeArray[$name])) {
3590  $existingValue = $attributeArray[$name];
3591  $attributeArray[$name] = array($existingValue);
3592  }
3593 
3594  $attributeArray[$name][] = trim($value);
3595  } else {
3596  $attributeArray[$name] = trim($value);
3597  }
3598  }
$name
$name
Definition: client_example.php:35
+ Here is the caller graph for this function:

◆ _readExtraAttributesCas20()

CAS_Client::_readExtraAttributesCas20 (   $success_elements)
private

This method will parse the DOM and pull out the attributes from the XML payload and put them into an array, then put the array into the session.

Parameters
string$success_elementspayload of the response
Returns
bool true when successfull, halt otherwise by calling CAS_Client::_authError().

Definition at line 3431 of file Client.php.

References CAS_Client\_addAttributeToArray(), CAS_Client\setAttributes(), and phpCAS\traceEnd().

3432  {
3433  phpCAS::traceBegin();
3434 
3435  $extra_attributes = array();
3436 
3437  // "Jasig Style" Attributes:
3438  //
3439  // <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
3440  // <cas:authenticationSuccess>
3441  // <cas:user>jsmith</cas:user>
3442  // <cas:attributes>
3443  // <cas:attraStyle>RubyCAS</cas:attraStyle>
3444  // <cas:surname>Smith</cas:surname>
3445  // <cas:givenName>John</cas:givenName>
3446  // <cas:memberOf>CN=Staff,OU=Groups,DC=example,DC=edu</cas:memberOf>
3447  // <cas:memberOf>CN=Spanish Department,OU=Departments,OU=Groups,DC=example,DC=edu</cas:memberOf>
3448  // </cas:attributes>
3449  // <cas:proxyGrantingTicket>PGTIOU-84678-8a9d2sfa23casd</cas:proxyGrantingTicket>
3450  // </cas:authenticationSuccess>
3451  // </cas:serviceResponse>
3452  //
3453  if ($this->_casAttributeParserCallbackFunction !== null
3454  && is_callable($this->_casAttributeParserCallbackFunction)
3455  ) {
3456  array_unshift($this->_casAttributeParserCallbackArgs, $success_elements->item(0));
3457  phpCas :: trace("Calling attritubeParser callback");
3458  $extra_attributes = call_user_func_array(
3459  $this->_casAttributeParserCallbackFunction,
3460  $this->_casAttributeParserCallbackArgs
3461  );
3462  } elseif ($success_elements->item(0)->getElementsByTagName("attributes")->length != 0) {
3463  $attr_nodes = $success_elements->item(0)
3464  ->getElementsByTagName("attributes");
3465  phpCas :: trace("Found nested jasig style attributes");
3466  if ($attr_nodes->item(0)->hasChildNodes()) {
3467  // Nested Attributes
3468  foreach ($attr_nodes->item(0)->childNodes as $attr_child) {
3469  phpCas :: trace(
3470  "Attribute [" . $attr_child->localName . "] = "
3471  . $attr_child->nodeValue
3472  );
3473  $this->_addAttributeToArray(
3474  $extra_attributes,
3475  $attr_child->localName,
3476  $attr_child->nodeValue
3477  );
3478  }
3479  }
3480  } else {
3481  // "RubyCAS Style" attributes
3482  //
3483  // <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
3484  // <cas:authenticationSuccess>
3485  // <cas:user>jsmith</cas:user>
3486  //
3487  // <cas:attraStyle>RubyCAS</cas:attraStyle>
3488  // <cas:surname>Smith</cas:surname>
3489  // <cas:givenName>John</cas:givenName>
3490  // <cas:memberOf>CN=Staff,OU=Groups,DC=example,DC=edu</cas:memberOf>
3491  // <cas:memberOf>CN=Spanish Department,OU=Departments,OU=Groups,DC=example,DC=edu</cas:memberOf>
3492  //
3493  // <cas:proxyGrantingTicket>PGTIOU-84678-8a9d2sfa23casd</cas:proxyGrantingTicket>
3494  // </cas:authenticationSuccess>
3495  // </cas:serviceResponse>
3496  //
3497  phpCas :: trace("Testing for rubycas style attributes");
3498  $childnodes = $success_elements->item(0)->childNodes;
3499  foreach ($childnodes as $attr_node) {
3500  switch ($attr_node->localName) {
3501  case 'user':
3502  case 'proxies':
3503  case 'proxyGrantingTicket':
3504  continue;
3505  default:
3506  if (strlen(trim($attr_node->nodeValue))) {
3507  phpCas :: trace(
3508  "Attribute [" . $attr_node->localName . "] = " . $attr_node->nodeValue
3509  );
3510  $this->_addAttributeToArray(
3511  $extra_attributes,
3512  $attr_node->localName,
3513  $attr_node->nodeValue
3514  );
3515  }
3516  }
3517  }
3518  }
3519 
3520  // "Name-Value" attributes.
3521  //
3522  // Attribute format from these mailing list thread:
3523  // http://jasig.275507.n4.nabble.com/CAS-attributes-and-how-they-appear-in-the-CAS-response-td264272.html
3524  // Note: This is a less widely used format, but in use by at least two institutions.
3525  //
3526  // <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
3527  // <cas:authenticationSuccess>
3528  // <cas:user>jsmith</cas:user>
3529  //
3530  // <cas:attribute name='attraStyle' value='Name-Value' />
3531  // <cas:attribute name='surname' value='Smith' />
3532  // <cas:attribute name='givenName' value='John' />
3533  // <cas:attribute name='memberOf' value='CN=Staff,OU=Groups,DC=example,DC=edu' />
3534  // <cas:attribute name='memberOf' value='CN=Spanish Department,OU=Departments,OU=Groups,DC=example,DC=edu' />
3535  //
3536  // <cas:proxyGrantingTicket>PGTIOU-84678-8a9d2sfa23casd</cas:proxyGrantingTicket>
3537  // </cas:authenticationSuccess>
3538  // </cas:serviceResponse>
3539  //
3540  if (!count($extra_attributes)
3541  && $success_elements->item(0)->getElementsByTagName("attribute")->length != 0
3542  ) {
3543  $attr_nodes = $success_elements->item(0)
3544  ->getElementsByTagName("attribute");
3545  $firstAttr = $attr_nodes->item(0);
3546  if (!$firstAttr->hasChildNodes()
3547  && $firstAttr->hasAttribute('name')
3548  && $firstAttr->hasAttribute('value')
3549  ) {
3550  phpCas :: trace("Found Name-Value style attributes");
3551  // Nested Attributes
3552  foreach ($attr_nodes as $attr_node) {
3553  if ($attr_node->hasAttribute('name')
3554  && $attr_node->hasAttribute('value')
3555  ) {
3556  phpCas :: trace(
3557  "Attribute [" . $attr_node->getAttribute('name')
3558  . "] = " . $attr_node->getAttribute('value')
3559  );
3560  $this->_addAttributeToArray(
3561  $extra_attributes,
3562  $attr_node->getAttribute('name'),
3563  $attr_node->getAttribute('value')
3564  );
3565  }
3566  }
3567  }
3568  }
3569 
3570  $this->setAttributes($extra_attributes);
3571  phpCAS::traceEnd();
3572  return true;
3573  }
phpCAS\traceEnd
static traceEnd($res='')
This method is used to indicate the end of the execution of a function in debug mode.
Definition: CAS.php:658
CAS_Client\_addAttributeToArray
_addAttributeToArray(array &$attributeArray, $name, $value)
Add an attribute value to an array of attributes.
Definition: Client.php:3584
CAS_Client\setAttributes
setAttributes($attributes)
Set an array of attributes.
Definition: Client.php:1178
phpCAS\traceBegin
static traceBegin()
This method is used to indicate the start of the execution of a function in debug mode...
Definition: CAS.php:611
+ Here is the call graph for this function:

◆ validateCAS20()

CAS_Client::validateCAS20 ( $validate_url,
$text_response,
$tree_response,
  $renew = false 
)

This method is used to validate a cas 2.0 ST or PT; halt on failure Used for all CAS 2.0 validations.

Parameters
string&$validate_urlthe url of the reponse
string&$text_responsethe text of the repsones
string&$tree_responsethe domxml tree of the respones
bool$renewtrue to force the authentication with the CAS server
Returns
bool true when successfull and issue a CAS_AuthenticationException and false on an error

Definition at line 3259 of file Client.php.

References $result, CAS_Client\_getCallbackURL(), CAS_Client\_readURL(), CAS_Client\getAllowedProxyChains(), CAS_Client\getServerProxyValidateURL(), CAS_Client\getServerServiceValidateURL(), CAS_Client\getTicket(), CAS_Client\isProxy(), phpCAS\trace(), and phpCAS\traceBegin().

3260  {
3261  phpCAS::traceBegin();
3262  phpCAS::trace($text_response);
3263  $result = false;
3264  // build the URL to validate the ticket
3265  if ($this->getAllowedProxyChains()->isProxyingAllowed()) {
3266  $validate_url = $this->getServerProxyValidateURL() . '&ticket='
3267  . urlencode($this->getTicket());
3268  } else {
3269  $validate_url = $this->getServerServiceValidateURL() . '&ticket='
3270  . urlencode($this->getTicket());
3271  }
3272 
3273  if ($this->isProxy()) {
3274  // pass the callback url for CAS proxies
3275  $validate_url .= '&pgtUrl=' . urlencode($this->_getCallbackURL());
3276  }
3277 
3278  if ($renew) {
3279  // pass the renew
3280  $validate_url .= '&renew=true';
3281  }
3282 
3283  // open and read the URL
3284  if (!$this->_readURL($validate_url, $headers, $text_response, $err_msg)) {
3285  phpCAS::trace(
3286  'could not open URL \'' . $validate_url . '\' to validate (' . $err_msg . ')'
3287  );
3288  throw new CAS_AuthenticationException(
3289  $this,
3290  'Ticket not validated',
3291  $validate_url,
3292  true/*$no_response*/
3293  );
3294  $result = false;
3295  }
3296 
3297  // create new DOMDocument object
3298  $dom = new DOMDocument();
3299  // Fix possible whitspace problems
3300  $dom->preserveWhiteSpace = false;
3301  // CAS servers should only return data in utf-8
3302  $dom->encoding = "utf-8";
3303  // read the response of the CAS server into a DOMDocument object
3304  if (!($dom->loadXML($text_response))) {
3305  // read failed
3306  throw new CAS_AuthenticationException(
3307  $this,
3308  'Ticket not validated',
3309  $validate_url,
3310  false/*$no_response*/,
3311  true/*$bad_response*/,
3312  $text_response
3313  );
3314  $result = false;
3315  } elseif (!($tree_response = $dom->documentElement)) {
3316  // read the root node of the XML tree
3317  // read failed
3318  throw new CAS_AuthenticationException(
3319  $this,
3320  'Ticket not validated',
3321  $validate_url,
3322  false/*$no_response*/,
3323  true/*$bad_response*/,
3324  $text_response
3325  );
3326  $result = false;
3327  } elseif ($tree_response->localName != 'serviceResponse') {
3328  // insure that tag name is 'serviceResponse'
3329  // bad root node
3330  throw new CAS_AuthenticationException(
3331  $this,
3332  'Ticket not validated',
3333  $validate_url,
3334  false/*$no_response*/,
3335  true/*$bad_response*/,
3336  $text_response
3337  );
3338  $result = false;
3339  } elseif ($tree_response->getElementsByTagName("authenticationFailure")->length != 0) {
3340  // authentication failed, extract the error code and message and throw exception
3341  $auth_fail_list = $tree_response
3342  ->getElementsByTagName("authenticationFailure");
3343  throw new CAS_AuthenticationException(
3344  $this,
3345  'Ticket not validated',
3346  $validate_url,
3347  false/*$no_response*/,
3348  false/*$bad_response*/,
3349  $text_response,
3350  $auth_fail_list->item(0)->getAttribute('code')/*$err_code*/,
3351  trim($auth_fail_list->item(0)->nodeValue)/*$err_msg*/
3352  );
3353  $result = false;
3354  } elseif ($tree_response->getElementsByTagName("authenticationSuccess")->length != 0) {
3355  // authentication succeded, extract the user name
3356  $success_elements = $tree_response
3357  ->getElementsByTagName("authenticationSuccess");
3358  if ($success_elements->item(0)->getElementsByTagName("user")->length == 0) {
3359  // no user specified => error
3360  throw new CAS_AuthenticationException(
3361  $this,
3362  'Ticket not validated',
3363  $validate_url,
3364  false/*$no_response*/,
3365  true/*$bad_response*/,
3366  $text_response
3367  );
3368  $result = false;
3369  } else {
3370  $this->_setUser(
3371  trim(
3372  $success_elements->item(0)->getElementsByTagName("user")->item(0)->nodeValue
3373  )
3374  );
3375  $this->_readExtraAttributesCas20($success_elements);
3376  // Store the proxies we are sitting behind for authorization checking
3377  $proxyList = array();
3378  if (sizeof($arr = $success_elements->item(0)->getElementsByTagName("proxy")) > 0) {
3379  foreach ($arr as $proxyElem) {
3380  phpCAS::trace("Found Proxy: " . $proxyElem->nodeValue);
3381  $proxyList[] = trim($proxyElem->nodeValue);
3382  }
3383  $this->_setProxies($proxyList);
3384  phpCAS::trace("Storing Proxy List");
3385  }
3386  // Check if the proxies in front of us are allowed
3387  if (!$this->getAllowedProxyChains()->isProxyListAllowed($proxyList)) {
3388  throw new CAS_AuthenticationException(
3389  $this,
3390  'Proxy not allowed',
3391  $validate_url,
3392  false/*$no_response*/,
3393  true/*$bad_response*/,
3394  $text_response
3395  );
3396  $result = false;
3397  } else {
3398  $result = true;
3399  }
3400  }
3401  } else {
3402  throw new CAS_AuthenticationException(
3403  $this,
3404  'Ticket not validated',
3405  $validate_url,
3406  false/*$no_response*/,
3407  true/*$bad_response*/,
3408  $text_response
3409  );
3410  $result = false;
3411  }
3412  if ($result) {
3413  $this->_renameSession($this->getTicket());
3414  }
3415  // at this step, Ticket has been validated and $this->_user has been set,
3416 
3417  phpCAS::traceEnd($result);
3418  return $result;
3419  }
$result
$result
Definition: CleanUpTest.php:463
CAS_Client\getServerProxyValidateURL
getServerProxyValidateURL()
This method is used to retrieve the proxy validating URL of the CAS server.
Definition: Client.php:496
CAS_Client\getTicket
getTicket()
This method returns the Service Ticket provided in the URL of the request.
Definition: Client.php:1905
phpCAS\trace
static trace($str)
This method is used to log something in debug mode.
Definition: CAS.php:599
CAS_Client\_getCallbackURL
_getCallbackURL()
This method returns the URL that should be used for the PGT callback (in fact the URL of the current ...
Definition: Client.php:2420
CAS_Client\getServerServiceValidateURL
getServerServiceValidateURL()
This method is used to retrieve the service validating URL of the CAS server.
Definition: Client.php:439
CAS_Client\_readURL
_readURL($url, &$headers, &$body, &$err_msg)
This method is used to acces a remote URL.
Definition: Client.php:2875
phpCAS\traceBegin
static traceBegin()
This method is used to indicate the start of the execution of a function in debug mode...
Definition: CAS.php:611
CAS_Client\isProxy
isProxy()
Tells if a CAS client is a CAS proxy or not.
Definition: Client.php:2302
CAS_Client\getAllowedProxyChains
getAllowedProxyChains()
Answer the CAS_ProxyChain_AllowedList object for this client.
Definition: Client.php:3230
+ Here is the call graph for this function: