ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
Functions
CAS SAML features (SAML 1.1)
Implementation
+ Collaboration diagram for CAS SAML features (SAML 1.1):

Functions

 CAS_Client::validateSA (&$validate_url, &$text_response, &$tree_response, $renew=false)
 This method is used to validate a SAML TICKET; halt on failure, and sets $validate_url, $text_reponse and $tree_response on success. More...
 
 CAS_Client::_setSessionAttributes ($text_response)
 This method will parse the DOM and pull out the attributes from the SAML payload and put them into an array, then put the array into the session. More...
 

Detailed Description

Function Documentation

◆ _setSessionAttributes()

CAS_Client::_setSessionAttributes (   $text_response)
private

This method will parse the DOM and pull out the attributes from the SAML payload and put them into an array, then put the array into the session.

Parameters
string$text_responsethe SAML payload.
Returns
bool true when successfull and false if no attributes a found

Definition at line 2222 of file Client.php.

References $name, $result, phpCAS\trace(), phpCAS\traceBegin(), and phpCAS\traceEnd().

Referenced by CAS_Client\validateSA().

2223  {
2224  phpCAS::traceBegin();
2225 
2226  $result = false;
2227 
2228  $attr_array = array();
2229 
2230  // create new DOMDocument Object
2231  $dom = new DOMDocument();
2232  // Fix possible whitspace problems
2233  $dom->preserveWhiteSpace = false;
2234  if (($dom->loadXML($text_response))) {
2235  $xPath = new DOMXpath($dom);
2236  $xPath->registerNamespace('samlp', 'urn:oasis:names:tc:SAML:1.0:protocol');
2237  $xPath->registerNamespace('saml', 'urn:oasis:names:tc:SAML:1.0:assertion');
2238  $nodelist = $xPath->query("//saml:Attribute");
2239 
2240  if ($nodelist) {
2241  foreach ($nodelist as $node) {
2242  $xres = $xPath->query("saml:AttributeValue", $node);
2243  $name = $node->getAttribute("AttributeName");
2244  $value_array = array();
2245  foreach ($xres as $node2) {
2246  $value_array[] = $node2->nodeValue;
2247  }
2248  $attr_array[$name] = $value_array;
2249  }
2250  // UGent addition...
2251  foreach ($attr_array as $attr_key => $attr_value) {
2252  if (count($attr_value) > 1) {
2253  $this->_attributes[$attr_key] = $attr_value;
2254  phpCAS::trace("* " . $attr_key . "=" . print_r($attr_value, true));
2255  } else {
2256  $this->_attributes[$attr_key] = $attr_value[0];
2257  phpCAS::trace("* " . $attr_key . "=" . $attr_value[0]);
2258  }
2259  }
2260  $result = true;
2261  } else {
2262  phpCAS::trace("SAML Attributes are empty");
2263  $result = false;
2264  }
2265  }
2266  phpCAS::traceEnd($result);
2267  return $result;
2268  }
$result
$result
Definition: CleanUpTest.php:463
phpCAS\traceEnd
static traceEnd($res='')
This method is used to indicate the end of the execution of a function in debug mode.
Definition: CAS.php:658
phpCAS\trace
static trace($str)
This method is used to log something in debug mode.
Definition: CAS.php:599
phpCAS\traceBegin
static traceBegin()
This method is used to indicate the start of the execution of a function in debug mode...
Definition: CAS.php:611
$name
$name
Definition: client_example.php:35
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ validateSA()

CAS_Client::validateSA ( $validate_url,
$text_response,
$tree_response,
  $renew = false 
)

This method is used to validate a SAML TICKET; halt on failure, and sets $validate_url, $text_reponse and $tree_response on success.

These parameters are used later by CAS_Client::_validatePGT() for CAS proxies.

Parameters
string&$validate_urlreference to the the URL of the request to the CAS server.
string&$text_responsereference to the response of the CAS server, as is (XML text).
string&$tree_responsereference to the response of the CAS server, as a DOM XML tree.
bool$renewtrue to force the authentication with the CAS server
Returns
bool true when successfull and issue a CAS_AuthenticationException and false on an error

Definition at line 2110 of file Client.php.

References $result, $user, CAS_Client\_renameSession(), CAS_Client\_setSessionAttributes(), CAS_Client\_setUser(), CAS_Client\getTicket(), phpCAS\trace(), and phpCAS\traceEnd().

Referenced by CAS_Client\isAuthenticated().

2111  {
2112  phpCAS::traceBegin();
2113  $result = false;
2114  // build the URL to validate the ticket
2115  $validate_url = $this->getServerSamlValidateURL();
2116 
2117  if ($renew) {
2118  // pass the renew
2119  $validate_url .= '&renew=true';
2120  }
2121 
2122  // open and read the URL
2123  if (!$this->_readURL($validate_url, $headers, $text_response, $err_msg)) {
2124  phpCAS::trace(
2125  'could not open URL \'' . $validate_url . '\' to validate (' . $err_msg . ')'
2126  );
2127  throw new CAS_AuthenticationException(
2128  $this,
2129  'SA not validated',
2130  $validate_url,
2131  true/*$no_response*/
2132  );
2133  }
2134 
2135  phpCAS::trace('server version: ' . $this->getServerVersion());
2136 
2137  // analyze the result depending on the version
2138  switch ($this->getServerVersion()) {
2139  case SAML_VERSION_1_1:
2140  // create new DOMDocument Object
2141  $dom = new DOMDocument();
2142  // Fix possible whitspace problems
2143  $dom->preserveWhiteSpace = false;
2144  // read the response of the CAS server into a DOM object
2145  if (!($dom->loadXML($text_response))) {
2146  phpCAS::trace('dom->loadXML() failed');
2147  throw new CAS_AuthenticationException(
2148  $this,
2149  'SA not validated',
2150  $validate_url,
2151  false/*$no_response*/,
2152  true/*$bad_response*/,
2153  $text_response
2154  );
2155  $result = false;
2156  }
2157  // read the root node of the XML tree
2158  if (!($tree_response = $dom->documentElement)) {
2159  phpCAS::trace('documentElement() failed');
2160  throw new CAS_AuthenticationException(
2161  $this,
2162  'SA not validated',
2163  $validate_url,
2164  false/*$no_response*/,
2165  true/*$bad_response*/,
2166  $text_response
2167  );
2168  $result = false;
2169  } elseif ($tree_response->localName != 'Envelope') {
2170  // insure that tag name is 'Envelope'
2171  phpCAS::trace(
2172  'bad XML root node (should be `Envelope\' instead of `'
2173  . $tree_response->localName . '\''
2174  );
2175  throw new CAS_AuthenticationException(
2176  $this,
2177  'SA not validated',
2178  $validate_url,
2179  false/*$no_response*/,
2180  true/*$bad_response*/,
2181  $text_response
2182  );
2183  $result = false;
2184  } elseif ($tree_response->getElementsByTagName("NameIdentifier")->length != 0) {
2185  // check for the NameIdentifier tag in the SAML response
2186  $success_elements = $tree_response->getElementsByTagName("NameIdentifier");
2187  phpCAS::trace('NameIdentifier found');
2188  $user = trim($success_elements->item(0)->nodeValue);
2189  phpCAS::trace('user = `' . $user . '`');
2190  $this->_setUser($user);
2191  $this->_setSessionAttributes($text_response);
2192  $result = true;
2193  } else {
2194  phpCAS::trace('no <NameIdentifier> tag found in SAML payload');
2195  throw new CAS_AuthenticationException(
2196  $this,
2197  'SA not validated',
2198  $validate_url,
2199  false/*$no_response*/,
2200  true/*$bad_response*/,
2201  $text_response
2202  );
2203  $result = false;
2204  }
2205  }
2206  if ($result) {
2207  $this->_renameSession($this->getTicket());
2208  }
2209  // at this step, ST has been validated and $this->_user has been set,
2210  phpCAS::traceEnd($result);
2211  return $result;
2212  }
$result
$result
Definition: CleanUpTest.php:463
phpCAS\traceEnd
static traceEnd($res='')
This method is used to indicate the end of the execution of a function in debug mode.
Definition: CAS.php:658
CAS_Client\getTicket
getTicket()
This method returns the Service Ticket provided in the URL of the request.
Definition: Client.php:1905
phpCAS\trace
static trace($str)
This method is used to log something in debug mode.
Definition: CAS.php:599
CAS_Client\_setUser
_setUser($user)
This method sets the CAS user&#39;s login name.
Definition: Client.php:1121
CAS_Client\_readURL
_readURL($url, &$headers, &$body, &$err_msg)
This method is used to acces a remote URL.
Definition: Client.php:2875
$user
$user
Definition: migrateto20.php:57
phpCAS\traceBegin
static traceBegin()
This method is used to indicate the start of the execution of a function in debug mode...
Definition: CAS.php:611
CAS_Client\_renameSession
_renameSession($ticket)
Renaming the session.
Definition: Client.php:3801
CAS_Client\_setSessionAttributes
_setSessionAttributes($text_response)
This method will parse the DOM and pull out the attributes from the SAML payload and put them into an...
Definition: Client.php:2222
CAS_Client\getServerSamlValidateURL
getServerSamlValidateURL()
This method is used to retrieve the SAML validating URL of the CAS server.
Definition: Client.php:471
CAS_AuthenticationException
This interface defines methods that allow proxy-authenticated service handlers to interact with phpCA...
Definition: AuthenticationException.php:48
+ Here is the call graph for this function:
+ Here is the caller graph for this function: