InternalProxied
Functions | |
| CAS_Client::validateCAS20 (&$validate_url, &$text_response, &$tree_response, $renew=false) | |
| This method is used to validate a cas 2.0 ST or PT; halt on failure Used for all CAS 2.0 validations. More... | |
| CAS_Client::_readExtraAttributesCas20 ($success_elements) | |
| This method will parse the DOM and pull out the attributes from the XML payload and put them into an array, then put the array into the session. More... | |
| CAS_Client::_addAttributeToArray (array &$attributeArray, $name, $value) | |
| Add an attribute value to an array of attributes. More... | |
Detailed Description
Function Documentation
◆ _addAttributeToArray()
|
private |
Add an attribute value to an array of attributes.
- Parameters
-
array &$attributeArray reference to array string $name name of attribute string $value value of attribute
- Returns
- void
Definition at line 3584 of file Client.php.
3585 {
3586 // If multiple attributes exist, add as an array value
3588 // Initialize the array with the existing value
3590 $existingValue = $attributeArray[$name];
3591 $attributeArray[$name] = array($existingValue);
3592 }
3593
3594 $attributeArray[$name][] = trim($value);
3595 } else {
3596 $attributeArray[$name] = trim($value);
3597 }
3598 }
References $name.
◆ _readExtraAttributesCas20()
|
private |
This method will parse the DOM and pull out the attributes from the XML payload and put them into an array, then put the array into the session.
- Parameters
-
string $success_elements payload of the response
- Returns
- bool true when successfull, halt otherwise by calling CAS_Client::_authError().
Definition at line 3431 of file Client.php.
3432 {
3433 phpCAS::traceBegin();
3434
3435 $extra_attributes = array();
3436
3437 // "Jasig Style" Attributes:
3438 //
3439 // <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
3440 // <cas:authenticationSuccess>
3441 // <cas:user>jsmith</cas:user>
3442 // <cas:attributes>
3443 // <cas:attraStyle>RubyCAS</cas:attraStyle>
3444 // <cas:surname>Smith</cas:surname>
3445 // <cas:givenName>John</cas:givenName>
3446 // <cas:memberOf>CN=Staff,OU=Groups,DC=example,DC=edu</cas:memberOf>
3447 // <cas:memberOf>CN=Spanish Department,OU=Departments,OU=Groups,DC=example,DC=edu</cas:memberOf>
3448 // </cas:attributes>
3449 // <cas:proxyGrantingTicket>PGTIOU-84678-8a9d2sfa23casd</cas:proxyGrantingTicket>
3450 // </cas:authenticationSuccess>
3451 // </cas:serviceResponse>
3452 //
3453 if ($this->_casAttributeParserCallbackFunction !== null
3454 && is_callable($this->_casAttributeParserCallbackFunction)
3455 ) {
3456 array_unshift($this->_casAttributeParserCallbackArgs, $success_elements->item(0));
3457 phpCas :: trace("Calling attritubeParser callback");
3458 $extra_attributes = call_user_func_array(
3459 $this->_casAttributeParserCallbackFunction,
3460 $this->_casAttributeParserCallbackArgs
3461 );
3462 } elseif ($success_elements->item(0)->getElementsByTagName("attributes")->length != 0) {
3463 $attr_nodes = $success_elements->item(0)
3464 ->getElementsByTagName("attributes");
3465 phpCas :: trace("Found nested jasig style attributes");
3466 if ($attr_nodes->item(0)->hasChildNodes()) {
3467 // Nested Attributes
3468 foreach ($attr_nodes->item(0)->childNodes as $attr_child) {
3469 phpCas :: trace(
3470 "Attribute [" . $attr_child->localName . "] = "
3471 . $attr_child->nodeValue
3472 );
3473 $this->_addAttributeToArray(
3474 $extra_attributes,
3475 $attr_child->localName,
3476 $attr_child->nodeValue
3477 );
3478 }
3479 }
3480 } else {
3481 // "RubyCAS Style" attributes
3482 //
3483 // <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
3484 // <cas:authenticationSuccess>
3485 // <cas:user>jsmith</cas:user>
3486 //
3487 // <cas:attraStyle>RubyCAS</cas:attraStyle>
3488 // <cas:surname>Smith</cas:surname>
3489 // <cas:givenName>John</cas:givenName>
3490 // <cas:memberOf>CN=Staff,OU=Groups,DC=example,DC=edu</cas:memberOf>
3491 // <cas:memberOf>CN=Spanish Department,OU=Departments,OU=Groups,DC=example,DC=edu</cas:memberOf>
3492 //
3493 // <cas:proxyGrantingTicket>PGTIOU-84678-8a9d2sfa23casd</cas:proxyGrantingTicket>
3494 // </cas:authenticationSuccess>
3495 // </cas:serviceResponse>
3496 //
3497 phpCas :: trace("Testing for rubycas style attributes");
3498 $childnodes = $success_elements->item(0)->childNodes;
3499 foreach ($childnodes as $attr_node) {
3500 switch ($attr_node->localName) {
3501 case 'user':
3502 case 'proxies':
3503 case 'proxyGrantingTicket':
3504 continue;
3505 default:
3506 if (strlen(trim($attr_node->nodeValue))) {
3507 phpCas :: trace(
3508 "Attribute [" . $attr_node->localName . "] = " . $attr_node->nodeValue
3509 );
3510 $this->_addAttributeToArray(
3511 $extra_attributes,
3512 $attr_node->localName,
3513 $attr_node->nodeValue
3514 );
3515 }
3516 }
3517 }
3518 }
3519
3520 // "Name-Value" attributes.
3521 //
3522 // Attribute format from these mailing list thread:
3523 // http://jasig.275507.n4.nabble.com/CAS-attributes-and-how-they-appear-in-the-CAS-response-td264272.html
3524 // Note: This is a less widely used format, but in use by at least two institutions.
3525 //
3526 // <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
3527 // <cas:authenticationSuccess>
3528 // <cas:user>jsmith</cas:user>
3529 //
3530 // <cas:attribute name='attraStyle' value='Name-Value' />
3531 // <cas:attribute name='surname' value='Smith' />
3532 // <cas:attribute name='givenName' value='John' />
3533 // <cas:attribute name='memberOf' value='CN=Staff,OU=Groups,DC=example,DC=edu' />
3534 // <cas:attribute name='memberOf' value='CN=Spanish Department,OU=Departments,OU=Groups,DC=example,DC=edu' />
3535 //
3536 // <cas:proxyGrantingTicket>PGTIOU-84678-8a9d2sfa23casd</cas:proxyGrantingTicket>
3537 // </cas:authenticationSuccess>
3538 // </cas:serviceResponse>
3539 //
3540 if (!count($extra_attributes)
3541 && $success_elements->item(0)->getElementsByTagName("attribute")->length != 0
3542 ) {
3543 $attr_nodes = $success_elements->item(0)
3544 ->getElementsByTagName("attribute");
3545 $firstAttr = $attr_nodes->item(0);
3546 if (!$firstAttr->hasChildNodes()
3547 && $firstAttr->hasAttribute('name')
3548 && $firstAttr->hasAttribute('value')
3549 ) {
3550 phpCas :: trace("Found Name-Value style attributes");
3551 // Nested Attributes
3552 foreach ($attr_nodes as $attr_node) {
3553 if ($attr_node->hasAttribute('name')
3554 && $attr_node->hasAttribute('value')
3555 ) {
3556 phpCas :: trace(
3557 "Attribute [" . $attr_node->getAttribute('name')
3558 . "] = " . $attr_node->getAttribute('value')
3559 );
3560 $this->_addAttributeToArray(
3561 $extra_attributes,
3562 $attr_node->getAttribute('name'),
3563 $attr_node->getAttribute('value')
3564 );
3565 }
3566 }
3567 }
3568 }
3569
3570 $this->setAttributes($extra_attributes);
3571 phpCAS::traceEnd();
3572 return true;
3573 }
_addAttributeToArray(array &$attributeArray, $name, $value)
Add an attribute value to an array of attributes.
Definition: Client.php:3584
static traceEnd($res='')
This method is used to indicate the end of the execution of a function in debug mode.
Definition: CAS.php:658
static traceBegin()
This method is used to indicate the start of the execution of a function in debug mode.
Definition: CAS.php:611
◆ validateCAS20()
| CAS_Client::validateCAS20 | ( | & | $validate_url, |
| & | $text_response, | ||
| & | $tree_response, | ||
$renew = false |
|||
| ) |
This method is used to validate a cas 2.0 ST or PT; halt on failure Used for all CAS 2.0 validations.
- Parameters
-
string &$validate_url the url of the reponse string &$text_response the text of the repsones string &$tree_response the domxml tree of the respones bool $renew true to force the authentication with the CAS server
- Returns
- bool true when successfull and issue a CAS_AuthenticationException and false on an error
Definition at line 3259 of file Client.php.
3260 {
3261 phpCAS::traceBegin();
3262 phpCAS::trace($text_response);
3264 // build the URL to validate the ticket
3267 . urlencode($this->getTicket());
3268 } else {
3270 . urlencode($this->getTicket());
3271 }
3272
3274 // pass the callback url for CAS proxies
3276 }
3277
3278 if ($renew) {
3279 // pass the renew
3280 $validate_url .= '&renew=true';
3281 }
3282
3283 // open and read the URL
3285 phpCAS::trace(
3286 'could not open URL \'' . $validate_url . '\' to validate (' . $err_msg . ')'
3287 );
3288 throw new CAS_AuthenticationException(
3289 $this,
3290 'Ticket not validated',
3291 $validate_url,
3292 true/*$no_response*/
3293 );
3294 $result = false;
3295 }
3296
3297 // create new DOMDocument object
3298 $dom = new DOMDocument();
3299 // Fix possible whitspace problems
3300 $dom->preserveWhiteSpace = false;
3301 // CAS servers should only return data in utf-8
3302 $dom->encoding = "utf-8";
3303 // read the response of the CAS server into a DOMDocument object
3304 if (!($dom->loadXML($text_response))) {
3305 // read failed
3306 throw new CAS_AuthenticationException(
3307 $this,
3308 'Ticket not validated',
3309 $validate_url,
3310 false/*$no_response*/,
3311 true/*$bad_response*/,
3312 $text_response
3313 );
3314 $result = false;
3315 } elseif (!($tree_response = $dom->documentElement)) {
3316 // read the root node of the XML tree
3317 // read failed
3318 throw new CAS_AuthenticationException(
3319 $this,
3320 'Ticket not validated',
3321 $validate_url,
3322 false/*$no_response*/,
3323 true/*$bad_response*/,
3324 $text_response
3325 );
3326 $result = false;
3327 } elseif ($tree_response->localName != 'serviceResponse') {
3328 // insure that tag name is 'serviceResponse'
3329 // bad root node
3330 throw new CAS_AuthenticationException(
3331 $this,
3332 'Ticket not validated',
3333 $validate_url,
3334 false/*$no_response*/,
3335 true/*$bad_response*/,
3336 $text_response
3337 );
3338 $result = false;
3339 } elseif ($tree_response->getElementsByTagName("authenticationFailure")->length != 0) {
3340 // authentication failed, extract the error code and message and throw exception
3341 $auth_fail_list = $tree_response
3342 ->getElementsByTagName("authenticationFailure");
3343 throw new CAS_AuthenticationException(
3344 $this,
3345 'Ticket not validated',
3346 $validate_url,
3347 false/*$no_response*/,
3348 false/*$bad_response*/,
3349 $text_response,
3350 $auth_fail_list->item(0)->getAttribute('code')/*$err_code*/,
3351 trim($auth_fail_list->item(0)->nodeValue)/*$err_msg*/
3352 );
3353 $result = false;
3354 } elseif ($tree_response->getElementsByTagName("authenticationSuccess")->length != 0) {
3355 // authentication succeded, extract the user name
3356 $success_elements = $tree_response
3357 ->getElementsByTagName("authenticationSuccess");
3358 if ($success_elements->item(0)->getElementsByTagName("user")->length == 0) {
3359 // no user specified => error
3360 throw new CAS_AuthenticationException(
3361 $this,
3362 'Ticket not validated',
3363 $validate_url,
3364 false/*$no_response*/,
3365 true/*$bad_response*/,
3366 $text_response
3367 );
3368 $result = false;
3369 } else {
3370 $this->_setUser(
3371 trim(
3372 $success_elements->item(0)->getElementsByTagName("user")->item(0)->nodeValue
3373 )
3374 );
3375 $this->_readExtraAttributesCas20($success_elements);
3376 // Store the proxies we are sitting behind for authorization checking
3377 $proxyList = array();
3378 if (sizeof($arr = $success_elements->item(0)->getElementsByTagName("proxy")) > 0) {
3379 foreach ($arr as $proxyElem) {
3380 phpCAS::trace("Found Proxy: " . $proxyElem->nodeValue);
3381 $proxyList[] = trim($proxyElem->nodeValue);
3382 }
3383 $this->_setProxies($proxyList);
3384 phpCAS::trace("Storing Proxy List");
3385 }
3386 // Check if the proxies in front of us are allowed
3387 if (!$this->getAllowedProxyChains()->isProxyListAllowed($proxyList)) {
3388 throw new CAS_AuthenticationException(
3389 $this,
3390 'Proxy not allowed',
3391 $validate_url,
3392 false/*$no_response*/,
3393 true/*$bad_response*/,
3394 $text_response
3395 );
3396 $result = false;
3397 } else {
3398 $result = true;
3399 }
3400 }
3401 } else {
3402 throw new CAS_AuthenticationException(
3403 $this,
3404 'Ticket not validated',
3405 $validate_url,
3406 false/*$no_response*/,
3407 true/*$bad_response*/,
3408 $text_response
3409 );
3410 $result = false;
3411 }
3412 if ($result) {
3413 $this->_renameSession($this->getTicket());
3414 }
3415 // at this step, Ticket has been validated and $this->_user has been set,
3416
3417 phpCAS::traceEnd($result);
3418 return $result;
3419 }
getTicket()
This method returns the Service Ticket provided in the URL of the request.
Definition: Client.php:1905
_getCallbackURL()
This method returns the URL that should be used for the PGT callback (in fact the URL of the current ...
Definition: Client.php:2420
getServerServiceValidateURL()
This method is used to retrieve the service validating URL of the CAS server.
Definition: Client.php:439
getServerProxyValidateURL()
This method is used to retrieve the proxy validating URL of the CAS server.
Definition: Client.php:496
_readURL($url, &$headers, &$body, &$err_msg)
This method is used to acces a remote URL.
Definition: Client.php:2875
getAllowedProxyChains()
Answer the CAS_ProxyChain_AllowedList object for this client.
Definition: Client.php:3230
References $result, CAS_Client\_getCallbackURL(), CAS_Client\_readURL(), CAS_Client\getAllowedProxyChains(), CAS_Client\getServerProxyValidateURL(), CAS_Client\getServerServiceValidateURL(), CAS_Client\getTicket(), CAS_Client\isProxy(), phpCAS\trace(), and phpCAS\traceBegin().
Here is the call graph for this function:
