107 (empty($this->_output_header)
108 ?
'<html><head><title>__TITLE__</title></head><body><h1>__TITLE__</h1>'
109 : $this->_output_header)
134 empty($this->_output_footer)?
135 (phpcas::getVerbose())?
136 '<hr><address>phpCAS __PHPCAS_VERSION__ '
137 .
$lang->getUsingServer()
138 .
' <a href="__SERVER_BASE_URL__">__SERVER_BASE_URL__</a> (CAS __CAS_VERSION__)</a></address></body></html>'
140 :$this->_output_footer
154 if (gettype($header) !=
'string') {
158 $this->_output_header = $header;
171 if (gettype($footer) !=
'string') {
175 $this->_output_footer = $footer;
207 if (gettype(
$lang) !=
'string') {
215 '$className must implement the CAS_Languages_LanguageInterface'
218 $this->_lang =
$lang;
229 return new $classname();
268 'hostname' =>
'none',
279 return $this->_server[
'version'];
289 return $this->_server[
'hostname'];
299 return $this->_server[
'port'];
309 return $this->_server[
'uri'];
320 if (empty($this->_server[
'base_url'])) {
323 $this->_server[
'base_url'] .=
':'
328 return $this->_server[
'base_url'];
345 if (empty($this->_server[
'login_url'])) {
348 $url = $this->_server[
'login_url'];
353 } elseif ($gateway) {
372 if (gettype(
$url) !=
'string') {
376 return $this->_server[
'login_url'] =
$url;
390 if (gettype(
$url) !=
'string') {
394 return $this->_server[
'service_validate_url'] =
$url;
408 if (gettype(
$url) !=
'string') {
412 return $this->_server[
'proxy_validate_url'] =
$url;
426 if (gettype(
$url) !=
'string') {
430 return $this->_server[
'saml_validate_url'] =
$url;
443 if (empty($this->_server[
'service_validate_url'])) {
455 .
'p3/serviceValidate';
460 $this->_server[
'service_validate_url'],
461 'service=' . urlencode($this->
getURL())
475 if (empty($this->_server[
'saml_validate_url'])) {
478 $this->_server[
'saml_validate_url'] = $this->
_getServerBaseURL() .
'samlValidate';
484 $this->_server[
'saml_validate_url'],
485 'TARGET=' . urlencode($this->
getURL())
500 if (empty($this->_server[
'proxy_validate_url'])) {
503 $this->_server[
'proxy_validate_url'] =
'';
506 $this->_server[
'proxy_validate_url'] = $this->
_getServerBaseURL() .
'proxyValidate';
509 $this->_server[
'proxy_validate_url'] = $this->
_getServerBaseURL() .
'p3/proxyValidate';
514 $this->_server[
'proxy_validate_url'],
515 'service=' . urlencode($this->
getURL())
530 if (empty($this->_server[
'proxy_url'])) {
533 $this->_server[
'proxy_url'] =
'';
541 return $this->_server[
'proxy_url'];
552 if (empty($this->_server[
'logout_url'])) {
555 return $this->_server[
'logout_url'];
568 if (gettype(
$url) !=
'string') {
572 return $this->_server[
'logout_url'] =
$url;
590 $this->_curl_options[$key] = $value;
622 $obj =
new $className;
625 '$className must implement the CAS_Request_RequestInterface'
628 $this->_requestImplementation = $className;
649 $this->_clearTicketsFromUrl =
false;
675 $this->_casAttributeParserCallbackFunction = $function;
676 $this->_casAttributeParserCallbackArgs = $additionalArgs;
709 $this->_postAuthenticateCallbackFunction = $function;
710 $this->_postAuthenticateCallbackArgs = $additionalArgs;
739 $this->_signoutCallbackFunction = $function;
740 $this->_signoutCallbackArgs = $additionalArgs;
773 $dbg = debug_backtrace();
774 $this->_authentication_caller = array(
775 'file' => $dbg[1][
'file'],
776 'line' => $dbg[1][
'line'],
777 'method' => $dbg[1][
'class'] .
'::' . $dbg[1][
'function'],
778 'result' => (
boolean)
$auth
790 return !empty($this->_authentication_caller);
819 return $this->_authentication_caller[
'result'];
834 if (!$this->_authentication_caller[
'result']) {
836 'authentication was checked (by '
840 .
') but the method returned false'
856 return $this->_authentication_caller[
'file'];
870 return $this->_authentication_caller[
'line'];
884 return $this->_authentication_caller[
'method'];
917 $changeSessionID =
true
920 if (gettype($server_version) !=
'string') {
923 if (gettype($proxy) !=
'boolean') {
926 if (gettype($server_hostname) !=
'string') {
929 if (gettype($server_port) !=
'integer') {
932 if (gettype($server_uri) !=
'string') {
935 if (gettype($changeSessionID) !=
'boolean') {
956 $this->_proxy = $proxy;
963 if (!isset(
$_SESSION[
'phpCAS'][
'service_cookies'])) {
964 $_SESSION[
'phpCAS'][
'service_cookies'] = array();
972 switch ($server_version) {
976 'CAS proxies are not supported in CAS ' . $server_version
987 'this version of CAS (`' . $server_version
988 .
'\') is not supported by
phpCAS ' . phpCAS::getVersion()
991 $this->_server['version
'] = $server_version;
994 if (empty($server_hostname)
995 || !preg_match('/[\.\d\-abcdefghijklmnopqrstuvwxyz]*/
', $server_hostname)
997 phpCAS::error('bad
CAS server hostname (`
' . $server_hostname . '\
')');
999 $this->_server[
'hostname'] = $server_hostname;
1002 if ($server_port == 0
1003 || !is_int($server_port)
1005 phpCAS::error(
'bad CAS server port (`' . $server_hostname .
'\')
');
1007 $this->_server['port
'] = $server_port;
1010 if (!preg_match('/[\.\d\-_abcdefghijklmnopqrstuvwxyz\/]*/
', $server_uri)) {
1011 phpCAS::error('bad
CAS server URI (`
' . $server_uri . '\
')');
1014 if (strstr($server_uri,
'?') ===
false) {
1017 $server_uri = preg_replace(
'/\/\//',
'/',
'/' . $server_uri);
1018 $this->_server[
'uri'] = $server_uri;
1029 'CAS proxies must be secured to use phpCAS; PGT\'s will not be received from the CAS server'
1035 $ticket = (isset(
$_GET[
'ticket']) ?
$_GET[
'ticket'] :
null);
1036 if (preg_match(
'/^[SP]T-/', $ticket)) {
1038 $this->setTicket($ticket);
1039 unset($_GET['ticket
']);
1040 } elseif (!empty($ticket)) {
1041 //ill-formed ticket, halt
1043 'ill-formed ticket found in the URL (ticket=`
'
1044 . htmlentities($ticket) . '\
')'
1080 $this->_change_session_id = $allowed;
1123 $this->_user = $user;
1153 if (empty($this->_user)) {
1155 'this method should be used only after ' . __CLASS__
1156 .
'::forceAuthentication() or ' . __CLASS__ .
'::isAuthenticated()'
1193 if (empty($this->_user)) {
1196 'this method should be used only after ' . __CLASS__
1197 .
'::forceAuthentication() or ' . __CLASS__ .
'::isAuthenticated()'
1213 return !empty($this->_attributes);
1239 return (is_array($this->_attributes)
1240 && array_key_exists($key, $this->_attributes));
1256 return $this->_attributes[$key];
1271 if (isset(
$_SESSION[
'phpCAS'][
'auth_checked'])) {
1272 unset(
$_SESSION[
'phpCAS'][
'auth_checked']);
1302 if (isset(
$_SESSION[
'phpCAS'][
'auth_checked'])) {
1303 unset(
$_SESSION[
'phpCAS'][
'auth_checked']);
1330 if (gettype(
$n) !=
'integer') {
1334 $this->_cache_times_for_auth_recheck =
$n;
1351 unset(
$_SESSION[
'phpCAS'][
'auth_checked']);
1353 } elseif (isset(
$_SESSION[
'phpCAS'][
'auth_checked'])) {
1356 unset(
$_SESSION[
'phpCAS'][
'auth_checked']);
1360 if (!isset(
$_SESSION[
'phpCAS'][
'unauth_count'])) {
1361 $_SESSION[
'phpCAS'][
'unauth_count'] = -2;
1364 if ((
$_SESSION[
'phpCAS'][
'unauth_count'] != -2
1365 && $this->_cache_times_for_auth_recheck == -1)
1366 || (
$_SESSION[
'phpCAS'][
'unauth_count'] >= 0
1367 &&
$_SESSION[
'phpCAS'][
'unauth_count'] < $this->_cache_times_for_auth_recheck)
1371 if ($this->_cache_times_for_auth_recheck != -1) {
1374 'user is not authenticated (cached for '
1375 .
$_SESSION[
'phpCAS'][
'unauth_count'] .
' times of '
1376 . $this->_cache_times_for_auth_recheck .
')'
1380 'user is not authenticated (cached for until login pressed)'
1384 $_SESSION[
'phpCAS'][
'unauth_count'] = 0;
1385 $_SESSION[
'phpCAS'][
'auth_checked'] =
true;
1414 'ticket was present and will be discarded, use renewAuthenticate()'
1416 if ($this->_clearTicketsFromUrl) {
1418 session_write_close();
1419 header(
'Location: ' . $this->
getURL());
1425 'Already authenticated, but skipping ticket clearing since setNoClearTicketsFromUrl() was used.'
1433 'user was already authenticated, no need to look for tickets'
1447 'CAS 1.0 ticket `' . $this->
getTicket() .
'\' is present
'
1449 $this->validateCAS10(
1454 ); // if it fails, it halts
1456 'CAS 1.0 ticket `
' . $this->getTicket() . '\
' was validated'
1468 $this->validateCAS20(
1473 ); // note: if it fails, it halts
1475 'CAS ' . $this->getServerVersion() . ' ticket `
' . $this->getTicket() . '\
' was validated'
1484 $_SESSION['phpCAS']['pgt
'] = $this->_getPGT();
1486 $_SESSION['phpCAS']['user'] = $this->_getUser();
1487 if (!empty($this->_attributes)) {
1488 $_SESSION['phpCAS']['attributes
'] = $this->_attributes;
1490 $proxies = $this->getProxies();
1491 if (!empty($proxies)) {
1492 $_SESSION['phpCAS']['proxies
'] = $this->getProxies();
1495 $logoutTicket = $this->getTicket();
1497 case SAML_VERSION_1_1:
1498 // if we have a SAML ticket, validate it.
1500 'SAML 1.1 ticket `
' . $this->getTicket() . '\
' is present'
1509 'SAML 1.1 ticket `' . $this->
getTicket() .
'\' was validated
'
1511 $_SESSION['phpCAS']['user'] = $this->_getUser();
1512 $_SESSION['phpCAS']['attributes
'] = $this->_attributes;
1514 $logoutTicket = $this->getTicket();
1517 phpCAS::trace('Protocoll
error');
1521 // no ticket given, not authenticated
1522 phpCAS::trace('no ticket found
');
1525 // Mark the auth-check as complete to allow post-authentication
1526 // callbacks to make use of phpCAS::getUser() and similar methods
1527 $this->markAuthenticationCall($res);
1530 // call the post-authenticate callback if registered.
1531 if ($this->_postAuthenticateCallbackFunction) {
1532 $args = $this->_postAuthenticateCallbackArgs;
1533 array_unshift($args, $logoutTicket);
1534 call_user_func_array(
1535 $this->_postAuthenticateCallbackFunction,
1540 // if called with a ticket parameter, we need to redirect to the
1541 // app without the ticket so that CAS-ification is transparent
1542 // to the browser (for later POSTS) most of the checks and
1543 // errors should have been made now, so we're safe
for redirect
1546 if ($this->_clearTicketsFromUrl) {
1548 session_write_close();
1549 header(
'Location: ' . $this->
getURL());
1567 return !empty(
$_SESSION[
'phpCAS'][
'user']);
1599 if (isset(
$_SESSION[
'phpCAS'][
'attributes'])) {
1604 'user = `' .
$_SESSION[
'phpCAS'][
'user'] .
'\', PGT = `
'
1605 . $_SESSION['phpCAS']['pgt
'] . '\
''
1609 if (isset(
$_SESSION[
'phpCAS'][
'proxies'])) {
1613 . implode(
'", "',
$_SESSION[
'phpCAS'][
'proxies']) .
'"'
1623 'username found (`' .
$_SESSION[
'phpCAS'][
'user']
1624 .
'\') but PGT is empty
'
1626 // unset all tickets to enforce authentication
1627 unset($_SESSION['phpCAS']);
1628 $this->setTicket('');
1629 } elseif (!$this->isSessionAuthenticated()
1630 && !empty($_SESSION['phpCAS']['pgt
'])
1632 // these two variables should be empty or not empty at the same time
1634 'PGT found (`
' . $_SESSION['phpCAS']['pgt
']
1635 . '\
') but username is empty'
1648 if (isset(
$_SESSION[
'phpCAS'][
'attributes'])) {
1654 if (isset(
$_SESSION[
'phpCAS'][
'proxies'])) {
1658 . implode(
'", "',
$_SESSION[
'phpCAS'][
'proxies']) .
'"'
1686 session_write_close();
1687 if (php_sapi_name() ===
'cli') {
1688 @header(
'Location: ' . $cas_url);
1690 header(
'Location: ' . $cas_url);
1695 printf(
'<p>' .
$lang->getShouldHaveBeenRedirected() .
'</p>', $cas_url);
1714 $paramSeparator =
'?';
1715 if (isset($params[
'url'])) {
1716 $cas_url = $cas_url . $paramSeparator .
"url="
1717 . urlencode($params[
'url']);
1718 $paramSeparator =
'&';
1720 if (isset($params[
'service'])) {
1721 $cas_url = $cas_url . $paramSeparator .
"service="
1722 . urlencode($params[
'service']);
1724 header(
'Location: ' . $cas_url);
1730 if (session_status() === PHP_SESSION_NONE) {
1738 printf(
'<p>' .
$lang->getShouldHaveBeenRedirected() .
'</p>', $cas_url);
1751 return !empty(
$_POST[
'logoutRequest']);
1773 && is_null($this->_signoutCallbackFunction)
1776 "phpCAS can't handle logout requests if it is not allowed to change session_id."
1780 $decoded_logout_rq = urldecode(
$_POST[
'logoutRequest']);
1783 if ($check_client) {
1784 if (!$allowed_clients) {
1787 $client_ip =
$_SERVER[
'REMOTE_ADDR'];
1788 $client = gethostbyaddr($client_ip);
1790 foreach ($allowed_clients as $allowed_client) {
1791 if ((
$client == $allowed_client)
1792 || ($client_ip == $allowed_client)
1795 "Allowed client '" . $allowed_client
1796 .
"' matches, logout request is allowed"
1802 "Allowed client '" . $allowed_client .
"' does not match"
1819 "|<samlp:SessionIndex>(.*)</samlp:SessionIndex>|",
1822 PREG_OFFSET_CAPTURE,
1825 $wrappedSamlSessionIndex = preg_replace(
1826 '|<samlp:SessionIndex>|',
1830 $ticket2logout = preg_replace(
1831 '|</samlp:SessionIndex>|',
1833 $wrappedSamlSessionIndex
1838 if ($this->_signoutCallbackFunction) {
1840 array_unshift($args, $ticket2logout);
1841 call_user_func_array($this->_signoutCallbackFunction, $args);
1847 $session_id = preg_replace(
'/[^a-zA-Z0-9\-]/',
'', $ticket2logout);
1851 if (session_id() !==
"") {
1856 session_id($session_id);
1857 $_COOKIE[session_name()] = $session_id;
1858 $_GET[session_name()] = $session_id;
1919 $this->_ticket = $st;
1929 return !empty($this->_ticket);
1982 if (gettype($cert) !=
'string') {
1985 if (gettype($validate_cn) !=
'boolean') {
1988 if (!file_exists($cert) && $this->_requestImplementation !==
'CAS_TestHarness_DummyRequest') {
1991 $this->_cas_server_ca_cert = $cert;
1992 $this->_cas_server_cn_validate = $validate_cn;
2002 $this->_no_cas_server_validation =
true;
2020 public function validateCAS10(&$validate_url, &$text_response, &$tree_response, $renew =
false)
2026 .
'&ticket=' . urlencode($this->
getTicket());
2030 $validate_url .=
'&renew=true';
2034 if (!$this->
_readURL($validate_url, $headers, $text_response, $err_msg)) {
2036 'could not open URL \'' . $validate_url .
'\' to validate (
' . $err_msg . ')
'
2038 throw new CAS_AuthenticationException(
2040 'CAS 1.0 ticket not validated
',
2042 true/*$no_response*/
2047 if (preg_match('/^no\n/
', $text_response)) {
2048 phpCAS::trace('Ticket
has not been validated
');
2049 throw new CAS_AuthenticationException(
2053 false/*$no_response*/,
2054 false/*$bad_response*/,
2058 } elseif (!preg_match('/^yes\n/
', $text_response)) {
2059 phpCAS::trace('ill-formed response
');
2060 throw new CAS_AuthenticationException(
2062 'Ticket not validated
',
2064 false/*$no_response*/,
2065 true/*$bad_response*/,
2070 // ticket has been validated, extract the user name
2071 $arr = preg_split('/\n/
', $text_response);
2072 $this->_setUser(trim($arr[1]));
2076 $this->_renameSession($this->getTicket());
2078 // at this step, ticket has been validated and $this->_user has been set,
2079 phpCAS::traceEnd(true);
2086 // ########################################################################
2088 // ########################################################################
2110 public function validateSA(&$validate_url, &$text_response, &$tree_response, $renew = false)
2112 phpCAS::traceBegin();
2114 // build the URL to validate the ticket
2115 $validate_url = $this->getServerSamlValidateURL();
2119 $validate_url .= '&renew=
true';
2122 // open and read the URL
2123 if (!$this->_readURL($validate_url, $headers, $text_response, $err_msg)) {
2125 'could not open URL \
'' . $validate_url .
'\' to validate (
' . $err_msg . ')
'
2127 throw new CAS_AuthenticationException(
2131 true/*$no_response*/
2135 phpCAS::trace('server version:
' . $this->getServerVersion());
2137 // analyze the result depending on the version
2138 switch ($this->getServerVersion()) {
2139 case SAML_VERSION_1_1:
2140 // create new DOMDocument Object
2141 $dom = new DOMDocument();
2142 // Fix possible whitspace problems
2143 $dom->preserveWhiteSpace = false;
2144 // read the response of the CAS server into a DOM object
2145 if (!($dom->loadXML($text_response))) {
2146 phpCAS::trace('dom->loadXML() failed
');
2147 throw new CAS_AuthenticationException(
2151 false/*$no_response*/,
2152 true/*$bad_response*/,
2157 // read the root node of the XML tree
2158 if (!($tree_response = $dom->documentElement)) {
2159 phpCAS::trace('documentElement() failed
');
2160 throw new CAS_AuthenticationException(
2164 false/*$no_response*/,
2165 true/*$bad_response*/,
2169 } elseif ($tree_response->localName != 'Envelope
') {
2170 // insure that tag name is 'Envelope
'
2172 'bad XML root node (should be `Envelope\
' instead of `'
2173 . $tree_response->localName .
'\''
2184 } elseif ($tree_response->getElementsByTagName(
"NameIdentifier")->length != 0) {
2186 $success_elements = $tree_response->getElementsByTagName(
"NameIdentifier");
2188 $user = trim($success_elements->item(0)->nodeValue);
2194 phpCAS::trace(
'no <NameIdentifier> tag found in SAML payload');
2228 $attr_array = array();
2231 $dom =
new DOMDocument();
2233 $dom->preserveWhiteSpace =
false;
2234 if (($dom->loadXML($text_response))) {
2235 $xPath =
new DOMXpath($dom);
2236 $xPath->registerNamespace(
'samlp',
'urn:oasis:names:tc:SAML:1.0:protocol');
2237 $xPath->registerNamespace(
'saml',
'urn:oasis:names:tc:SAML:1.0:assertion');
2238 $nodelist = $xPath->query(
"//saml:Attribute");
2241 foreach ($nodelist as $node) {
2242 $xres = $xPath->query(
"saml:AttributeValue", $node);
2243 $name = $node->getAttribute(
"AttributeName");
2244 $value_array = array();
2245 foreach ($xres as $node2) {
2246 $value_array[] = $node2->nodeValue;
2248 $attr_array[
$name] = $value_array;
2251 foreach ($attr_array as $attr_key => $attr_value) {
2252 if (count($attr_value) > 1) {
2253 $this->_attributes[$attr_key] = $attr_value;
2254 phpCAS::trace(
"* " . $attr_key .
"=" . print_r($attr_value,
true));
2256 $this->_attributes[$attr_key] = $attr_value[0];
2355 return !empty($this->_pgt);
2390 $this->_callback_mode = $callback_mode;
2423 if (empty($this->_callback_url)) {
2426 $final_uri =
'https://';
2428 $request_uri =
$_SERVER[
'REQUEST_URI'];
2429 $request_uri = preg_replace(
'/\?.*$/',
'', $request_uri);
2430 $final_uri .= $request_uri;
2431 $this->_callback_url = $final_uri;
2448 if (gettype(
$url) !=
'string') {
2452 return $this->_callback_url =
$url;
2464 if (preg_match(
'/PGTIOU-[\.\-\w]/',
$_GET[
'pgtIou'])) {
2465 if (preg_match(
'/[PT]GT-[\.\-\w]/',
$_GET[
'pgtId'])) {
2467 $pgt_iou =
$_GET[
'pgtIou'];
2468 $pgt =
$_GET[
'pgtId'];
2469 phpCAS::trace(
'Storing PGT `' . $pgt .
'\' (
id=`
' . $pgt_iou . '\
')');
2470 echo
'<p>Storing PGT `' . $pgt .
'\' (
id=`
' . $pgt_iou . '\
').</p>';
2519 if (!is_object($this->_pgt_storage)) {
2524 $this->_pgt_storage->init();
2540 $this->_pgt_storage->write($pgt, $pgt_iou);
2556 return $this->_pgt_storage->read($pgt_iou);
2573 if (is_object($this->_pgt_storage)) {
2583 $this->_pgt_storage = $storage;
2608 $driver_options =
null
2614 if ((is_object($dsn_or_pdo) && !($dsn_or_pdo instanceof PDO)) || gettype($dsn_or_pdo) !=
'string') {
2617 if (gettype($username) !=
'string') {
2623 if (gettype($table) !=
'string') {
2654 if (gettype($path) !=
'string') {
2680 private function _validatePGT(&$validate_url, $text_response, $tree_response)
2683 if ($tree_response->getElementsByTagName(
"proxyGrantingTicket")->length == 0) {
2688 'Ticket validated but no PGT Iou transmitted',
2697 $tree_response->getElementsByTagName(
"proxyGrantingTicket")->item(0)->nodeValue
2699 if (preg_match(
'/PGTIOU-[\.\-\w]/', $pgt_iou)) {
2701 if ($pgt ==
false) {
2705 'PGT Iou was transmitted but PGT could not be retrieved',
2717 'PGT Iou was transmitted but has wrong format',
2742 public function retrievePT($target_service, &$err_code, &$err_msg)
2745 if (gettype($target_service) !=
'string') {
2759 . urlencode($target_service) .
'&pgt=' . $this->
_getPGT();
2762 if (!$this->
_readURL($cas_url, $headers, $cas_response, $err_msg)) {
2764 'could not open URL \'' . $cas_url .
'\' to validate (
' . $err_msg . ')
'
2766 $err_code = PHPCAS_SERVICE_PT_NO_SERVER_RESPONSE;
2767 $err_msg = 'could not retrieve PT (no response from the
CAS server)
';
2768 phpCAS::traceEnd(false);
2772 $bad_response = false;
2774 if (!$bad_response) {
2775 // create new DOMDocument object
2776 $dom = new DOMDocument();
2777 // Fix possible whitspace problems
2778 $dom->preserveWhiteSpace = false;
2779 // read the response of the CAS server into a DOM object
2780 if (!($dom->loadXML($cas_response))) {
2781 phpCAS::trace('dom->loadXML() failed
');
2783 $bad_response = true;
2787 if (!$bad_response) {
2788 // read the root node of the XML tree
2789 if (!($root = $dom->documentElement)) {
2790 phpCAS::trace('documentElement failed
');
2792 $bad_response = true;
2796 if (!$bad_response) {
2797 // insure that tag name is 'serviceResponse
'
2798 if ($root->localName != 'serviceResponse
') {
2799 phpCAS::trace('localName failed
');
2801 $bad_response = true;
2805 if (!$bad_response) {
2806 // look for a proxySuccess tag
2807 if ($root->getElementsByTagName("proxySuccess")->length != 0) {
2808 $proxy_success_list = $root->getElementsByTagName("proxySuccess");
2810 // authentication succeded, look for a proxyTicket tag
2811 if ($proxy_success_list->item(0)->getElementsByTagName("proxyTicket")->length != 0) {
2812 $err_code = PHPCAS_SERVICE_OK;
2815 $proxy_success_list->item(0)->getElementsByTagName("proxyTicket")->item(0)->nodeValue
2817 phpCAS::trace('original PT:
' . trim($pt));
2818 phpCAS::traceEnd($pt);
2821 phpCAS::trace('<proxySuccess> was found, but not <proxyTicket>
');
2823 } elseif ($root->getElementsByTagName("proxyFailure")->length != 0) {
2824 // look for a proxyFailure tag
2825 $proxy_failure_list = $root->getElementsByTagName("proxyFailure");
2827 // authentication failed, extract the error
2828 $err_code = PHPCAS_SERVICE_PT_FAILURE;
2829 $err_msg = 'PT retrieving failed (code=`
'
2830 . $proxy_failure_list->item(0)->getAttribute('code
')
2832 . trim($proxy_failure_list->item(0)->nodeValue)
2834 phpCAS::traceEnd(false);
2837 phpCAS::trace('neither <proxySuccess> nor <proxyFailure> found
');
2841 // at this step, we are sure that the response of the CAS server was
2843 $err_code = PHPCAS_SERVICE_PT_BAD_SERVER_RESPONSE;
2844 $err_msg = 'Invalid response from the
CAS server (response=`
'
2845 . $cas_response . '\
')';
2879 $request =
new $className();
2881 if (count($this->_curl_options)) {
2882 $request->setCurlOptions($this->_curl_options);
2885 $request->setUrl(
$url);
2887 if (empty($this->_cas_server_ca_cert) && !$this->_no_cas_server_validation) {
2889 'one of the methods phpCAS::setCasServerCACert() or phpCAS::setNoCasServerValidation() must be called.'
2892 if ($this->_cas_server_ca_cert !=
'') {
2893 $request->setSslCaCert(
2894 $this->_cas_server_ca_cert,
2895 $this->_cas_server_cn_validate
2901 $request->addHeader(
"soapaction: http://www.oasis-open.org/committees/security");
2902 $request->addHeader(
"cache-control: no-cache");
2903 $request->addHeader(
"pragma: no-cache");
2904 $request->addHeader(
"accept: text/xml");
2905 $request->addHeader(
"connection: keep-alive");
2906 $request->addHeader(
"content-type: text/xml");
2907 $request->makePost();
2911 if ($request->send()) {
2912 $headers = $request->getResponseHeaders();
2913 $body = $request->getResponseBody();
2920 $err_msg = $request->getErrorMessage();
2975 if (gettype(
$type) !=
'string') {
2983 $request =
new $requestClass();
2984 if (count($this->_curl_options)) {
2985 $request->setCurlOptions($this->_curl_options);
2987 $proxiedService =
new $type($request, $this->_serviceCookieJar);
2989 $proxiedService->setCasClient($this);
2991 return $proxiedService;
2995 $proxiedService->setCasClient($this);
2997 return $proxiedService;
3000 "Unknown proxied-service type, $type."
3027 if (!is_string(
$url)) {
3029 "Proxied Service " . get_class($proxiedService)
3030 .
"->getServiceUrl() should have returned a string, returned a "
3031 . gettype(
$url) .
" instead."
3062 if (gettype(
$url) !=
'string') {
3070 $output =
$service->getResponseBody();
3074 $err_code =
$e->getCode();
3075 $output =
$e->getMessage();
3080 $lang->getServiceUnavailable(),
3115 if (gettype(
$url) !=
'string') {
3118 if (gettype($serviceUrl) !=
'string') {
3121 if (gettype($flags) !=
'integer') {
3127 $service->setServiceUrl($serviceUrl);
3133 $pt =
$service->getImapProxyTicket();
3136 $err_msg =
$e->getMessage();
3137 $err_code =
$e->getCode();
3143 $lang->getServiceUnavailable(),
3205 $this->_proxies = $proxies;
3206 if (!empty($proxies)) {
3232 if (empty($this->_allowed_proxy_chains)) {
3259 public function validateCAS20(&$validate_url, &$text_response, &$tree_response, $renew =
false)
3280 $validate_url .=
'&renew=true';
3284 if (!$this->
_readURL($validate_url, $headers, $text_response, $err_msg)) {
3286 'could not open URL \'' . $validate_url .
'\' to validate (
' . $err_msg . ')
'
3288 throw new CAS_AuthenticationException(
3290 'Ticket not validated
',
3292 true/*$no_response*/
3297 // create new DOMDocument object
3298 $dom = new DOMDocument();
3299 // Fix possible whitspace problems
3300 $dom->preserveWhiteSpace = false;
3301 // CAS servers should only return data in utf-8
3302 $dom->encoding = "utf-8";
3303 // read the response of the CAS server into a DOMDocument object
3304 if (!($dom->loadXML($text_response))) {
3306 throw new CAS_AuthenticationException(
3308 'Ticket not validated
',
3310 false/*$no_response*/,
3311 true/*$bad_response*/,
3315 } elseif (!($tree_response = $dom->documentElement)) {
3316 // read the root node of the XML tree
3318 throw new CAS_AuthenticationException(
3320 'Ticket not validated
',
3322 false/*$no_response*/,
3323 true/*$bad_response*/,
3327 } elseif ($tree_response->localName != 'serviceResponse
') {
3328 // insure that tag name is 'serviceResponse
'
3330 throw new CAS_AuthenticationException(
3332 'Ticket not validated
',
3334 false/*$no_response*/,
3335 true/*$bad_response*/,
3339 } elseif ($tree_response->getElementsByTagName("authenticationFailure")->length != 0) {
3340 // authentication failed, extract the error code and message and throw exception
3341 $auth_fail_list = $tree_response
3342 ->getElementsByTagName("authenticationFailure");
3343 throw new CAS_AuthenticationException(
3345 'Ticket not validated
',
3347 false/*$no_response*/,
3348 false/*$bad_response*/,
3350 $auth_fail_list->item(0)->getAttribute('code
')/*$err_code*/,
3351 trim($auth_fail_list->item(0)->nodeValue)/*$err_msg*/
3354 } elseif ($tree_response->getElementsByTagName("authenticationSuccess")->length != 0) {
3355 // authentication succeded, extract the user name
3356 $success_elements = $tree_response
3357 ->getElementsByTagName("authenticationSuccess");
3358 if ($success_elements->item(0)->getElementsByTagName("user")->length == 0) {
3359 // no user specified => error
3360 throw new CAS_AuthenticationException(
3362 'Ticket not validated
',
3364 false/*$no_response*/,
3365 true/*$bad_response*/,
3372 $success_elements->item(0)->getElementsByTagName("user")->item(0)->nodeValue
3375 $this->_readExtraAttributesCas20($success_elements);
3376 // Store the proxies we are sitting behind for authorization checking
3377 $proxyList = array();
3378 if (sizeof($arr = $success_elements->item(0)->getElementsByTagName("proxy")) > 0) {
3379 foreach ($arr as $proxyElem) {
3380 phpCAS::trace("Found Proxy: " . $proxyElem->nodeValue);
3381 $proxyList[] = trim($proxyElem->nodeValue);
3383 $this->_setProxies($proxyList);
3384 phpCAS::trace("Storing Proxy List");
3386 // Check if the proxies in front of us are allowed
3387 if (!$this->getAllowedProxyChains()->isProxyListAllowed($proxyList)) {
3388 throw new CAS_AuthenticationException(
3390 'Proxy not allowed
',
3392 false/*$no_response*/,
3393 true/*$bad_response*/,
3402 throw new CAS_AuthenticationException(
3404 'Ticket not validated
',
3406 false/*$no_response*/,
3407 true/*$bad_response*/,
3413 $this->_renameSession($this->getTicket());
3415 // at this step, Ticket has been validated and $this->_user has been set,
3417 phpCAS::traceEnd($result);
3431 private function _readExtraAttributesCas20($success_elements)
3433 phpCAS::traceBegin();
3435 $extra_attributes = array();
3437 // "Jasig Style" Attributes:
3439 // <cas:serviceResponse xmlns:cas='http:
3453 if ($this->_casAttributeParserCallbackFunction !==
null
3454 && is_callable($this->_casAttributeParserCallbackFunction)
3456 array_unshift($this->_casAttributeParserCallbackArgs, $success_elements->item(0));
3457 phpCas :: trace(
"Calling attritubeParser callback");
3458 $extra_attributes = call_user_func_array(
3459 $this->_casAttributeParserCallbackFunction,
3460 $this->_casAttributeParserCallbackArgs
3462 } elseif ($success_elements->item(0)->getElementsByTagName(
"attributes")->length != 0) {
3463 $attr_nodes = $success_elements->item(0)
3464 ->getElementsByTagName(
"attributes");
3465 phpCas :: trace(
"Found nested jasig style attributes");
3466 if ($attr_nodes->item(0)->hasChildNodes()) {
3468 foreach ($attr_nodes->item(0)->childNodes as $attr_child) {
3470 "Attribute [" . $attr_child->localName .
"] = "
3471 . $attr_child->nodeValue
3475 $attr_child->localName,
3476 $attr_child->nodeValue
3497 phpCas :: trace(
"Testing for rubycas style attributes");
3498 $childnodes = $success_elements->item(0)->childNodes;
3499 foreach ($childnodes as $attr_node) {
3500 switch ($attr_node->localName) {
3503 case 'proxyGrantingTicket':
3506 if (strlen(trim($attr_node->nodeValue))) {
3508 "Attribute [" . $attr_node->localName .
"] = " . $attr_node->nodeValue
3512 $attr_node->localName,
3513 $attr_node->nodeValue
3540 if (!count($extra_attributes)
3541 && $success_elements->item(0)->getElementsByTagName(
"attribute")->length != 0
3543 $attr_nodes = $success_elements->item(0)
3544 ->getElementsByTagName(
"attribute");
3545 $firstAttr = $attr_nodes->item(0);
3546 if (!$firstAttr->hasChildNodes()
3547 && $firstAttr->hasAttribute(
'name')
3548 && $firstAttr->hasAttribute(
'value')
3550 phpCas :: trace(
"Found Name-Value style attributes");
3552 foreach ($attr_nodes as $attr_node) {
3553 if ($attr_node->hasAttribute(
'name')
3554 && $attr_node->hasAttribute(
'value')
3557 "Attribute [" . $attr_node->getAttribute(
'name')
3558 .
"] = " . $attr_node->getAttribute(
'value')
3562 $attr_node->getAttribute(
'name'),
3563 $attr_node->getAttribute(
'value')
3587 if (isset($attributeArray[
$name])) {
3589 if (!is_array($attributeArray[
$name])) {
3590 $existingValue = $attributeArray[
$name];
3591 $attributeArray[
$name] = array($existingValue);
3594 $attributeArray[
$name][] = trim($value);
3596 $attributeArray[
$name] = trim($value);
3635 if (gettype(
$url) !=
'string') {
3652 if (empty($this->_url)) {
3655 $final_uri = ($this->
_isHttps()) ?
'https' :
'http';
3656 $final_uri .=
'://';
3659 $request_uri = explode(
'?',
$_SERVER[
'REQUEST_URI'], 2);
3660 $final_uri .= $request_uri[0];
3662 if (isset($request_uri[1]) && $request_uri[1]) {
3667 if ($query_string !==
'') {
3668 $final_uri .=
"?$query_string";
3673 $this->
setURL($final_uri);
3689 if (gettype(
$url) !=
'string') {
3693 return $this->_server[
'base_url'] =
$url;
3705 if (!empty(
$_SERVER[
'HTTP_X_FORWARDED_HOST'])) {
3707 $hosts = explode(
',',
$_SERVER[
'HTTP_X_FORWARDED_HOST']);
3710 } elseif (!empty(
$_SERVER[
'HTTP_X_FORWARDED_SERVER'])) {
3711 $server_url =
$_SERVER[
'HTTP_X_FORWARDED_SERVER'];
3713 if (empty(
$_SERVER[
'SERVER_NAME'])) {
3714 $server_url =
$_SERVER[
'HTTP_HOST'];
3716 $server_url =
$_SERVER[
'SERVER_NAME'];
3719 if (!strpos($server_url,
':')) {
3720 if (empty(
$_SERVER[
'HTTP_X_FORWARDED_PORT'])) {
3721 $server_port =
$_SERVER[
'SERVER_PORT'];
3723 $ports = explode(
',',
$_SERVER[
'HTTP_X_FORWARDED_PORT']);
3724 $server_port = $ports[0];
3727 if (($this->
_isHttps() && $server_port != 443)
3728 || (!$this->
_isHttps() && $server_port != 80)
3731 $server_url .= $server_port;
3744 if (!empty(
$_SERVER[
'HTTP_X_FORWARDED_PROTO'])) {
3745 return (
$_SERVER[
'HTTP_X_FORWARDED_PROTO'] ===
'https');
3746 } elseif (!empty(
$_SERVER[
'HTTP_X_FORWARDED_PROTOCOL'])) {
3747 return (
$_SERVER[
'HTTP_X_FORWARDED_PROTOCOL'] ===
'https');
3750 && strcasecmp(
$_SERVER[
'HTTPS'],
'off') !== 0
3769 $parameterName = preg_quote($parameterName);
3770 return preg_replace(
3771 "/&$parameterName(=[^&]*)?|^$parameterName(=[^&]*)?&?/",
3789 $url .= (strstr(
$url,
'?') ===
false) ?
'?' :
'&';
3805 if (!empty($this->_user)) {
3810 $session_id = preg_replace(
'/[^a-zA-Z0-9\-]/',
'', $ticket);
3812 session_id($session_id);
3818 'Session should only be renamed after successfull authentication'
3823 "Skipping session rename since phpCAS is not handling the session."
3862 $lang->getYouWereNotAuthenticated(),
3863 htmlentities($this->
getURL()),
3871 if ($bad_response) {
3880 if (empty($err_code)) {
3884 'Reason: [' . $err_code .
'] CAS error: ' . $err_msg
3925 if (preg_match(
"/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/", $nodeURL)) {
3944 if (!(
bool) preg_match(
"/^(http|https):\/\/([A-Z0-9][A-Z0-9_-]*(?:\.[A-Z0-9][A-Z0-9_-]*)+):?(\d+)?\/?/i", $rebroadcastNodeUrl)) {
3950 $this->_rebroadcast_nodes[] = $rebroadcastNodeUrl;
3968 if (gettype($header) !=
'string') {
3972 $this->_rebroadcast_headers[] = $header;
3992 $rebroadcast_curl_options = array(
3993 CURLOPT_FAILONERROR => 1,
3994 CURLOPT_FOLLOWLOCATION => 1,
3995 CURLOPT_RETURNTRANSFER => 1,
3996 CURLOPT_CONNECTTIMEOUT => 1,
3997 CURLOPT_TIMEOUT => 4);
4000 if (!empty(
$_SERVER[
'SERVER_ADDR'])) {
4002 } elseif (!empty(
$_SERVER[
'LOCAL_ADDR'])) {
4008 $dns = gethostbyaddr($ip);
4010 $multiClassName =
'CAS_Request_CurlMultiRequest';
4011 $multiRequest =
new $multiClassName();
4014 if ((($this->
_getNodeType($this->_rebroadcast_nodes[
$i]) == self::HOSTNAME) && !empty($dns) && (stripos($this->_rebroadcast_nodes[
$i], $dns) ===
false))
4015 || (($this->
_getNodeType($this->_rebroadcast_nodes[
$i]) ==
self::IP) && !empty($ip) && (stripos($this->_rebroadcast_nodes[
$i], $ip) ===
false))
4018 'Rebroadcast target URL: ' . $this->_rebroadcast_nodes[
$i]
4022 $request =
new $className();
4025 $request->setUrl(
$url);
4027 if (count($this->_rebroadcast_headers)) {
4028 $request->addHeaders($this->_rebroadcast_headers);
4031 $request->makePost();
4032 if (
$type == self::LOGOUT) {
4034 $request->setPostBody(
4035 'rebroadcast=false&logoutRequest=' .
$_POST[
'logoutRequest']
4037 } elseif (
$type == self::PGTIOU) {
4039 $request->setPostBody(
'rebroadcast=false');
4042 $request->setCurlOptions($rebroadcast_curl_options);
4044 $multiRequest->addRequest($request);
4047 'Rebroadcast not sent to self: '
4048 . $this->_rebroadcast_nodes[
$i] .
' == ' . (!empty($ip)?$ip:
'')
4049 .
'/' . (!empty($dns)?$dns:
'')
4054 if ($multiRequest->getNumRequests() > 0) {
4055 $multiRequest->send();
This interface defines methods that allow proxy-authenticated service handlers to interact with phpCA...
The CAS_Client class is a client interface that provides CAS authentication to PHP applications.
This class provides access to service cookies and handles parsing of response headers to pull out coo...
An exception for terminatinating execution or to throw for unit testing.
Exception that denotes invalid arguments were passed.
This class defines Exceptions that should be thrown when the sequence of operations is invalid.
This class defines Exceptions that should be thrown when the sequence of operations is invalid.
This class defines Exceptions that should be thrown when the sequence of operations is invalid.
Basic class for PGT storage The CAS_PGTStorage_AbstractStorage class is a generic class for PGT stora...
Basic class for PGT database storage The CAS_PGTStorage_Db class is a class for PGT database storage.
The CAS_PGTStorage_File class is a class for PGT file storage.
An Exception for problems communicating with a proxied service.
Provides access to a proxy-authenticated IMAP stream.
ProxyChain is a container for storing chains of valid proxies that can be used to validate proxied re...
An Exception for errors related to fetching or validating proxy tickets.
Licensed to Jasig under one or more contributor license agreements.
error($a_errmsg)
set error message @access public
The phpCAS class is a simple container for the phpCAS library.
if($_SERVER['argc']< 4) $client
getUser()
This method returns the CAS user's login name.
$_user
The Authenticated user.
_hasAttribute($key)
Check whether a specific attribute with a name is available.
getAttributes()
Get an key values arry of attributes.
hasAttribute($key)
Check whether a specific attribute with a name is available.
checkAuthentication()
This method is called to check whether the user is authenticated or not.
isSessionAuthenticated()
This method tells if the current session is authenticated.
_setUser($user)
This method sets the CAS user's login name.
$_cache_times_for_auth_recheck
An integer that gives the number of times authentication will be cached before rechecked.
isAuthenticated($renew=false)
This method is called to check if the user is authenticated (previously or by tickets given in the UR...
getAttribute($key)
Get a specific attribute by name.
setAttributes($attributes)
Set an array of attributes.
hasAttributes()
Check whether attributes are available.
_getUser()
This method returns the CAS user's login name.
_isLogoutRequest()
Check of the current request is a logout request.
setCacheTimesForAuthRecheck($n)
Set the number of times authentication will be cached before rechecked.
_wasPreviouslyAuthenticated()
This method tells if the user has already been (previously) authenticated by looking into the session...
$_attributes
The Authenticated users attributes.
redirectToCas($gateway=false, $renew=false)
This method is used to redirect the client to the CAS server.
logout($params)
This method is used to logout from CAS.
handleLogoutRequests($check_client=true, $allowed_clients=false)
This method handles logout requests.
forceAuthentication()
This method is called to be sure that the user is authenticated.
renewAuthentication()
This method is called to renew the authentication of the user If the user is authenticated,...
$_cas_server_ca_cert
the certificate of the CAS server CA.
hasTicket()
This method tells if a Service Ticket was stored.
getTicket()
This method returns the Service Ticket provided in the URL of the request.
$_ticket
The Ticket provided in the URL of the request if present (empty otherwise).
validateCAS10(&$validate_url, &$text_response, &$tree_response, $renew=false)
This method is used to validate a CAS 1,0 ticket; halt on failure, and sets $validate_url,...
$_cas_server_cn_validate
validate CN of the CAS server certificate
$_no_cas_server_validation
Set to true not to validate the CAS server.
setTicket($st)
This method stores the Service Ticket.
setCasServerCACert($cert, $validate_cn)
Set the CA certificate of the CAS server.
setNoCasServerValidation()
Set no SSL validation for the CAS server.
$_signoutCallbackFunction
$_casAttributeParserCallbackArgs
$_requestImplementation
The class to instantiate for making web requests in readUrl().
wasAuthenticationCallSuccessful()
Answer the result of the authentication call.
$_postAuthenticateCallbackArgs
setRequestImplementation($className)
Override the default implementation used to make web requests in readUrl().
setPostAuthenticateCallback($function, array $additionalArgs=array())
Set a callback function to be run when a user authenticates.
getAuthenticationCallerMethod()
Answer information about the authentication caller.
setSingleSignoutCallback($function, array $additionalArgs=array())
Set a callback function to be run when a single-signout request is received.
$_casAttributeParserCallbackFunction
getAuthenticationCallerFile()
Answer information about the authentication caller.
markAuthenticationCall($auth)
Mark the caller of authentication.
setCasAttributeParserCallback($function, array $additionalArgs=array())
Set a callback function to be run when parsing CAS attributes.
wasAuthenticationCalled()
Answer true if authentication has been checked.
_ensureAuthenticationCalled()
Ensure that authentication was checked.
getAuthenticationCallerLine()
Answer information about the authentication caller.
ensureAuthenticationCallSuccessful()
Ensure that authentication was checked.
$_postAuthenticateCallbackFunction
ensureIsProxy()
Ensure that this is actually a proxy object or fail with an exception.
setNoClearTicketsFromUrl()
Configure the client to not send redirect headers and call exit() on authentication success.
_setCallbackMode($callback_mode)
This method sets/unsets callback mode.
$_callback_url
the URL that should be used for the PGT callback (in fact the URL of the current request without any ...
_callback()
This method is called by CAS_Client::CAS_Client() when running in callback mode.
setCallbackURL($url)
This method sets the callback url.
_getCallbackURL()
This method returns the URL that should be used for the PGT callback (in fact the URL of the current ...
$_callback_mode
each PHP script using phpCAS in proxy mode is its own callback to get the PGT back from the CAS serve...
_isCallbackMode()
This method returns true when the CAs client is running i callback mode, false otherwise.
getServerServiceValidateURL()
This method is used to retrieve the service validating URL of the CAS server.
_getServerHostname()
This method is used to retrieve the hostname of the CAS server.
getServerVersion()
This method is used to retrieve the version of the CAS server.
getServerProxyValidateURL()
This method is used to retrieve the proxy validating URL of the CAS server.
_setChangeSessionID($allowed)
Set a parameter whether to allow phpCas to change session_id.
setServerServiceValidateURL($url)
This method sets the serviceValidate URL of the CAS server.
getChangeSessionID()
Get whether phpCas is allowed to change session_id.
getServerProxyURL()
This method is used to retrieve the proxy URL of the CAS server.
setServerSamlValidateURL($url)
This method sets the samlValidate URL of the CAS server.
getServerLogoutURL()
This method is used to retrieve the logout URL of the CAS server.
setServerLogoutURL($url)
This method sets the logout URL of the CAS server.
__construct( $server_version, $proxy, $server_hostname, $server_port, $server_uri, $changeSessionID=true)
CAS_Client constructor.
getServerLoginURL($gateway=false, $renew=false)
This method is used to retrieve the login URL of the CAS server.
_getServerURI()
This method is used to retrieve the URI of the CAS server.
setExtraCurlOption($key, $value)
This method is used to set additional user curl options.
$_server
a record to store information about the CAS server.
setServerLoginURL($url)
This method sets the login URL of the CAS server.
_getServerPort()
This method is used to retrieve the port of the CAS server.
setServerProxyValidateURL($url)
This method sets the proxyValidate URL of the CAS server.
getServerSamlValidateURL()
This method is used to retrieve the SAML validating URL of the CAS server.
_getServerBaseURL()
This method is used to retrieve the base URL of the CAS server.
$_change_session_id
A variable to whether phpcas will use its own session handling.
$_curl_options
An array to store extra curl options.
setLang($lang)
This method is used to set the language used by phpCAS.
$_lang
A string corresponding to the language used by phpCAS.
const PHPCAS_LANG_DEFAULT
phpCAS default language (when phpCAS::setLang() is not used)
getLangObj()
Create the language.
$_rebroadcast_headers
An array to store extra rebroadcast curl options.
_renameSession($ticket)
Renaming the session.
_buildQueryUrl($url, $query)
This method is used to append query parameters to an url.
_rebroadcast($type)
This method rebroadcasts logout/pgtIou requests.
const HOSTNAME
Constants used for determining rebroadcast node type.
$_rebroadcast
Boolean of whether to rebroadcast pgtIou/pgtId and logoutRequest, and array of the nodes.
const LOGOUT
Constants used for determining rebroadcast type (logout or pgtIou/pgtId).
addRebroadcastHeader($header)
This method is used to add header parameters when rebroadcasting pgtIou/pgtId or logoutRequest.
_authError( $failure, $cas_url, $no_response, $bad_response='', $cas_response='', $err_code='', $err_msg='')
This method is used to print the HTML output when the user was not authenticated.
_buildSAMLPayload()
This method is used to build the SAML POST body sent to /samlValidate URL.
_getNodeType($nodeURL)
Determine the node type from the URL.
setURL($url)
This method sets the URL of the current request.
setBaseURL($url)
This method sets the base URL of the CAS server.
addRebroadcastNode($rebroadcastNodeUrl)
Store the rebroadcast node for pgtIou/pgtId and logout requests.
getURL()
This method returns the URL of the current request (without any ticket CGI parameter).
_removeParameterFromQueryString($parameterName, $queryString)
Removes a parameter from a query string.
_isHttps()
This method checks to see if the request is secured via HTTPS.
_readURL($url, &$headers, &$body, &$err_msg)
This method is used to acces a remote URL.
$_url
the URL of the current request (without any ticket CGI parameter).
_getClientUrl()
Try to figure out the phpCas client URL with possible Proxys / Ports etc.
printHTMLFooter()
This method prints the footer of the HTML output (after filtering).
setHTMLFooter($footer)
This method set the HTML footer used for all outputs.
printHTMLHeader($title)
This method prints the header of the HTML output (after filtering).
setHTMLHeader($header)
This method set the HTML header used for all outputs.
_htmlFilterOutput($str)
This method filters a string by replacing special tokens by appropriate values and prints it.
$_output_footer
A string used to print the footer of HTML pages.
$_output_header
A string used to print the header of HTML pages.
_loadPGT($pgt_iou)
This method reads a PGT from its Iou and deletes the corresponding storage entry.
retrievePT($target_service, &$err_code, &$err_msg)
This method is used to retrieve PT's from the CAS server thanks to a PGT.
_validatePGT(&$validate_url, $text_response, $tree_response)
This method is used to validate a PGT; halt on failure.
setPGTStorage($storage)
This method can be used to set a custom PGT storage object.
_initPGTStorage()
This method is used to initialize the storage of PGT's.
setPGTStorageFile($path='')
This method is used to tell phpCAS to store the response of the CAS server to PGT requests onto the f...
$_pgt_storage
an instance of a class inheriting of PGTStorage, used to deal with PGT storage.
_storePGT($pgt, $pgt_iou)
This method stores a PGT.
setPGTStorageDb( $dsn_or_pdo, $username='', $password='', $table='', $driver_options=null)
This method is used to tell phpCAS to store the response of the CAS server to PGT requests in a datab...
validateCAS20(&$validate_url, &$text_response, &$tree_response, $renew=false)
This method is used to validate a cas 2.0 ST or PT; halt on failure Used for all CAS 2....
_addAttributeToArray(array &$attributeArray, $name, $value)
Add an attribute value to an array of attributes.
getProxiedService($type)
Answer a proxy-authenticated service handler.
serviceWeb($url, &$err_code, &$output)
This method is used to access an HTTP[S] service.
serviceMail($url, $serviceUrl, $flags, &$err_code, &$err_msg, &$pt)
This method is used to access an IMAP/POP3/NNTP service.
initializeProxiedService(CAS_ProxiedService $proxiedService)
Initialize a proxied-service handler with the proxy-ticket it should use.
isProxy()
Tells if a CAS client is a CAS proxy or not.
$_serviceCookieJar
Handler for managing service cookies.
$_pgt
the Proxy Grnting Ticket given by the CAS server (empty otherwise).
_setPGT($pgt)
This method stores the Proxy Granting Ticket.
$_proxy
A boolean telling if the client is a CAS proxy or not.
_hasPGT()
This method tells if a Proxy Granting Ticket was stored.
_getPGT()
This method returns the Proxy Granting Ticket given by the CAS server.
_setSessionAttributes($text_response)
This method will parse the DOM and pull out the attributes from the SAML payload and put them into an...
validateSA(&$validate_url, &$text_response, &$tree_response, $renew=false)
This method is used to validate a SAML TICKET; halt on failure, and sets $validate_url,...
$_proxies
This array will store a list of proxies in front of this application.
getAllowedProxyChains()
Answer the CAS_ProxyChain_AllowedList object for this client.
_setProxies($proxies)
Set the Proxy array, probably from persistant storage.
getProxies()
Answer an array of proxies that are sitting in front of this application.
static trace($str)
This method is used to log something in debug mode.
static traceEnd($res='')
This method is used to indicate the end of the execution of a function in debug mode.
static traceBegin()
This method is used to indicate the start of the execution of a function in debug mode.
static error($msg)
This method is used by interface methods to print an error and where the function was originally call...
static traceExit()
This method is used to indicate the end of the execution of the program.
const PHPCAS_PROXIED_SERVICE_HTTP_POST
phpCAS::getProxiedService() type for HTTP POST
const PHPCAS_PROXIED_SERVICE_HTTP_GET
phpCAS::getProxiedService() type for HTTP GET
const PHPCAS_SERVICE_OK
phpCAS::service() error code on success
const PHPCAS_SERVICE_NOT_AVAILABLE
phpCAS::service() error code when the service was not available.
const PHPCAS_PROXIED_SERVICE_IMAP
phpCAS::getProxiedService() type for IMAP
const SAML_ASSERTION_ARTIFACT_CLOSE
SAMLP close.
const SAML_ASSERTION_ARTIFACT
SAMLP artifact tag (for the ticket)
const CAS_VERSION_3_0
CAS version 3.0.
const SAML_SOAP_ENV
SOAP envelope for SAML POST.
const SAMLP_REQUEST
SAMLP request.
static getVersion()
This method returns the phpCAS version.
const SAML_VERSION_1_1
SAML protocol.
const SAML_SOAP_BODY
SOAP body for SAML POST.
const CAS_VERSION_1_0
CAS version 1.0.
const SAML_SOAP_BODY_CLOSE
SOAP body close.
const SAML_SOAP_ENV_CLOSE
SOAP envelope close.
const SAMLP_REQUEST_CLOSE
Language Interface class for all internationalization files.
This interface defines methods that allow proxy-authenticated service handlers to interact with phpCA...
getServiceUrl()
Answer a service identifier (URL) for whom we should fetch a proxy ticket.
setProxyTicket($proxyTicket)
Register a proxy ticket with the ProxiedService that it can use when making requests.
This interface defines a class library for performing web requests.
static http()
Fetches the global http state from ILIAS.
foreach($_POST as $key=> $value) $res
1.9.4 (using Doxyfile)