ILIAS  release_7 Revision v7.30-3-g800a261c036
Functions
CAS SAML features (SAML 1.1)
Implementation
+ Collaboration diagram for CAS SAML features (SAML 1.1):

Functions

 CAS_Client::validateSA (&$validate_url, &$text_response, &$tree_response, $renew=false)
 This method is used to validate a SAML TICKET; halt on failure, and sets $validate_url, $text_reponse and $tree_response on success. More...
 
 CAS_Client::_setSessionAttributes ($text_response)
 This method will parse the DOM and pull out the attributes from the SAML payload and put them into an array, then put the array into the session. More...
 

Detailed Description

Function Documentation

◆ _setSessionAttributes()

CAS_Client::_setSessionAttributes (   $text_response)
private

This method will parse the DOM and pull out the attributes from the SAML payload and put them into an array, then put the array into the session.

Parameters
string$text_responsethe SAML payload.
Returns
bool true when successfull and false if no attributes a found

Definition at line 2222 of file Client.php.

2223 {
2224 phpCAS::traceBegin();
2225
2226 $result = false;
2227
2228 $attr_array = array();
2229
2230 // create new DOMDocument Object
2231 $dom = new DOMDocument();
2232 // Fix possible whitspace problems
2233 $dom->preserveWhiteSpace = false;
2234 if (($dom->loadXML($text_response))) {
2235 $xPath = new DOMXpath($dom);
2236 $xPath->registerNamespace('samlp', 'urn:oasis:names:tc:SAML:1.0:protocol');
2237 $xPath->registerNamespace('saml', 'urn:oasis:names:tc:SAML:1.0:assertion');
2238 $nodelist = $xPath->query("//saml:Attribute");
2239
2240 if ($nodelist) {
2241 foreach ($nodelist as $node) {
2242 $xres = $xPath->query("saml:AttributeValue", $node);
2243 $name = $node->getAttribute("AttributeName");
2244 $value_array = array();
2245 foreach ($xres as $node2) {
2246 $value_array[] = $node2->nodeValue;
2247 }
2248 $attr_array[$name] = $value_array;
2249 }
2250 // UGent addition...
2251 foreach ($attr_array as $attr_key => $attr_value) {
2252 if (count($attr_value) > 1) {
2253 $this->_attributes[$attr_key] = $attr_value;
2254 phpCAS::trace("* " . $attr_key . "=" . print_r($attr_value, true));
2255 } else {
2256 $this->_attributes[$attr_key] = $attr_value[0];
2257 phpCAS::trace("* " . $attr_key . "=" . $attr_value[0]);
2258 }
2259 }
2260 $result = true;
2261 } else {
2262 phpCAS::trace("SAML Attributes are empty");
2263 $result = false;
2264 }
2265 }
2266 phpCAS::traceEnd($result);
2267 return $result;
2268 }
$result
$result
Definition: CleanUpTest.php:463
phpCAS\trace
static trace($str)
This method is used to log something in debug mode.
Definition: CAS.php:599
phpCAS\traceEnd
static traceEnd($res='')
This method is used to indicate the end of the execution of a function in debug mode.
Definition: CAS.php:658
phpCAS\traceBegin
static traceBegin()
This method is used to indicate the start of the execution of a function in debug mode.
Definition: CAS.php:611
$name
if($format !==null) $name
Definition: metadata.php:230

References $name, $result, phpCAS\trace(), phpCAS\traceBegin(), and phpCAS\traceEnd().

+ Here is the call graph for this function:

◆ validateSA()

CAS_Client::validateSA ( $validate_url,
$text_response,
$tree_response,
  $renew = false 
)

This method is used to validate a SAML TICKET; halt on failure, and sets $validate_url, $text_reponse and $tree_response on success.

These parameters are used later by CAS_Client::_validatePGT() for CAS proxies.

Parameters
string&$validate_urlreference to the the URL of the request to the CAS server.
string&$text_responsereference to the response of the CAS server, as is (XML text).
string&$tree_responsereference to the response of the CAS server, as a DOM XML tree.
bool$renewtrue to force the authentication with the CAS server
Returns
bool true when successfull and issue a CAS_AuthenticationException and false on an error

Definition at line 2110 of file Client.php.

2111 {
2112 phpCAS::traceBegin();
2113 $result = false;
2114 // build the URL to validate the ticket
2115 $validate_url = $this->getServerSamlValidateURL();
2116
2117 if ($renew) {
2118 // pass the renew
2119 $validate_url .= '&renew=true';
2120 }
2121
2122 // open and read the URL
2123 if (!$this->_readURL($validate_url, $headers, $text_response, $err_msg)) {
2124 phpCAS::trace(
2125 'could not open URL \'' . $validate_url . '\' to validate (' . $err_msg . ')'
2126 );
2127 throw new CAS_AuthenticationException(
2128 $this,
2129 'SA not validated',
2130 $validate_url,
2131 true/*$no_response*/
2132 );
2133 }
2134
2135 phpCAS::trace('server version: ' . $this->getServerVersion());
2136
2137 // analyze the result depending on the version
2138 switch ($this->getServerVersion()) {
2139 case SAML_VERSION_1_1:
2140 // create new DOMDocument Object
2141 $dom = new DOMDocument();
2142 // Fix possible whitspace problems
2143 $dom->preserveWhiteSpace = false;
2144 // read the response of the CAS server into a DOM object
2145 if (!($dom->loadXML($text_response))) {
2146 phpCAS::trace('dom->loadXML() failed');
2147 throw new CAS_AuthenticationException(
2148 $this,
2149 'SA not validated',
2150 $validate_url,
2151 false/*$no_response*/,
2152 true/*$bad_response*/,
2153 $text_response
2154 );
2155 $result = false;
2156 }
2157 // read the root node of the XML tree
2158 if (!($tree_response = $dom->documentElement)) {
2159 phpCAS::trace('documentElement() failed');
2160 throw new CAS_AuthenticationException(
2161 $this,
2162 'SA not validated',
2163 $validate_url,
2164 false/*$no_response*/,
2165 true/*$bad_response*/,
2166 $text_response
2167 );
2168 $result = false;
2169 } elseif ($tree_response->localName != 'Envelope') {
2170 // insure that tag name is 'Envelope'
2171 phpCAS::trace(
2172 'bad XML root node (should be `Envelope\' instead of `'
2173 . $tree_response->localName . '\''
2174 );
2175 throw new CAS_AuthenticationException(
2176 $this,
2177 'SA not validated',
2178 $validate_url,
2179 false/*$no_response*/,
2180 true/*$bad_response*/,
2181 $text_response
2182 );
2183 $result = false;
2184 } elseif ($tree_response->getElementsByTagName("NameIdentifier")->length != 0) {
2185 // check for the NameIdentifier tag in the SAML response
2186 $success_elements = $tree_response->getElementsByTagName("NameIdentifier");
2187 phpCAS::trace('NameIdentifier found');
2188 $user = trim($success_elements->item(0)->nodeValue);
2189 phpCAS::trace('user = `' . $user . '`');
2190 $this->_setUser($user);
2191 $this->_setSessionAttributes($text_response);
2192 $result = true;
2193 } else {
2194 phpCAS::trace('no <NameIdentifier> tag found in SAML payload');
2195 throw new CAS_AuthenticationException(
2196 $this,
2197 'SA not validated',
2198 $validate_url,
2199 false/*$no_response*/,
2200 true/*$bad_response*/,
2201 $text_response
2202 );
2203 $result = false;
2204 }
2205 }
2206 if ($result) {
2207 $this->_renameSession($this->getTicket());
2208 }
2209 // at this step, ST has been validated and $this->_user has been set,
2210 phpCAS::traceEnd($result);
2211 return $result;
2212 }
CAS_AuthenticationException
This interface defines methods that allow proxy-authenticated service handlers to interact with phpCA...
Definition: AuthenticationException.php:49
CAS_Client\_setUser
_setUser($user)
This method sets the CAS user's login name.
Definition: Client.php:1121
CAS_Client\getTicket
getTicket()
This method returns the Service Ticket provided in the URL of the request.
Definition: Client.php:1905
CAS_Client\getServerSamlValidateURL
getServerSamlValidateURL()
This method is used to retrieve the SAML validating URL of the CAS server.
Definition: Client.php:471
CAS_Client\_renameSession
_renameSession($ticket)
Renaming the session.
Definition: Client.php:3801
CAS_Client\_readURL
_readURL($url, &$headers, &$body, &$err_msg)
This method is used to acces a remote URL.
Definition: Client.php:2875
CAS_Client\_setSessionAttributes
_setSessionAttributes($text_response)
This method will parse the DOM and pull out the attributes from the SAML payload and put them into an...
Definition: Client.php:2222

Referenced by CAS_Client\isAuthenticated().

+ Here is the caller graph for this function: