Add insecure parameter to allow connection on HTTP only CAS server

This commit is contained in:
Benjamin Renard 2020-12-03 15:22:47 +01:00
parent 4f4ee37133
commit 7a495ee66c

View file

@ -19,6 +19,8 @@ $cas_servers=array(
'context' => '/cas', 'context' => '/cas',
// CAS server port // CAS server port
'port' => 443, 'port' => 443,
// If you running this application in HTTP only, uncomment following parameter
//'insecure' => true,
// Disable CAS server Validation // Disable CAS server Validation
'ssl_validation' => false, 'ssl_validation' => false,
// If ssl_validation is enable you must define // If ssl_validation is enable you must define
@ -33,6 +35,9 @@ $default_cas_server=key($cas_servers);
// PhpCAS log file // PhpCAS log file
$phpCAS_logfile='/tmp/cas.log'; $phpCAS_logfile='/tmp/cas.log';
// Local app URL (auto-detect on first acces if null)
$service_url=null;
/* /*
************************************ ************************************
@ -47,6 +52,23 @@ session_start();
require $phpCAS_path; require $phpCAS_path;
CAS_GracefullTerminationException::throwInsteadOfExiting(); CAS_GracefullTerminationException::throwInsteadOfExiting();
// Make sure service URL is defined (otherwise, load it from session or auto-detect)
if (is_null($service_url)) {
if (isset($_SESSION['service_url'])) {
$service_url = $_SESSION['service_url'];
}
else {
$https = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off');
$request_uri = $_SERVER['REQUEST_URI'];
$request_uri = preg_replace('/\?.*$/', '', $request_uri);
$service_url = "http".($https?"s":"")."://".$_SERVER['SERVER_NAME'];
if (($_SERVER['SERVER_PORT'] != 443 && $https) || ($_SERVER['SERVER_PORT'] != 80 && !$https))
$service_url .= ":".$_SERVER['SERVER_PORT'];
$service_url .= $request_uri;
$_SESSION['service_url'] = $service_url;
}
}
if (isset($_REQUEST['server']) && !isset($cas_servers[$_REQUEST['server']])) { if (isset($_REQUEST['server']) && !isset($cas_servers[$_REQUEST['server']])) {
$warnings[]="Invalid CAS server choiced"; $warnings[]="Invalid CAS server choiced";
unset($_REQUEST['server']); unset($_REQUEST['server']);
@ -199,6 +221,7 @@ $phpCAS_config=array(
'CAS Hostname' => $cas_host, 'CAS Hostname' => $cas_host,
'CAS server port' => $cas_servers[$cas_host]['port'], 'CAS server port' => $cas_servers[$cas_host]['port'],
'CAS server context' => $cas_servers[$cas_host]['context'], 'CAS server context' => $cas_servers[$cas_host]['context'],
'Service URL' => $service_url,
); );
if (is_writable($phpCAS_logfile)) { if (is_writable($phpCAS_logfile)) {
@ -211,6 +234,28 @@ if (is_writable($phpCAS_logfile)) {
} }
phpCAS::client(CAS_VERSION_2_0, $cas_host, $cas_servers[$cas_host]['port'], $cas_servers[$cas_host]['context']); phpCAS::client(CAS_VERSION_2_0, $cas_host, $cas_servers[$cas_host]['port'], $cas_servers[$cas_host]['context']);
phpCAS::setFixedServiceURL($service_url);
if ($cas_servers[$cas_host]['insecure']) {
$phpCAS_config['Insecure'] = 'Yes';
$phpCAS_config['Base URL'] = 'http://'.$cas_host.($cas_servers[$cas_host]['port']?':'.$cas_servers[$cas_host]['port']:'').$cas_servers[$cas_host]['context'];
// Remove trailing slash if present
if (substr($phpCAS_config['Base URL'], -1)=='/')
$phpCAS_config['Base URL'] = substr($phpCAS_config['Base URL'], 0, -1);
$login_url = "$base_url/login";
$service_validate_url = "$base_url/serviceValidate";
$logout_url = "$base_url/logout";
$phpCAS_config['Login URL'] = $phpCAS_config['Base URL']."/login?service=".urlencode($service_url);
$phpCAS_config['Logout URL'] = $phpCAS_config['Base URL']."/logout";
$phpCAS_config['Service validate URL'] = $phpCAS_config['Base URL']."/serviceValidate";
phpCAS::setServerLoginURL($phpCAS_config['Login URL']);
phpCAS::setServerLogoutURL($phpCAS_config['Logout URL']);
phpCAS::setServerServiceValidateURL($phpCAS_config['Service validate URL']);
// Be sure SSL validation is disabled
$cas_servers[$cas_host]['ssl_validation'] = false;
}
else
$phpCAS_config['Insecure'] = 'No';
echo "<div class='success'>Client successfully initialized</div>"; echo "<div class='success'>Client successfully initialized</div>";
@ -264,6 +309,7 @@ if (isset($_REQUEST['do'])) {
phpCAS::logout(); phpCAS::logout();
break; break;
case 'locallogout': case 'locallogout':
unset($_SESSION['session_url']);
unset($_SESSION['phpCAS']); unset($_SESSION['phpCAS']);
if (!isset($_SESSION['phpCAS'])) { if (!isset($_SESSION['phpCAS'])) {
echo "<div class='success'>Successfully logout</div>"; echo "<div class='success'>Successfully logout</div>";