Add insecure parameter to allow connection on HTTP only CAS server
This commit is contained in:
parent
4f4ee37133
commit
7a495ee66c
1 changed files with 46 additions and 0 deletions
46
index.php
46
index.php
|
@ -19,6 +19,8 @@ $cas_servers=array(
|
||||||
'context' => '/cas',
|
'context' => '/cas',
|
||||||
// CAS server port
|
// CAS server port
|
||||||
'port' => 443,
|
'port' => 443,
|
||||||
|
// If you running this application in HTTP only, uncomment following parameter
|
||||||
|
//'insecure' => true,
|
||||||
// Disable CAS server Validation
|
// Disable CAS server Validation
|
||||||
'ssl_validation' => false,
|
'ssl_validation' => false,
|
||||||
// If ssl_validation is enable you must define
|
// If ssl_validation is enable you must define
|
||||||
|
@ -33,6 +35,9 @@ $default_cas_server=key($cas_servers);
|
||||||
// PhpCAS log file
|
// PhpCAS log file
|
||||||
$phpCAS_logfile='/tmp/cas.log';
|
$phpCAS_logfile='/tmp/cas.log';
|
||||||
|
|
||||||
|
// Local app URL (auto-detect on first acces if null)
|
||||||
|
$service_url=null;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
|
||||||
************************************
|
************************************
|
||||||
|
@ -47,6 +52,23 @@ session_start();
|
||||||
require $phpCAS_path;
|
require $phpCAS_path;
|
||||||
CAS_GracefullTerminationException::throwInsteadOfExiting();
|
CAS_GracefullTerminationException::throwInsteadOfExiting();
|
||||||
|
|
||||||
|
// Make sure service URL is defined (otherwise, load it from session or auto-detect)
|
||||||
|
if (is_null($service_url)) {
|
||||||
|
if (isset($_SESSION['service_url'])) {
|
||||||
|
$service_url = $_SESSION['service_url'];
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
$https = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off');
|
||||||
|
$request_uri = $_SERVER['REQUEST_URI'];
|
||||||
|
$request_uri = preg_replace('/\?.*$/', '', $request_uri);
|
||||||
|
$service_url = "http".($https?"s":"")."://".$_SERVER['SERVER_NAME'];
|
||||||
|
if (($_SERVER['SERVER_PORT'] != 443 && $https) || ($_SERVER['SERVER_PORT'] != 80 && !$https))
|
||||||
|
$service_url .= ":".$_SERVER['SERVER_PORT'];
|
||||||
|
$service_url .= $request_uri;
|
||||||
|
$_SESSION['service_url'] = $service_url;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if (isset($_REQUEST['server']) && !isset($cas_servers[$_REQUEST['server']])) {
|
if (isset($_REQUEST['server']) && !isset($cas_servers[$_REQUEST['server']])) {
|
||||||
$warnings[]="Invalid CAS server choiced";
|
$warnings[]="Invalid CAS server choiced";
|
||||||
unset($_REQUEST['server']);
|
unset($_REQUEST['server']);
|
||||||
|
@ -199,6 +221,7 @@ $phpCAS_config=array(
|
||||||
'CAS Hostname' => $cas_host,
|
'CAS Hostname' => $cas_host,
|
||||||
'CAS server port' => $cas_servers[$cas_host]['port'],
|
'CAS server port' => $cas_servers[$cas_host]['port'],
|
||||||
'CAS server context' => $cas_servers[$cas_host]['context'],
|
'CAS server context' => $cas_servers[$cas_host]['context'],
|
||||||
|
'Service URL' => $service_url,
|
||||||
);
|
);
|
||||||
|
|
||||||
if (is_writable($phpCAS_logfile)) {
|
if (is_writable($phpCAS_logfile)) {
|
||||||
|
@ -211,6 +234,28 @@ if (is_writable($phpCAS_logfile)) {
|
||||||
}
|
}
|
||||||
|
|
||||||
phpCAS::client(CAS_VERSION_2_0, $cas_host, $cas_servers[$cas_host]['port'], $cas_servers[$cas_host]['context']);
|
phpCAS::client(CAS_VERSION_2_0, $cas_host, $cas_servers[$cas_host]['port'], $cas_servers[$cas_host]['context']);
|
||||||
|
phpCAS::setFixedServiceURL($service_url);
|
||||||
|
|
||||||
|
if ($cas_servers[$cas_host]['insecure']) {
|
||||||
|
$phpCAS_config['Insecure'] = 'Yes';
|
||||||
|
$phpCAS_config['Base URL'] = 'http://'.$cas_host.($cas_servers[$cas_host]['port']?':'.$cas_servers[$cas_host]['port']:'').$cas_servers[$cas_host]['context'];
|
||||||
|
// Remove trailing slash if present
|
||||||
|
if (substr($phpCAS_config['Base URL'], -1)=='/')
|
||||||
|
$phpCAS_config['Base URL'] = substr($phpCAS_config['Base URL'], 0, -1);
|
||||||
|
$login_url = "$base_url/login";
|
||||||
|
$service_validate_url = "$base_url/serviceValidate";
|
||||||
|
$logout_url = "$base_url/logout";
|
||||||
|
$phpCAS_config['Login URL'] = $phpCAS_config['Base URL']."/login?service=".urlencode($service_url);
|
||||||
|
$phpCAS_config['Logout URL'] = $phpCAS_config['Base URL']."/logout";
|
||||||
|
$phpCAS_config['Service validate URL'] = $phpCAS_config['Base URL']."/serviceValidate";
|
||||||
|
phpCAS::setServerLoginURL($phpCAS_config['Login URL']);
|
||||||
|
phpCAS::setServerLogoutURL($phpCAS_config['Logout URL']);
|
||||||
|
phpCAS::setServerServiceValidateURL($phpCAS_config['Service validate URL']);
|
||||||
|
// Be sure SSL validation is disabled
|
||||||
|
$cas_servers[$cas_host]['ssl_validation'] = false;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
$phpCAS_config['Insecure'] = 'No';
|
||||||
|
|
||||||
echo "<div class='success'>Client successfully initialized</div>";
|
echo "<div class='success'>Client successfully initialized</div>";
|
||||||
|
|
||||||
|
@ -264,6 +309,7 @@ if (isset($_REQUEST['do'])) {
|
||||||
phpCAS::logout();
|
phpCAS::logout();
|
||||||
break;
|
break;
|
||||||
case 'locallogout':
|
case 'locallogout':
|
||||||
|
unset($_SESSION['session_url']);
|
||||||
unset($_SESSION['phpCAS']);
|
unset($_SESSION['phpCAS']);
|
||||||
if (!isset($_SESSION['phpCAS'])) {
|
if (!isset($_SESSION['phpCAS'])) {
|
||||||
echo "<div class='success'>Successfully logout</div>";
|
echo "<div class='success'>Successfully logout</div>";
|
||||||
|
|
Loading…
Reference in a new issue