array( // Context of the CAS Server 'context' => '/idp/cas', // CAS server port 'port' => 443, // If you running this application in HTTP only, uncomment following parameter //'insecure' => true, // Disable CAS server Validation 'ssl_validation' => true, // If ssl_validation is enable you must define 'ssl_cacert_path' => '/etc/ssl/certs/ca-certificates.crt', 'ssl_cn_validation' => true, // Extra CURL options (for phpCAS client) 'extra_curl_options' => array( // Uncomment it in case of 'dh key too small' error // 'CURLOPT_SSL_CIPHER_LIST' => 'DEFAULT@SECLEVEL=1', ), ), ); // FQDN of CAS server $default_cas_server=key($cas_servers); // PhpCAS debug logs // Log directory path $phpCAS_logdir='logs'; // Log filename format // Compose with : // - {cas_server} : the CAS server // - {remote_addr} : connected user remote IP address // - {session_id} : connected user session_id $phpCAS_logfile_format='{session_id}-{cas_server}.log'; // Local app URL (auto-detect on first acces if null) $service_url=null; /* ************************************ * Main * ************************************ */ $warnings=array(); session_start(); require $phpCAS_path; CAS_GracefullTerminationException::throwInsteadOfExiting(); // Make sure service URL is defined (otherwise, load it from session or auto-detect) if (is_null($service_url)) { if (isset($_SESSION['service_url'])) { $service_url = $_SESSION['service_url']; } else { $https = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off'); $request_uri = $_SERVER['REQUEST_URI']; $request_uri = preg_replace('/\?.*$/', '', $request_uri); $service_url = "http".($https?"s":"")."://".$_SERVER['SERVER_NAME']; if (($_SERVER['SERVER_PORT'] != 443 && $https) || ($_SERVER['SERVER_PORT'] != 80 && !$https)) $service_url .= ":".$_SERVER['SERVER_PORT']; $service_url .= $request_uri; $_SESSION['service_url'] = $service_url; } } if (isset($_REQUEST['server']) && !isset($cas_servers[$_REQUEST['server']])) { $warnings[]="Invalid CAS server choiced"; unset($_REQUEST['server']); } if (isset($_REQUEST['server'])) { $cas_host=$_REQUEST['server']; if ($_SESSION['cas_server']!=$cas_host) { $_SESSION['cas_server']=$cas_host; unset($_SESSION['phpCAS']['user']); } } elseif (isset($_SESSION['cas_server'])) { $cas_host=$_SESSION['cas_server']; } else { $cas_host=$default_cas_server; $_SESSION['cas_server']=$cas_host; unset($_SESSION['phpCAS']['user']); } $_SESSION['cas_server']=$cas_host; $_show_cas_client_config=false; function show_cas_client_config() { global $phpCAS_config, $_show_cas_client_config; if ($_show_cas_client_config) return true; $_show_cas_client_config=true; echo "

CAS Client configuration

"; } $_show_warnings=false; function show_warnings() { global $warnings,$_show_warnings; if ($_show_warnings) return true; $_show_warnings=true; if (!empty($warnings)) { echo "

Warnings message

"; } } function show_cas_log() { global $phpCAS_logfile; echo "

PhpCAS Debug Log

"; if (is_writable($phpCAS_logfile)) { $lines=file($phpCAS_logfile); if (is_array($lines)) { echo '
'.implode('',$lines).'
'; } else { echo "Error reading PhpCAS debug log file ($phpCAS_logfile)."; } } else { echo "PhpCAS debug log file does not exists or is not writable ($phpCAS_logfile)."; } } function show_user_infos() { echo "Login : ".phpCAS::getUser()."
"; echo "Attributes :
".print_r(phpCAS::getAttributes(),True).'
'; } ?> Test CAS

Test CAS Application

CAS server selection

:

Menu

CAS Client Initialization ...

$cas_host, 'CAS server port' => $cas_servers[$cas_host]['port'], 'CAS server context' => $cas_servers[$cas_host]['context'], 'Service URL' => $service_url, ); if (is_writable($phpCAS_logfile) || (!is_file($phpCAS_logfile) && is_writable(dirname($phpCAS_logfile)))) { if (is_file($phpCAS_logfile) && isset($_REQUEST['truncatelog'])) { $fh = fopen($phpCAS_logfile, 'w'); fclose($fh); } $phpCAS_config['Debug file'] = $phpCAS_logfile; phpCAS::setDebug($phpCAS_logfile); } // phpCAS client initialization $init_args = [ CAS_VERSION_2_0, $cas_host, $cas_servers[$cas_host]['port'], $cas_servers[$cas_host]['context'], ]; // Note: Determine phpCAS version to correctly handle the $service_base_url parameter added in 1.6.0. // Note: this parameter is also required for Debian Buster 1.3.6-1+deb10u1 package, because // to fix CVE-2022-39369, this version was patched and this parameter have been added. Use Reflection // to correctly handle this case. $init_method = new ReflectionMethod("phpCAS", "client"); if ( intval(str_replace('.', '000', phpCAS::getVersion()).'000') >= 100060000000 || $init_method->getNumberOfRequiredParameters() > 4 ) $init_args[] = $service_url; call_user_func_array(["phpCAS", "client"], $init_args); phpCAS::setFixedServiceURL($service_url); // Set extra CURL options if (isset($cas_servers[$cas_host]['extra_curl_options']) && is_array($cas_servers[$cas_host]['extra_curl_options'])) { foreach($cas_servers[$cas_host]['extra_curl_options'] as $opt => $value) { if (is_string($opt) && substr($opt, 0, 7) == 'CURLOPT' && defined($opt)) $opt = constant($opt); phpCAS::setExtraCurlOption($opt, $value); } } if ($cas_servers[$cas_host]['insecure']) { $phpCAS_config['Insecure'] = 'Yes'; $phpCAS_config['Base URL'] = 'http://'.$cas_host.($cas_servers[$cas_host]['port']?':'.$cas_servers[$cas_host]['port']:'').$cas_servers[$cas_host]['context']; // Remove trailing slash if present if (substr($phpCAS_config['Base URL'], -1)=='/') $phpCAS_config['Base URL'] = substr($phpCAS_config['Base URL'], 0, -1); $login_url = "$base_url/login"; $service_validate_url = "$base_url/serviceValidate"; $logout_url = "$base_url/logout"; $phpCAS_config['Login URL'] = $phpCAS_config['Base URL']."/login?service=".urlencode($service_url); $phpCAS_config['Logout URL'] = $phpCAS_config['Base URL']."/logout"; $phpCAS_config['Service validate URL'] = $phpCAS_config['Base URL']."/serviceValidate"; phpCAS::setServerLoginURL($phpCAS_config['Login URL']); phpCAS::setServerLogoutURL($phpCAS_config['Logout URL']); phpCAS::setServerServiceValidateURL($phpCAS_config['Service validate URL']); // Be sure SSL validation is disabled $cas_servers[$cas_host]['ssl_validation'] = false; } else $phpCAS_config['Insecure'] = 'No'; echo "
Client successfully initialized
"; if ($cas_servers[$cas_host]['ssl_validation']===true) { if (is_readable($cas_servers[$cas_host]['ssl_cacert_path'])) { $phpCAS_config['SSL Validation']='Enabled'; $phpCAS_config['SSL CA Cert Validation File']=$cas_servers[$cas_host]['ssl_cacert_path']; $phpCAS_config['SSL CN Validation']=($cas_servers[$cas_host]['ssl_cn_validation']?'Enabled':'Disabled'); phpCAS::setCasServerCACert($cas_servers[$cas_host]['ssl_cacert_path'],$cas_servers[$cas_host]['ssl_cn_validation']); } else { $warnings[]='SSL validation enable for this server but CA Cert file configured does not exists or is not readable'; $phpCAS_config['SSL Validation']='Disabled'; phpCAS::setNoCasServerValidation(); } } else { $phpCAS_config['SSL Validation']='Disabled'; phpCAS::setNoCasServerValidation(); } phpCAS::setCacheTimesForAuthRecheck(0); show_cas_client_config(); show_warnings(); ?>

Action

State before running action

Running action...

Successfully authenticated"; break; case 'caslogout': phpCAS::forceAuthentication(); phpCAS::logoutWithRedirectService($service_url); break; case 'locallogout': unset($_SESSION['session_url']); unset($_SESSION['phpCAS']); if (!isset($_SESSION['phpCAS'])) { echo "
Successfully logout
"; } else { echo "
Failed to unset phpCAS session informations
"; } break; default: echo "
Incorrect parameters
"; } } else { echo "Nothing to do"; } if (phpCAS::isAuthenticated()) { echo "

Authenticated user informations

"; show_user_infos(); } // End of catch } catch (CAS_GracefullTerminationException $e) { echo "
PhpCAS return exception
"; show_cas_client_config(); show_warnings(); } show_cas_log(); ?>