array(
// Context of the CAS Server
'context' => '/idp/cas',
// CAS server port
'port' => 443,
// If you running this application in HTTP only, uncomment following parameter
//'insecure' => true,
// Disable CAS server Validation
'ssl_validation' => true,
// If ssl_validation is enable you must define
'ssl_cacert_path' => '/etc/ssl/certs/ca-certificates.crt',
'ssl_cn_validation' => true,
// Extra CURL options (for phpCAS client)
'extra_curl_options' => array(
// Uncomment it in case of 'dh key too small' error
// 'CURLOPT_SSL_CIPHER_LIST' => 'DEFAULT@SECLEVEL=1',
),
),
);
// FQDN of CAS server
$default_cas_server=key($cas_servers);
// PhpCAS debug logs
// Log directory path
$phpCAS_logdir='logs';
// Log filename format
// Compose with :
// - {cas_server} : the CAS server
// - {remote_addr} : connected user remote IP address
// - {session_id} : connected user session_id
$phpCAS_logfile_format='{session_id}-{cas_server}.log';
// Local app URL (auto-detect on first acces if null)
$service_url=null;
/*
************************************
* Main *
************************************
*/
$warnings=array();
session_start();
require $phpCAS_path;
CAS_GracefullTerminationException::throwInsteadOfExiting();
// Make sure service URL is defined (otherwise, load it from session or auto-detect)
if (is_null($service_url)) {
if (isset($_SESSION['service_url'])) {
$service_url = $_SESSION['service_url'];
}
else {
$https = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off');
$request_uri = $_SERVER['REQUEST_URI'];
$request_uri = preg_replace('/\?.*$/', '', $request_uri);
$service_url = "http".($https?"s":"")."://".$_SERVER['SERVER_NAME'];
if (($_SERVER['SERVER_PORT'] != 443 && $https) || ($_SERVER['SERVER_PORT'] != 80 && !$https))
$service_url .= ":".$_SERVER['SERVER_PORT'];
$service_url .= $request_uri;
$_SESSION['service_url'] = $service_url;
}
}
if (isset($_REQUEST['server']) && !isset($cas_servers[$_REQUEST['server']])) {
$warnings[]="Invalid CAS server choiced";
unset($_REQUEST['server']);
}
if (isset($_REQUEST['server'])) {
$cas_host=$_REQUEST['server'];
if ($_SESSION['cas_server']!=$cas_host) {
$_SESSION['cas_server']=$cas_host;
unset($_SESSION['phpCAS']['user']);
}
}
elseif (isset($_SESSION['cas_server'])) {
$cas_host=$_SESSION['cas_server'];
}
else {
$cas_host=$default_cas_server;
$_SESSION['cas_server']=$cas_host;
unset($_SESSION['phpCAS']['user']);
}
$_SESSION['cas_server']=$cas_host;
$_show_cas_client_config=false;
function show_cas_client_config() {
global $phpCAS_config, $_show_cas_client_config;
if ($_show_cas_client_config) return true;
$_show_cas_client_config=true;
echo "
CAS Client configuration
";
foreach($phpCAS_config as $cfg_name => $cfg_val) {
echo "- $cfg_name : $cfg_val
";
}
echo "
";
}
$_show_warnings=false;
function show_warnings() {
global $warnings,$_show_warnings;
if ($_show_warnings) return true;
$_show_warnings=true;
if (!empty($warnings)) {
echo "Warnings message
";
foreach ($warnings as $msg) {
echo "- $msg
";
}
echo "
";
}
}
function show_cas_log() {
global $phpCAS_logfile;
echo "PhpCAS Debug Log
";
if (is_writable($phpCAS_logfile)) {
$lines=file($phpCAS_logfile);
if (is_array($lines)) {
echo ''.implode('',$lines).'
';
}
else {
echo "Error reading PhpCAS debug log file ($phpCAS_logfile).";
}
}
else {
echo "PhpCAS debug log file does not exists or is not writable ($phpCAS_logfile).";
}
}
function show_user_infos() {
echo "Login : ".phpCAS::getUser()."
";
echo "Attributes : ".print_r(phpCAS::getAttributes(),True).'
';
}
?>
Test CAS
Test CAS Application
CAS server selection
Menu
CAS Client Initialization ...
$cas_host,
'CAS server port' => $cas_servers[$cas_host]['port'],
'CAS server context' => $cas_servers[$cas_host]['context'],
'Service URL' => $service_url,
);
if (is_writable($phpCAS_logfile) || (!is_file($phpCAS_logfile) && is_writable(dirname($phpCAS_logfile)))) {
if (is_file($phpCAS_logfile) && isset($_REQUEST['truncatelog'])) {
$fh = fopen($phpCAS_logfile, 'w');
fclose($fh);
}
$phpCAS_config['Debug file'] = $phpCAS_logfile;
phpCAS::setDebug($phpCAS_logfile);
}
// phpCAS client initialization
$init_args = [
CAS_VERSION_2_0,
$cas_host,
$cas_servers[$cas_host]['port'],
$cas_servers[$cas_host]['context'],
];
// Note: Determine phpCAS version to correctly handle the $service_base_url parameter added in 1.6.0.
// Note: this parameter is also required for Debian Buster 1.3.6-1+deb10u1 package, because
// to fix CVE-2022-39369, this version was patched and this parameter have been added. Use Reflection
// to correctly handle this case.
$init_method = new ReflectionMethod("phpCAS", "client");
if (
intval(str_replace('.', '000', phpCAS::getVersion()).'000') >= 100060000000
|| $init_method->getNumberOfRequiredParameters() > 4
)
$init_args[] = $service_url;
call_user_func_array(["phpCAS", "client"], $init_args);
phpCAS::setFixedServiceURL($service_url);
// Set extra CURL options
if (isset($cas_servers[$cas_host]['extra_curl_options']) && is_array($cas_servers[$cas_host]['extra_curl_options'])) {
foreach($cas_servers[$cas_host]['extra_curl_options'] as $opt => $value) {
if (is_string($opt) && substr($opt, 0, 7) == 'CURLOPT' && defined($opt))
$opt = constant($opt);
phpCAS::setExtraCurlOption($opt, $value);
}
}
if ($cas_servers[$cas_host]['insecure']) {
$phpCAS_config['Insecure'] = 'Yes';
$phpCAS_config['Base URL'] = 'http://'.$cas_host.($cas_servers[$cas_host]['port']?':'.$cas_servers[$cas_host]['port']:'').$cas_servers[$cas_host]['context'];
// Remove trailing slash if present
if (substr($phpCAS_config['Base URL'], -1)=='/')
$phpCAS_config['Base URL'] = substr($phpCAS_config['Base URL'], 0, -1);
$login_url = "$base_url/login";
$service_validate_url = "$base_url/serviceValidate";
$logout_url = "$base_url/logout";
$phpCAS_config['Login URL'] = $phpCAS_config['Base URL']."/login?service=".urlencode($service_url);
$phpCAS_config['Logout URL'] = $phpCAS_config['Base URL']."/logout";
$phpCAS_config['Service validate URL'] = $phpCAS_config['Base URL']."/serviceValidate";
phpCAS::setServerLoginURL($phpCAS_config['Login URL']);
phpCAS::setServerLogoutURL($phpCAS_config['Logout URL']);
phpCAS::setServerServiceValidateURL($phpCAS_config['Service validate URL']);
// Be sure SSL validation is disabled
$cas_servers[$cas_host]['ssl_validation'] = false;
}
else
$phpCAS_config['Insecure'] = 'No';
echo "Client successfully initialized
";
if ($cas_servers[$cas_host]['ssl_validation']===true) {
if (is_readable($cas_servers[$cas_host]['ssl_cacert_path'])) {
$phpCAS_config['SSL Validation']='Enabled';
$phpCAS_config['SSL CA Cert Validation File']=$cas_servers[$cas_host]['ssl_cacert_path'];
$phpCAS_config['SSL CN Validation']=($cas_servers[$cas_host]['ssl_cn_validation']?'Enabled':'Disabled');
phpCAS::setCasServerCACert($cas_servers[$cas_host]['ssl_cacert_path'],$cas_servers[$cas_host]['ssl_cn_validation']);
}
else {
$warnings[]='SSL validation enable for this server but CA Cert file configured does not exists or is not readable';
$phpCAS_config['SSL Validation']='Disabled';
phpCAS::setNoCasServerValidation();
}
}
else {
$phpCAS_config['SSL Validation']='Disabled';
phpCAS::setNoCasServerValidation();
}
phpCAS::setCacheTimesForAuthRecheck(0);
show_cas_client_config();
show_warnings();
?>
Action
State before running action
Running action...
Successfully authenticated";
break;
case 'caslogout':
phpCAS::forceAuthentication();
phpCAS::logoutWithRedirectService($service_url);
break;
case 'locallogout':
unset($_SESSION['session_url']);
unset($_SESSION['phpCAS']);
if (!isset($_SESSION['phpCAS'])) {
echo "Successfully logout
";
}
else {
echo "Failed to unset phpCAS session informations
";
}
break;
default:
echo "Incorrect parameters
";
}
}
else {
echo "Nothing to do";
}
if (phpCAS::isAuthenticated()) {
echo "Authenticated user informations
";
show_user_infos();
}
// End of catch
}
catch (CAS_GracefullTerminationException $e) {
echo "PhpCAS return exception
";
show_cas_client_config();
show_warnings();
}
show_cas_log();
?>