Switched from simpleCAS to phpCAS
This commit is contained in:
parent
54032756c5
commit
a6ef5d3e2c
|
@ -123,15 +123,14 @@ if (!defined('STDIN')) {
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* We now do single sign-on using CAS http://www.jasig.org/cas
|
* CAS authentication http://www.jasig.org/cas
|
||||||
*
|
*
|
||||||
* http://code.google.com/p/simplecas/
|
* https://wiki.jasig.org/display/CASC/phpCAS
|
||||||
*
|
*
|
||||||
* SimpleCAS is a PHP library for handling the calls to the CAS service
|
* phpCAS is a PHP library for handling the calls to the CAS service
|
||||||
* The version we're running right now has been modified to remove
|
* It is the official library, part of the Jasig CAS project
|
||||||
* the depency on HTTP_Request2. Instead, it uses curl
|
|
||||||
*/
|
*/
|
||||||
define('CAS','/var/www/libraries/SimpleCAS');
|
define('CAS', APPLICATION_HOME.'/libraries/phpCAS');
|
||||||
define('CAS_SERVER','cas.somewhere.org');
|
define('CAS_SERVER','cas.somewhere.org');
|
||||||
define('CAS_URI','cas');
|
define('CAS_URI','cas');
|
||||||
|
|
||||||
|
|
|
@ -2,41 +2,37 @@
|
||||||
/**
|
/**
|
||||||
* Logs a user into the system using CAS
|
* Logs a user into the system using CAS
|
||||||
*
|
*
|
||||||
* @copyright 2006-2010 City of Bloomington, Indiana
|
* @copyright 2006-2013 City of Bloomington, Indiana
|
||||||
* @license http://www.gnu.org/licenses/agpl.txt GNU/AGPL, see LICENSE.txt
|
* @license http://www.gnu.org/licenses/agpl.txt GNU/AGPL, see LICENSE.txt
|
||||||
* @author Cliff Ingham <inghamn@bloomington.in.gov>
|
* @author Cliff Ingham <inghamn@bloomington.in.gov>
|
||||||
*/
|
*/
|
||||||
if (defined('CAS')) {
|
// If they don't have CAS configured, send them onto the application's
|
||||||
if (isset($_REQUEST['return_url'])) {
|
// internal authentication system
|
||||||
$_SESSION['return_url'] = $_REQUEST['return_url'];
|
if (!defined('CAS')) {
|
||||||
}
|
header('Location: '.BASE_URL.'/login/login.php?return_url='.$this->return_url);
|
||||||
|
exit();
|
||||||
|
}
|
||||||
|
|
||||||
require_once CAS.'/SimpleCAS/Autoload.php';
|
require_once CAS.'/CAS.php';
|
||||||
|
phpCAS::client(CAS_VERSION_2_0, CAS_SERVER, 443, CAS_URI, false);
|
||||||
|
phpCAS::setNoCasServerValidation();
|
||||||
|
phpCAS::forceAuthentication();
|
||||||
|
|
||||||
$options = array('hostname'=>CAS_SERVER,'uri'=>CAS_URI);
|
// at this step, the user has been authenticated by the CAS server
|
||||||
$protocol = new SimpleCAS_Protocol_Version2($options);
|
// and the user's login name can be read with phpCAS::getUser().
|
||||||
$client = SimpleCAS::client($protocol);
|
|
||||||
$client->forceAuthentication();
|
|
||||||
|
|
||||||
if ($client->isAuthenticated()) {
|
// They may be authenticated according to CAS,
|
||||||
try {
|
// but that doesn't mean they have person record
|
||||||
$user = new User($client->getUsername());
|
// and even if they have a person record, they may not
|
||||||
$user->startNewSession();
|
// have a user account for that person record.
|
||||||
|
try {
|
||||||
if (isset($_SESSION['return_url'])) {
|
$user = new User(phpCAS::getUser());
|
||||||
header('Location: '.$_SESSION['return_url']);
|
$user->startNewSession();
|
||||||
}
|
header("Location: ".BASE_URL);
|
||||||
else {
|
exit();
|
||||||
header('Location: '.BASE_URL);
|
}
|
||||||
}
|
catch (Exception $e) {
|
||||||
}
|
$_SESSION['errorMessages'][] = $e;
|
||||||
catch (Exception $e) {
|
|
||||||
$_SESSION['errorMessages'][] = $e;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
header('Location: '.BASE_URL);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
$template = new Template();
|
$template = new Template();
|
||||||
|
|
Loading…
Reference in New Issue