Switched from simpleCAS to phpCAS

This commit is contained in:
inghamn 2013-12-13 09:46:23 -05:00
parent 54032756c5
commit a6ef5d3e2c
2 changed files with 30 additions and 35 deletions

View File

@ -123,15 +123,14 @@ if (!defined('STDIN')) {
} }
/** /**
* We now do single sign-on using CAS http://www.jasig.org/cas * CAS authentication http://www.jasig.org/cas
* *
* http://code.google.com/p/simplecas/ * https://wiki.jasig.org/display/CASC/phpCAS
* *
* SimpleCAS is a PHP library for handling the calls to the CAS service * phpCAS is a PHP library for handling the calls to the CAS service
* The version we're running right now has been modified to remove * It is the official library, part of the Jasig CAS project
* the depency on HTTP_Request2. Instead, it uses curl
*/ */
define('CAS','/var/www/libraries/SimpleCAS'); define('CAS', APPLICATION_HOME.'/libraries/phpCAS');
define('CAS_SERVER','cas.somewhere.org'); define('CAS_SERVER','cas.somewhere.org');
define('CAS_URI','cas'); define('CAS_URI','cas');

View File

@ -2,41 +2,37 @@
/** /**
* Logs a user into the system using CAS * Logs a user into the system using CAS
* *
* @copyright 2006-2010 City of Bloomington, Indiana * @copyright 2006-2013 City of Bloomington, Indiana
* @license http://www.gnu.org/licenses/agpl.txt GNU/AGPL, see LICENSE.txt * @license http://www.gnu.org/licenses/agpl.txt GNU/AGPL, see LICENSE.txt
* @author Cliff Ingham <inghamn@bloomington.in.gov> * @author Cliff Ingham <inghamn@bloomington.in.gov>
*/ */
if (defined('CAS')) { // If they don't have CAS configured, send them onto the application's
if (isset($_REQUEST['return_url'])) { // internal authentication system
$_SESSION['return_url'] = $_REQUEST['return_url']; if (!defined('CAS')) {
} header('Location: '.BASE_URL.'/login/login.php?return_url='.$this->return_url);
exit();
}
require_once CAS.'/SimpleCAS/Autoload.php'; require_once CAS.'/CAS.php';
phpCAS::client(CAS_VERSION_2_0, CAS_SERVER, 443, CAS_URI, false);
phpCAS::setNoCasServerValidation();
phpCAS::forceAuthentication();
$options = array('hostname'=>CAS_SERVER,'uri'=>CAS_URI); // at this step, the user has been authenticated by the CAS server
$protocol = new SimpleCAS_Protocol_Version2($options); // and the user's login name can be read with phpCAS::getUser().
$client = SimpleCAS::client($protocol);
$client->forceAuthentication();
if ($client->isAuthenticated()) { // They may be authenticated according to CAS,
try { // but that doesn't mean they have person record
$user = new User($client->getUsername()); // and even if they have a person record, they may not
$user->startNewSession(); // have a user account for that person record.
try {
if (isset($_SESSION['return_url'])) { $user = new User(phpCAS::getUser());
header('Location: '.$_SESSION['return_url']); $user->startNewSession();
} header("Location: ".BASE_URL);
else { exit();
header('Location: '.BASE_URL); }
} catch (Exception $e) {
} $_SESSION['errorMessages'][] = $e;
catch (Exception $e) {
$_SESSION['errorMessages'][] = $e;
}
}
else {
header('Location: '.BASE_URL);
}
} }
$template = new Template(); $template = new Template();