Page Operations
Browse Space
A simple CAS client
phpCAS can be used the simplest way, as a CAS client (example_simple.php):
<?php // // phpCAS simple client // // import phpCAS lib include_once('CAS.php'); phpCAS::setDebug(); // initialize phpCAS phpCAS::client(CAS_VERSION_2_0,'sso-cas.univ-rennes1.fr',443,''); // no SSL validation for the CAS server phpCAS::setNoCasServerValidation(); // force CAS authentication phpCAS::forceAuthentication(); // at this step, the user has been authenticated by the CAS server // and the user's login name can be read with phpCAS::getUser(). // logout if desired if (isset($_REQUEST['logout'])) { phpCAS::logout(); } // for this test, simply print that the authentication was successfull ?> <html> <head> <title>phpCAS simple client</title> </head> <body> <h1>Successfull Authentication!</h1> <p>the user's login is <b><?php echo phpCAS::getUser(); ?></b>.</p> <p>phpCAS version is <b><?php echo phpCAS::getVersion(); ?></b>.</p> <p><a href="?logout=">Logout</a></p> </body> </html>
Run-time behaviour configuration
When setting up a CAS proxy client, some runtime behaviour can be easily configured.
Language (example_lang.php)
<?php // // phpCAS simple client configured with another language // // import phpCAS lib include_once('CAS.php'); // initialize phpCAS phpCAS::client(CAS_VERSION_2_0,'sso-cas.univ-rennes1.fr',443,''); // no SSL validation for the CAS server phpCAS::setNoCasServerValidation(); // set the language to french phpCAS::setLang(PHPCAS_LANG_FRENCH); // force CAS authentication phpCAS::forceAuthentication(); // at this step, the user has been authenticated by the CAS server // and the user's login name can be read with phpCAS::getUser(). // moreover, a PGT was retrieved from the CAS server that will // permit to gain accesses to new services. // for this test, simply print that the authentication was successfull ?> <html> <head> <title>Exemple d'internationalisation de phpCAS</title> </head> <body> <h1>Authentification réussie !</h1> <p>L'utilisateur connecté est <b><?php echo phpCAS::getUser(); ?></b>.</p> <p>La version de phpCAS est <b><?php echo phpCAS::getVersion(); ?></b>.</p> </body> </html>
HTML output (example_html.php)
<?php // // phpCAS simple client with HTML output customization // // import phpCAS lib include_once('CAS.php'); // initialize phpCAS phpCAS::client(CAS_VERSION_2_0,'sso-cas.univ-rennes1.fr',443,''); // no SSL validation for the CAS server phpCAS::setNoCasServerValidation(); // customize HTML output phpCAS::setHTMLHeader(' <html> <head> <title>__TITLE__</title> </head> <body> <h1>__TITLE__</h1> '); phpCAS::setHTMLFooter(' <hr> <address> phpCAS __PHPCAS_VERSION__, CAS __CAS_VERSION__ (__SERVER_BASE_URL__) </address> </body> </html> '); // force CAS authentication phpCAS::forceAuthentication(); // at this step, the user has been authenticated by the CAS server // and the user's login name can be read with phpCAS::getUser(). // for this test, simply print that the authentication was successfull ?> <html> <head> <title>phpCAS simple client with HTML output customization</title> </head> <body> <h1>Successfull Authentication!</h1> <p>the user's login is <b><?php echo phpCAS::getUser(); ?></b>.</p> <p>phpCAS version is <b><?php echo phpCAS::getVersion(); ?></b>.</p> </body> </html>
A CAS proxy
phpCAS can also make a PHP script act as a CAS proxy (calling external services).
A CAS proxy (example_proxy.php)
<?php // // phpCAS proxy client // // import phpCAS lib include_once('CAS.php'); // set debug mode phpCAS::setDebug(); // initialize phpCAS phpCAS::proxy(CAS_VERSION_2_0,'sso-cas.univ-rennes1.fr',443,''); // no SSL validation for the CAS server phpCAS::setNoCasServerValidation(); // force CAS authentication phpCAS::forceAuthentication(); // at this step, the user has been authenticated by the CAS server // and the user's login name can be read with phpCAS::getUser(). // moreover, a PGT was retrieved from the CAS server that will // permit to gain accesses to new services. ?> <html> <head> <title>phpCAS proxy example</title> </head> <body> <h1>phpCAS proxy example</h1> <p>the user's login is <b><?php echo phpCAS::getUser(); ?></b>.</p> <?php // access to external services $services = array('http://phpcas-test.ifsic.univ-rennes1.fr/examples/example_service.php', 'http://phpcas-test.ifsic.univ-rennes1.fr/examples/example_proxy2.php', 'http://www.ifsic.univ-rennes1.fr/xxx'); foreach ( $services as $service ) { echo '<h2>Response from service '.$service.'</h2><ul><hr>'; flush(); // call the service and change the color depending on the result if ( phpCAS::serviceWeb($service,$err_code,$output) ) { echo '<font color="#00FF00">'; } else { echo '<font color="#FF0000">'; } echo $output; echo '</font><hr></ul>'; } ?> </body> </html>
A CAS proxied client (example_service.php)
<?php // // phpCAS proxied client (service) // // import phpCAS lib include_once('CAS.php'); // set debug mode phpCAS::setDebug(); // initialize phpCAS phpCAS::client(CAS_VERSION_2_0,'sso-cas.univ-rennes1.fr',443,''); // no SSL validation for the CAS server phpCAS::setNoCasServerValidation(); // force CAS authentication phpCAS::forceAuthentication(); // at this step, the user has been authenticated by the CAS server // and the user's login name can be read with phpCAS::getUser(). // for this test, simply print that the authentication was successfull echo '<p>The user\'s login is <b>'.phpCAS::getUser().'</b>.</p>'; ?>
CAS proxies can be chained (a CAS proxied client can also be a proxy itself, example_proxy2.php)
<?php // // phpCAS proxied proxy // // import phpCAS lib include_once('CAS.php'); // set debug mode phpCAS::setDebug(); // initialize phpCAS phpCAS::proxy(CAS_VERSION_2_0,'sso-cas.univ-rennes1.fr',443,''); // no SSL validation for the CAS server phpCAS::setNoCasServerValidation(); // force CAS authentication phpCAS::forceAuthentication(); // at this step, the user has been authenticated by the CAS server // and the user's login name can be read with phpCAS::getUser(). // moreover, a PGT was retrieved from the CAS server that will // permit to gain accesses to new services. $service = 'http://phpcas-test.ifsic.univ-rennes1.fr/examples/example_service.php'; ?> <html> <head> <title>phpCAS proxied proxy example</title> </head> <body> <h1>phpCAS proxied proxy example</h1> <p>the user's login is <b><?php echo phpCAS::getUser(); ?></b>.</p> <h2>Response from service <?php echo $service; ?></h2><ul><hr> <?php flush(); // call a service and change the color depending on the result if ( phpCAS::serviceWeb($service,$err_code,$output) ) { echo '<font color="#00FF00">'; } else { echo '<font color="#FF0000">'; } echo $output; echo '</font><hr></ul>'; ?> </body> </html>
PGT storage configuration
PGT storage can be easily configured.
Onto the filesystem (example_file.php)
<?php // // phpCAS proxy client with PGT storage to file // // import phpCAS lib include_once('CAS.php'); phpCAS::setDebug(); // initialize phpCAS phpCAS::proxy(CAS_VERSION_2_0,'sso-cas.univ-rennes1.fr',443,''); // no SSL validation for the CAS server phpCAS::setNoCasServerValidation(); // set PGT storage to file in XML format in the same directory as session files phpCAS::setPGTStorageFile('xml',session_save_path()); // force CAS authentication phpCAS::forceAuthentication(); // at this step, the user has been authenticated by the CAS server // and the user's login name can be read with phpCAS::getUser(). // moreover, a PGT was retrieved from the CAS server that will // permit to gain accesses to new services. $service = 'https://cas.ifsic.univ-rennes1.fr/examples/example_service.php'; ?> <html> <head> <title>phpCAS proxy example with PGT storage to file</title> </head> <body> <h1>phpCAS proxy example with PGT storage to file</h1> <p>the user's login is <b><?php echo phpCAS::getUser(); ?></b>.</p> <h2>Response from service <?php echo $service; ?></h2><ul><hr> <?php flush(); // call a service and change the color depending on the result if ( phpCAS::serviceWeb($service,$err_code,$output) ) { echo '<font color="#00FF00">'; } else { echo '<font color="#FF0000">'; } echo $output; echo '</font><hr></ul>'; ?> </body> </html>
Into a database (example_db.php)
<?php // // phpCAS proxy client with PGT storage to database // // import phpCAS lib include_once('CAS.php'); // set debug mode phpCAS::setDebug(); // initialize phpCAS phpCAS::proxy(CAS_VERSION_2_0,'sso-cas.univ-rennes1.fr',443,''); // no SSL validation for the CAS server phpCAS::setNoCasServerValidation(); // set PGT storage to file in XML format in the same directory as session files phpCAS::setPGTStorageDB('user', 'password', '',// database_type defaults to `mysql' '',// hostname defaults to `localhost' 0,// use default port '',// database defaults to phpCAS '' // table defaults to `pgt' ); // force CAS authentication phpCAS::forceAuthentication(); // at this step, the user has been authenticated by the CAS server // and the user's login name can be read with phpCAS::getUser(). // moreover, a PGT was retrieved from the CAS server that will // permit to gain accesses to new services. $service = 'http://phpcas-test.univ-rennes1.fr/examples/example_service.php'; ?> <html> <head> <title>phpCAS proxy example with PGT storage to database</title> </head> <body> <h1>phpCAS proxy example with PGT storage to database</h1> <p>the user's login is <b><?php echo phpCAS::getUser(); ?></b>.</p> <h2>Response from service <?php echo $service; ?></h2><ul><hr> <?php flush(); // call a service and change the color depending on the result if ( phpCAS::serviceWeb($service,$err_code,$output) ) { echo '<font color="#00FF00">'; } else { echo '<font color="#FF0000">'; } echo $output; echo '</font><hr></ul>'; ?> </body> </html>
Advanced features
Sessioning between CAS proxies and services
Cookies sent by services are memorized by CAS proxies, which permits sessioning. An example of this feature can be for instance counting the number of requests performed by the CAS proxy to the client (example_session_service.php):
<?php // // phpCAS proxied client (service) with sessioning // // import phpCAS lib include_once('CAS.php'); // set debug mode phpCAS::setDebug(); // initialize phpCAS phpCAS::client(CAS_VERSION_2_0,'sso-cas.univ-rennes1.fr',443,''); // no SSL validation for the CAS server phpCAS::setNoCasServerValidation(); // force CAS authentication phpCAS::forceAuthentication(); // at this step, the user has been authenticated by the CAS server // and the user's login name can be read with phpCAS::getUser(). // for this test, simply print that the authentication was successfull echo '<p>The user\'s login is <b>'.phpCAS::getUser().'</b>.</p>'; // increment the number of requests of the session and print it echo '<p>request #'.(++$_SESSION\['n'\]).'</p>'; ?>
At the proxy level, nothing more has to be done (example_session_proxy.php):
<?php // // phpCAS proxied proxy // // import phpCAS lib include_once('CAS.php'); // set debug mode phpCAS::setDebug(); // initialize phpCAS phpCAS::proxy(CAS_VERSION_2_0,'sso-cas.univ-rennes1.fr',443,''); // no SSL validation for the CAS server phpCAS::setNoCasServerValidation(); // force CAS authentication phpCAS::forceAuthentication(); // at this step, the user has been authenticated by the CAS server // and the user's login name can be read with phpCAS::getUser(). // moreover, a PGT was retrieved from the CAS server that will // permit to gain accesses to new services. $service = 'http://phpcas-test.ifsic.univ-rennes1.fr/examples/example_session_service.php'; ?> <html> <head> <title>phpCAS proxied proxy example (with sessioning)</title> </head> <body> <h1>phpCAS proxied proxy example (with sessioning)</h1> <p>the user's login is <b><?php echo phpCAS::getUser(); ?></b>.</p> <h2>Response from service <?php echo $service; ?></h2><ul><hr> <?php flush(); // call a service and change the color depending on the result if ( phpCAS::serviceWeb($service,$err_code,$output) ) { echo '<font color="#00FF00">'; } else { echo '<font color="#FF0000">'; } echo $output; echo '</font><hr></ul>'; ?> </body> </html>
Only check authentication (gateway)
The possibility of using the CAS gateway feature (see http://www.ja-sig.org/wiki/display/CAS/gateway) was added in release 0.4.20 (example_gateway.php):
<?php // // phpCAS simple client // // import phpCAS lib include_once('CAS.php'); phpCAS::setDebug(); // initialize phpCAS phpCAS::client(CAS_VERSION_2_0,'sso-cas.univ-rennes1.fr',443,''); // no SSL validation for the CAS server phpCAS::setNoCasServerValidation(); if (isset($_REQUEST\['logout'\])) { phpCAS::logout(); } if (isset($_REQUEST\['login'\])) { phpCAS::forceAuthentication(); } // check CAS authentication $auth = phpCAS::checkAuthentication(); ?> <html> <head> <title>phpCAS simple client</title> </head> <body> <?php if ($auth) { // for this test, simply print that the authentication was successfull ?> <h1>Successfull Authentication\!</h1> <p>the user's login is <b><?php echo phpCAS::getUser(); ?></b>.</p> <p><a href="?logout=">Logout</a></p> <?php } else { ?> <h1>Guest mode</h1> <p><a href="?login=">Login</a></p> <?php } ?> <p>phpCAS version is <b><?php echo phpCAS::getVersion(); ?></b>.</p> </body> </html>
Handle logout requests from the CAS server
Support for central logout (Single Sign Out) was added in release 1.0.0.
By default, calling
phpCAS::handleLogoutRequests();
will handle only the logout requests incoming from the CAS server (declared in phpCAS::client() or phpCAS::proxy()).
To disable access control on logout requests, use:
phpCAS::handleLogoutRequests(false);
The hosts allowed to send logout requests can also be passed in an array:
phpCAS::handleLogoutRequests(true, array("server1.domain.edu", "server2.domain.edu"));
<?php // // phpCAS client that handles central logout requests from the CAS server // // import phpCAS lib include_once('CAS.php'); phpCAS::setDebug(); // initialize phpCAS phpCAS::client(CAS_VERSION_2_0,'sso-cas.univ-rennes1.fr',443,''); // no SSL validation for the CAS server phpCAS::setNoCasServerValidation(); // handle incoming logout requests phpCAS::handleLogoutRequests(); // force CAS authentication phpCAS::forceAuthentication(); // for this test, simply print that the authentication was successfull ?> <html> <head> <title>phpCAS simple client</title> </head> <body> <h1>Successfull Authentication\!</h1> <p>the user's login is <b><?php echo phpCAS::getUser(); ?></b>.</p> <p>phpCAS version is <b><?php echo phpCAS::getVersion(); ?></b>.</p> </body> </html>