diff --git a/config-templates/cas-ldap.php b/config-templates/cas-ldap.php
new file mode 100755
index 0000000000000000000000000000000000000000..0eba48abd858bb113dfcc69f8f6ac46586035632
--- /dev/null
+++ b/config-templates/cas-ldap.php
@@ -0,0 +1,39 @@
+<?php
+/*
+ * The configuration of simpleSAMLphp
+ *
+ *
+ */
+
+$casldapconfig = array (
+ 'idpentityid.example.org' => array(
+ 'cas' => array(
+ 'login' => 'https://idpentityid.example.org/cas/login',
+ 'validate' => 'https://idpentityid.example.org/cas/validate',
+ ),
+ 'ldap' => array(
+ 'servers' => 'idpentityid.example.org',
+ 'enable_tls' => false,
+ 'searchbase' => 'dc=example,dc=org',
+ 'searchattributes' => 'uid',
+ 'attributes' => array('cn', 'mail'),
+ ),
+ ),
+ 'idpentityid2.example.org' => array(
+ 'cas' => array(
+ 'login' => 'https://idpentityid2.example.org/login',
+ 'validate' => 'https://idpentityid2.example.org/validate',
+ ),
+ 'ldap' => array(
+ 'servers' => 'ldap://idpentityid2.example.org',
+ 'enable_tls' => false,
+ 'searchbase' => 'ou=users,dc=example,dc=org',
+ 'searchattributes' => array('uid', 'mail'), # array for being able to login with either uid or mail.
+ 'attributes' => null,
+ 'priv_user_dn' => 'uid=admin,ou=users,dc=example,dc=org',
+ 'priv_user_pw' => 'xxxxx',
+ ),
+ ),
+
+);
+?>
\ No newline at end of file
diff --git a/config-templates/config.php b/config-templates/config.php
index 23a2f3a646865e76e0b77301bf23173115bb8f57..be9e75a17db4f0230a9f5cf3bff03df837b16d0d 100644
--- a/config-templates/config.php
+++ b/config-templates/config.php
@@ -383,4 +383,4 @@ $config = array (
);
-?>
\ No newline at end of file
+?>
diff --git a/dictionaries/errors.php b/dictionaries/errors.php
index ab89b8f9b52566ed0b73be3199172f7461e566c6..dc5506859347290131d32807528b54592228b528 100644
--- a/dictionaries/errors.php
+++ b/dictionaries/errors.php
@@ -55,7 +55,11 @@ $lang = array(
'descr_SLOSERVICEPARAMS' => 'You accessed the SingleLogoutService interface, but did not provide a SAML LogoutRequest or LogoutResponse.',
'title_ACSPARAMS' => 'No SAML response provided',
- 'descr_ACSPARAMS' => 'You accessed the Assertion Consumer Service interface, but did not provide a SAML Authentication Response.'
+ 'descr_ACSPARAMS' => 'You accessed the Assertion Consumer Service interface, but did not provide a SAML Authentication Response.',
+
+ 'title_CASERROR' => 'CAS Error',
+ 'descr_CASERROR' => 'Error when communicating with the CAS server.'
+
)
);
\ No newline at end of file
diff --git a/docs/source/simplesamlphp-idp.xml b/docs/source/simplesamlphp-idp.xml
index 775826b33bbab863cff73691c321d2d410a6c04a..6bbf37de8cffd06be72dc857bc408fc504d81142 100644
--- a/docs/source/simplesamlphp-idp.xml
+++ b/docs/source/simplesamlphp-idp.xml
@@ -7,7 +7,7 @@
<articleinfo>
<date>2007-10-15</date>
- <pubdate>Thu Feb 28 11:22:45 2008</pubdate>
+ <pubdate>Tue Mar 11 20:59:28 2008</pubdate>
<author>
<firstname>Andreas Ă…kre</firstname>
diff --git a/docs/source/simplesamlphp-install.xml b/docs/source/simplesamlphp-install.xml
index 1d269503e6c6b232759d1124ae6fec20b50477fa..e59340bbc5fd2c3b4c8ef4687cd12515e5c7a607 100644
--- a/docs/source/simplesamlphp-install.xml
+++ b/docs/source/simplesamlphp-install.xml
@@ -7,7 +7,7 @@
<articleinfo>
<date>2007-08-30</date>
- <pubdate>Sat Mar 8 22:44:07 2008</pubdate>
+ <pubdate>Tue Mar 11 21:00:08 2008</pubdate>
<author>
<firstname>Andreas Ă…kre</firstname>
diff --git a/docs/source/simplesamlphp-sp.xml b/docs/source/simplesamlphp-sp.xml
index e7122e8a4becf5938fd1159e7bc3b35e37af2753..93d862e5922adfb52b97d47f61638ae10eb2ddca 100644
--- a/docs/source/simplesamlphp-sp.xml
+++ b/docs/source/simplesamlphp-sp.xml
@@ -7,7 +7,7 @@
<articleinfo>
<date>2007-10-15</date>
- <pubdate>Wed Mar 5 15:38:05 2008</pubdate>
+ <pubdate>Tue Mar 11 21:00:41 2008</pubdate>
<author>
<firstname>Andreas Ă…kre</firstname>
diff --git a/www/auth/login-cas-ldap.php b/www/auth/login-cas-ldap.php
new file mode 100755
index 0000000000000000000000000000000000000000..8f18ee6e624e6f1e50762efab3c554c3f4a11ef8
--- /dev/null
+++ b/www/auth/login-cas-ldap.php
@@ -0,0 +1,142 @@
+<?php
+
+/**
+ * This file is part of SimpleSAMLphp. See the file COPYING in the
+ * root of the distribution for licence information.
+ *
+ * This file implements authentication of users using CAS.
+ *
+ * @author Mads Freek, RUC.
+ * @package simpleSAMLphp
+ * @version $Id$
+ */
+
+require_once('../../www/_include.php');
+require_once((isset($SIMPLESAML_INCPREFIX)?$SIMPLESAML_INCPREFIX:'') . 'SimpleSAML/Utilities.php');
+require_once((isset($SIMPLESAML_INCPREFIX)?$SIMPLESAML_INCPREFIX:'') . 'SimpleSAML/Session.php');
+require_once((isset($SIMPLESAML_INCPREFIX)?$SIMPLESAML_INCPREFIX:'') . 'SimpleSAML/Auth/LDAP.php');
+require_once((isset($SIMPLESAML_INCPREFIX)?$SIMPLESAML_INCPREFIX:'') . 'SimpleSAML/Metadata/MetaDataStorageHandler.php');
+
+$config = SimpleSAML_Configuration::getInstance();
+$session = SimpleSAML_Session::getInstance(TRUE);
+
+try {
+ $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
+ // TODO: Make this authentication module independent from SAML 2.0
+ $idpentityid = $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted');
+
+ $ldapconfigfile = $config->getBaseDir() . 'config/cas-ldap.php';
+ require_once($ldapconfigfile);
+
+ if (!array_key_exists($idpentityid, $casldapconfig)) {
+ throw new Exception('No CAS authentication configuration for this SAML 2.0 entity ID [' . $idpentityid . ']');
+ }
+
+ $idpconfig = $casldapconfig[$idpentityid];
+
+} catch (Exception $exception) {
+ SimpleSAML_Utilities::fatalError($session->getTrackID(), 'METADATA', $exception);
+}
+
+/*
+ * Load the RelayState argument. The RelayState argument contains the address
+ * we should redirect the user to after a successful authentication.
+ */
+if (!array_key_exists('RelayState', $_REQUEST)) {
+ SimpleSAML_Utilities::fatalError($session->getTrackID(), 'NORELAYSTATE');
+}
+
+
+
+
+
+
+
+
+
+function casValidate($cas) {
+
+ $service = SimpleSAML_Utilities::selfURL();
+ $service = preg_replace("/(\?|&)?ticket=.*/", "", $service); # always tagged on by cas
+
+ /**
+ * Got response from CAS server.
+ */
+ if (isset($_GET['ticket'])) {
+
+ $ticket = urlencode($_GET['ticket']);
+
+ #ini_set('default_socket_timeout', 15);
+ $result = file_get_contents($cas['validate'] . '?ticket=' . $ticket . '&service=' . urlencode($service) );
+ $res = preg_split("/\n/",$result);
+
+ if (strcmp($res[0], "yes") == 0) {
+ return $res[1];
+ } else {
+ throw new Exception("Failed to validate CAS service ticket: $ticket");
+ }
+
+ /**
+ * First request, will redirect the user to the CAS server for authentication.
+ */
+ } else {
+ SimpleSAML_Logger::info("AUTH - cas-ldap: redirecting to {$cas['login']}");
+ SimpleSAML_Utilities::redirect($cas['login'], array(
+ 'renew' => 'true',
+ 'service' => $service
+ ));
+ }
+}
+
+
+
+try {
+
+
+
+
+
+ $relaystate = $_REQUEST['RelayState'];
+
+ $username = casValidate($idpconfig['cas']);
+ SimpleSAML_Logger::info('AUTH - cas-ldap: '. $username . ' authenticated by ' . $idpconfig['cas']['validate']);
+
+
+
+ /*
+ * Connecting to LDAP.
+ */
+ $ldap = new SimpleSAML_Auth_LDAP($idpconfig['ldap']['servers'], $idpconfig['ldap']['enable_tls']);
+
+ if ($idpconfig['ldap']['priv_user_dn']) {
+
+ if (!$ldap->bind($idpconfig['ldap']['priv_user_dn'], $idpconfig['ldap']['priv_user_pw']) ) {
+ throw new Exception('Could not bind with system user: ' . $idpconfig['ldap']['priv_user_dn']);
+ }
+ }
+
+ /*
+ * Search for user in LDAP.
+ */
+ $dn = $ldap->searchfordn($idpconfig['ldap']['searchbase'], $idpconfig['ldap']['searchattributes'], $username);
+
+ /*
+ * Retrieve attributes from LDAP
+ */
+ $attributes = $ldap->getAttributes($dn, $idpconfig['ldap']['attributes']);
+
+
+ $session->setAuthenticated(true, 'login-cas-ldap');
+ $session->setAttributes($attributes);
+
+ $session->setNameID(array(
+ 'value' => SimpleSAML_Utilities::generateID(),
+ 'Format' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'));
+ SimpleSAML_Utilities::redirect($relaystate);
+
+} catch(Exception $exception) {
+ SimpleSAML_Utilities::fatalError($session->getTrackID(), 'CASERROR', $exception);
+}
+
+
+?>
\ No newline at end of file