Initial checkin of CAS Server in simpleSAMLphp. Implemented as a module. Works...

Initial checkin of CAS Server in simpleSAMLphp. Implemented as a module. Works with saml2 and shib13. documentation TBD. git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@1056 44740490-163a-0410-bde0-09ae8108e29a

Initial checkin of CAS Server in simpleSAMLphp. Implemented as a module. Works...
Initial checkin of CAS Server in simpleSAMLphp. Implemented as a module. Works with saml2 and shib13. documentation TBD. git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@1056 44740490-163a-0410-bde0-09ae8108e29a
4d5c9a01 · Andreas Åkre Solberg · c4175a77 · 4d5c9a01 · 4d5c9a01 · 4d5c9a01
Commit 4d5c9a01 authored 16 years ago by Andreas Åkre Solberg
--- a/modules/casserver/config-templates/module_casserver.php
+++ b/modules/casserver/config-templates/module_casserver.php
+<?php
+/* 
+ * Configuration for the module casserver.
+ * 
+ * $Id: $
+ */
+$config = array (
+	'legal_service_urls' => array(
+		'http://test.feide.no/casclient',
+		'http://test.feide.no/cas2',
+	),
+	// Legal values: saml2, shib13
+	'auth' => 'saml2',
+	'ticketcache' => 'ticketcache',
+	'attrname' => 'mail', // 'eduPersonPrincipalName',
+);
+?>
--- a/modules/casserver/default-disable
+++ b/modules/casserver/default-disable
--- a/modules/casserver/www/login.php
+++ b/modules/casserver/www/login.php
+<?php
+/*
+ * Incomming parameters:
+ *  service
+ *  renew
+ *  gateway
+ *  
+ */
+if (!array_key_exists('service', $_GET))
+	throw new Exception('Required URL query parameter [service] not provided. (CAS Server)');
+$service = $_GET['service'];
+$renew = FALSE;
+$gateway = FALSE;
+if (array_key_exists('renew', $_GET)) {
+	$renew = TRUE;
+}
+if (array_key_exists('gateway', $_GET)) {
+	$gateway = TRUE;
+	throw new Exception('CAS gateway to SAML IsPassive: Not yet implemented properly.');
+}
+/* Load simpleSAMLphp, configuration and metadata */
+$config = SimpleSAML_Configuration::getInstance();
+$casconfig = $config->copyFromBase('casconfig', 'module_casserver.php');
+$session = SimpleSAML_Session::getInstance();
+$legal_service_urls = $casconfig->getValue('legal_service_urls');
+if (!checkServiceURL($service, $legal_service_urls))
+	throw new Exception('Service parameter provided to CAS server is not listed as a legal service: [service] = ' . $service);
+$auth = $casconfig->getValue('auth', 'saml2');
+if (!in_array($auth, array('saml2', 'shib13')))
+	throw new Exception('CAS Service configured to use [auth] = ' . $auth . ' only [saml2,shib13] is legal.');
+if (!$session->isValid($auth) ) {
+	SimpleSAML_Utilities::redirect(
+		'/' . $config->getBaseURL() . $auth . '/sp/initSSO.php',
+		array('RelayState' => SimpleSAML_Utilities::selfURL() )
+	);
+}
+$attributes = $session->getAttributes();
+$path = $casconfig->resolvePath($casconfig->getValue('ticketcache', 'ticketcache'));
+$ticket = SimpleSAML_Utilities::generateID();
+storeTicket($ticket, $path, $attributes);
+// $test = retrieveTicket($ticket, $path);
+SimpleSAML_Utilities::redirect(
+	SimpleSAML_Utilities::addURLparameter($service,
+		array('ticket' => $ticket)
+	)
+);
+function storeTicket($ticket, $path, &$value ) {
+	if (!is_dir($path)) 
+		throw new Exception('Directory for CAS Server ticket storage [' . $path . '] does not exists. ');
+	if (!is_writable($path)) 
+		throw new Exception('Directory for CAS Server ticket storage [' . $path . '] is not writable. ');
+	$filename = $path . '/' . $ticket;
+	file_put_contents($filename, serialize($value));
+}
+function retrieveTicket($ticket, $path) {
+	if (!is_dir($path)) 
+		throw new Exception('Directory for CAS Server ticket storage [' . $path . '] does not exists. ');
+	$filename = $path . '/' . $ticket;
+	return unserialize(file_get_contents($filename));
+}
+function checkServiceURL($service, array $legal_service_urls) {
+	foreach ($legal_service_urls AS $legalurl) {
+		if (strpos($service, $legalurl) === 0) return TRUE;
+	}
+	return FALSE;
+}
+?>
\ No newline at end of file
--- a/modules/casserver/www/serverValidate.php
+++ b/modules/casserver/www/serverValidate.php
+<?php
+/*
+ * Incomming parameters:
+ *  service
+ *  renew
+ *  ticket
+ *
+ */
+if (!array_key_exists('service', $_GET))
+	throw new Exception('Required URL query parameter [service] not provided. (CAS Server)');
+$service = $_GET['service'];
+if (!array_key_exists('ticket', $_GET))
+	throw new Exception('Required URL query parameter [ticket] not provided. (CAS Server)');
+$ticket = $_GET['ticket'];
+$renew = FALSE;
+if (array_key_exists('renew', $_GET)) {
+	$renew = TRUE;
+}
+try {
+	/* Load simpleSAMLphp, configuration and metadata */
+	$config = SimpleSAML_Configuration::getInstance();
+	$casconfig = $config->copyFromBase('casconfig', 'module_casserver.php');
+	$path = $casconfig->resolvePath($casconfig->getValue('ticketcache', 'ticketcache'));
+	$ticketcontent = retrieveTicket($ticket, $path);
+	$usernamefield = $casconfig->getValue('attrname', 'eduPersonPrincipalName');
+	if (array_key_exists($usernamefield, $ticketcontent)) {
+		returnResponse('YES', $ticketcontent[$usernamefield][0]);
+	} else {
+		returnResponse('NO');
+	}
+} catch (Exception $e) {
+	returnResponse('NO', $e->getMessage());
+}
+function returnResponse($value, $content = '') {
+	if ($value === 'YES') {
+		echo '<cas:serviceResponse xmlns:cas="http://www.yale.edu/tp/cas">
+    <cas:authenticationSuccess>
+	<cas:user>' . htmlentities($content) . '</cas:user>
+    </cas:authenticationSuccess>
+</cas:serviceResponse>';
+	} else {
+		echo '<cas:serviceResponse xmlns:cas="http://www.yale.edu/tp/cas">
+    <cas:authenticationFailure code="...">
+	' . $content . '
+    </cas:authenticationFailure>
+</cas:serviceResponse>';
+	}
+}
+function storeTicket($ticket, $path, &$value ) {
+	if (!is_dir($path)) 
+		throw new Exception('Directory for CAS Server ticket storage [' . $path . '] does not exists. ');
+	if (!is_writable($path)) 
+		throw new Exception('Directory for CAS Server ticket storage [' . $path . '] is not writable. ');
+	$filename = $path . '/' . $ticket;
+	file_put_contents($filename, serialize($value));
+}
+function retrieveTicket($ticket, $path) {
+	if (!preg_match('/^_?[a-zA-Z0-9]+$/', $ticket)) throw new Exception('Invalid characters in ticket');
+	if (!is_dir($path)) 
+		throw new Exception('Directory for CAS Server ticket storage [' . $path . '] does not exists. ');
+	$filename = $path . '/' . $ticket;
+	if (!file_exists($filename))
+		throw new Exception('Could not find ticket');
+	$content = file_get_contents($filename);
+	unlink($filename);
+	return unserialize($content);
+}
+?>
\ No newline at end of file
--- a/modules/casserver/www/validate.php
+++ b/modules/casserver/www/validate.php
+<?php
+/*
+ * Incomming parameters:
+ *  service
+ *  renew
+ *  ticket
+ *
+ */
+if (!array_key_exists('service', $_GET))
+	throw new Exception('Required URL query parameter [service] not provided. (CAS Server)');
+$service = $_GET['service'];
+if (!array_key_exists('ticket', $_GET))
+	throw new Exception('Required URL query parameter [ticket] not provided. (CAS Server)');
+$ticket = $_GET['ticket'];
+$renew = FALSE;
+if (array_key_exists('renew', $_GET)) {
+	$renew = TRUE;
+}
+try {
+	/* Load simpleSAMLphp, configuration and metadata */
+	$config = SimpleSAML_Configuration::getInstance();
+	$casconfig = $config->copyFromBase('casconfig', 'module_casserver.php');
+	$path = $casconfig->resolvePath($casconfig->getValue('ticketcache', 'ticketcache'));
+	$ticketcontent = retrieveTicket($ticket, $path);
+	$usernamefield = $casconfig->getValue('attrname', 'eduPersonPrincipalName');
+	if (array_key_exists($usernamefield, $ticketcontent)) {
+		returnResponse('YES', $ticketcontent[$usernamefield][0]);
+	} else {
+		returnResponse('NO');
+	}
+} catch (Exception $e) {
+	returnResponse('NO');
+}
+function returnResponse($value, $username = '') {
+	if ($value === 'YES') {
+		echo 'YES' . "\n" . $username;
+	} else {
+		echo 'NO' . "\n";
+	}
+}
+function storeTicket($ticket, $path, &$value ) {
+	if (!is_dir($path)) 
+		throw new Exception('Directory for CAS Server ticket storage [' . $path . '] does not exists. ');
+	if (!is_writable($path)) 
+		throw new Exception('Directory for CAS Server ticket storage [' . $path . '] is not writable. ');
+	$filename = $path . '/' . $ticket;
+	file_put_contents($filename, serialize($value));
+}
+function retrieveTicket($ticket, $path) {
+	if (!preg_match('/^_?[a-zA-Z0-9]+$/', $ticket)) throw new Exception('Invalid characters in ticket');
+	if (!is_dir($path)) 
+		throw new Exception('Directory for CAS Server ticket storage [' . $path . '] does not exists. ');
+	$filename = $path . '/' . $ticket;
+	if (!file_exists($filename))
+		throw new Exception('Could not find ticket');
+	$content = file_get_contents($filename);
+	unlink($filename);
+	return unserialize($content);
+}
+?>
\ No newline at end of file