diff --git a/bin/build-release.sh b/bin/build-release.sh
index 8bf0b36295bd7d4ed51eba8101ed3da24be35914..944878ed39b7fde9e97b1f9ed9c7c8513ee0c667 100755
--- a/bin/build-release.sh
+++ b/bin/build-release.sh
@@ -53,6 +53,7 @@ php "$TARGET/composer.phar" require --update-no-dev simplesamlphp/simplesamlphp-
php "$TARGET/composer.phar" require --update-no-dev simplesamlphp/simplesamlphp-module-authtwitter
php "$TARGET/composer.phar" require --update-no-dev simplesamlphp/simplesamlphp-module-authx509
php "$TARGET/composer.phar" require --update-no-dev simplesamlphp/simplesamlphp-module-authwindowslive
+php "$TARGET/composer.phar" require --update-no-dev simplesamlphp/simplesamlphp-module-cas
php "$TARGET/composer.phar" require --update-no-dev simplesamlphp/simplesamlphp-module-cdc
php "$TARGET/composer.phar" require --update-no-dev simplesamlphp/simplesamlphp-module-consent
php "$TARGET/composer.phar" require --update-no-dev simplesamlphp/simplesamlphp-module-consentadmin
diff --git a/composer.json b/composer.json
index 45622d5dc9d43a316b78862dbeda9288aeac221a..90dfe66bf01c89fc013cc96b136fc75347f572c7 100644
--- a/composer.json
+++ b/composer.json
@@ -53,6 +53,7 @@
"simplesamlphp/simplesamlphp-module-authtwitter": "^1.0",
"simplesamlphp/simplesamlphp-module-authwindowslive": "^1.0",
"simplesamlphp/simplesamlphp-module-authx509": "^1.0.0",
+ "simplesamlphp/simplesamlphp-module-cas": "^1.0",
"simplesamlphp/simplesamlphp-module-cdc": "^1.0",
"simplesamlphp/simplesamlphp-module-consent": "^1.0",
"simplesamlphp/simplesamlphp-module-consentadmin": "^1.0",
diff --git a/modules/cas/default-disable b/modules/cas/default-disable
deleted file mode 100644
index fa0bd82e2df7bd79d57593d35bc53c1f9d3ef71f..0000000000000000000000000000000000000000
--- a/modules/cas/default-disable
+++ /dev/null
@@ -1,3 +0,0 @@
-This file indicates that the default state of this module
-is disabled. To enable, create a file named enable in the
-same directory as this file.
diff --git a/modules/cas/docs/cas.md b/modules/cas/docs/cas.md
deleted file mode 100644
index 5bfd50cadc72aa500a46ddec9ae173d68f0326d6..0000000000000000000000000000000000000000
--- a/modules/cas/docs/cas.md
+++ /dev/null
@@ -1,36 +0,0 @@
-Using the CAS authentication source with SimpleSAMLphp
-==========================================================
-
-This is completely based on the original cas authentication,
-the only diffrence is this is authentication module and not a script.
-
-Setting up the CAS authentication module
-----------------------------------
-
-The first thing you need to do is to enable the cas module:
-
- touch modules/cas/enable
-
-Adding a authentication source
-
-example authsource.php
-----------------------------------
-
- 'example-cas' => array(
- 'cas:CAS',
- 'cas' => array(
- 'login' => 'https://cas.example.com/login',
- 'validate' => 'https://cas.example.com/validate',
- 'logout' => 'https://cas.example.com/logout'
- ),
- 'ldap' => array(
- 'servers' => 'ldaps://ldaps.example.be:636/',
- 'enable_tls' => true,
- 'searchbase' => 'ou=people,dc=org,dc=com',
- 'searchattributes' => 'uid',
- 'attributes' => array('uid','cn'),
- 'priv_user_dn' => 'cn=simplesamlphp,ou=applications,dc=org,dc=com',
- 'priv_user_pw' => 'password',
-
- ),
- ),
diff --git a/modules/cas/lib/Auth/Source/CAS.php b/modules/cas/lib/Auth/Source/CAS.php
deleted file mode 100644
index e4a231327ae88937d0707574a61fdadde028ba9d..0000000000000000000000000000000000000000
--- a/modules/cas/lib/Auth/Source/CAS.php
+++ /dev/null
@@ -1,257 +0,0 @@
-<?php
-
-namespace SimpleSAML\Module\cas\Auth\Source;
-
-/**
- * Authenticate using CAS.
- *
- * Based on www/auth/login-cas.php by Mads Freek, RUC.
- *
- * @author Danny Bollaert, UGent.
- * @package SimpleSAMLphp
- */
-
-class CAS extends \SimpleSAML\Auth\Source
-{
- /**
- * The string used to identify our states.
- */
- const STAGE_INIT = '\SimpleSAML\Module\cas\Auth\Source\CAS.state';
-
- /**
- * The key of the AuthId field in the state.
- */
- const AUTHID = '\SimpleSAML\Module\cas\Auth\Source\CAS.AuthId';
-
- /**
- * @var array with ldap configuration
- */
- private $ldapConfig;
-
- /**
- * @var array cas configuration
- */
- private $casConfig;
-
- /**
- * @var string cas chosen validation method
- */
-
- private $validationMethod;
-
- /**
- * @var string cas login method
- */
- private $loginMethod;
-
- /**
- * Constructor for this authentication source.
- *
- * @param array $info Information about this authentication source.
- * @param array $config Configuration.
- */
- public function __construct($info, $config)
- {
- assert(is_array($info));
- assert(is_array($config));
-
- // Call the parent constructor first, as required by the interface
- parent::__construct($info, $config);
-
- if (!array_key_exists('cas', $config)) {
- throw new \Exception('cas authentication source is not properly configured: missing [cas]');
- }
-
- if (!array_key_exists('ldap', $config)) {
- throw new \Exception('ldap authentication source is not properly configured: missing [ldap]');
- }
-
- $this->casConfig = $config['cas'];
- $this->ldapConfig = $config['ldap'];
-
- if (isset($this->casConfig['serviceValidate'])) {
- $this->validationMethod = 'serviceValidate';
- } elseif (isset($this->casConfig['validate'])) {
- $this->validationMethod = 'validate';
- } else {
- throw new \Exception("validate or serviceValidate not specified");
- }
-
- if (isset($this->casConfig['login'])) {
- $this->loginMethod = $this->casConfig['login'];
- } else {
- throw new \Exception("cas login URL not specified");
- }
- }
-
-
- /**
- * This the most simple version of validating, this provides only authentication validation
- *
- * @param string $ticket
- * @param string $service
- *
- * @return array username and attributes
- */
- private function casValidate($ticket, $service)
- {
- $url = \SimpleSAML\Utils\HTTP::addURLParameters($this->casConfig['validate'], [
- 'ticket' => $ticket,
- 'service' => $service,
- ]);
- $result = \SimpleSAML\Utils\HTTP::fetch($url);
- $res = preg_split("/\r?\n/", $result);
-
- if (strcmp($res[0], "yes") == 0) {
- return [$res[1], []];
- } else {
- throw new \Exception("Failed to validate CAS service ticket: $ticket");
- }
- }
-
-
- /**
- * Uses the cas service validate, this provides additional attributes
- *
- * @param string $ticket
- * @param string $service
- *
- * @return array username and attributes
- */
- private function casServiceValidate($ticket, $service)
- {
- $url = \SimpleSAML\Utils\HTTP::addURLParameters(
- $this->casConfig['serviceValidate'],
- [
- 'ticket' => $ticket,
- 'service' => $service,
- ]
- );
- $result = \SimpleSAML\Utils\HTTP::fetch($url);
-
- $dom = \SAML2\DOMDocumentFactory::fromString($result);
- $xPath = new \DOMXpath($dom);
- $xPath->registerNamespace("cas", 'http://www.yale.edu/tp/cas');
- $success = $xPath->query("/cas:serviceResponse/cas:authenticationSuccess/cas:user");
- if ($success->length == 0) {
- $failure = $xPath->evaluate("/cas:serviceResponse/cas:authenticationFailure");
- throw new \Exception("Error when validating CAS service ticket: ".$failure->item(0)->textContent);
- } else {
- $attributes = [];
- if ($casattributes = $this->casConfig['attributes']) {
- // Some has attributes in the xml - attributes is a list of XPath expressions to get them
- foreach ($casattributes as $name => $query) {
- $attrs = $xPath->query($query);
- foreach ($attrs as $attrvalue) {
- $attributes[$name][] = $attrvalue->textContent;
- }
- }
- }
- $casusername = $success->item(0)->textContent;
-
- return [$casusername, $attributes];
- }
- }
-
-
- /**
- * Main validation method, redirects to correct method
- * (keeps finalStep clean)
- *
- * @param string $ticket
- * @param string $service
- * @return array username and attributes
- */
- protected function casValidation($ticket, $service)
- {
- switch ($this->validationMethod) {
- case 'validate':
- return $this->casValidate($ticket, $service);
- case 'serviceValidate':
- return $this->casServiceValidate($ticket, $service);
- default:
- throw new \Exception("validate or serviceValidate not specified");
- }
- }
-
-
- /**
- * Called by linkback, to finish validate/ finish logging in.
- * @param array $state
- * @return void
- */
- public function finalStep(&$state)
- {
- $ticket = $state['cas:ticket'];
- $stateID = \SimpleSAML\Auth\State::saveState($state, self::STAGE_INIT);
- $service = \SimpleSAML\Module::getModuleURL('cas/linkback.php', ['stateID' => $stateID]);
- list($username, $casattributes) = $this->casValidation($ticket, $service);
- $ldapattributes = [];
-
- $config = \SimpleSAML\Configuration::loadFromArray(
- $this->ldapConfig,
- 'Authentication source '.var_export($this->authId, true)
- );
- if ($this->ldapConfig['servers']) {
- $ldap = new \SimpleSAML\Auth\LDAP(
- $config->getString('servers'),
- $config->getBoolean('enable_tls', false),
- $config->getBoolean('debug', false),
- $config->getInteger('timeout', 0),
- $config->getInteger('port', 389),
- $config->getBoolean('referrals', true)
- );
- $ldapattributes = $ldap->validate($this->ldapConfig, $username);
- }
- $attributes = array_merge_recursive($casattributes, $ldapattributes);
- $state['Attributes'] = $attributes;
-
- \SimpleSAML\Auth\Source::completeAuth($state);
- }
-
-
- /**
- * Log-in using cas
- *
- * @param array &$state Information about the current authentication.
- * @return void
- */
- public function authenticate(&$state)
- {
- assert(is_array($state));
-
- // We are going to need the authId in order to retrieve this authentication source later
- $state[self::AUTHID] = $this->authId;
-
- $stateID = \SimpleSAML\Auth\State::saveState($state, self::STAGE_INIT);
-
- $serviceUrl = \SimpleSAML\Module::getModuleURL('cas/linkback.php', ['stateID' => $stateID]);
-
- \SimpleSAML\Utils\HTTP::redirectTrustedURL($this->loginMethod, ['service' => $serviceUrl]);
- }
-
-
- /**
- * Log out from this authentication source.
- *
- * This function should be overridden if the authentication source requires special
- * steps to complete a logout operation.
- *
- * If the logout process requires a redirect, the state should be saved. Once the
- * logout operation is completed, the state should be restored, and completeLogout
- * should be called with the state. If this operation can be completed without
- * showing the user a page, or redirecting, this function should return.
- *
- * @param array &$state Information about the current logout operation.
- * @return void
- */
- public function logout(&$state)
- {
- assert(is_array($state));
- $logoutUrl = $this->casConfig['logout'];
-
- \SimpleSAML\Auth\State::deleteState($state);
- // we want cas to log us out
- \SimpleSAML\Utils\HTTP::redirectTrustedURL($logoutUrl);
- }
-}
diff --git a/modules/cas/www/linkback.php b/modules/cas/www/linkback.php
deleted file mode 100644
index 0b062a060b0a7841ce1d867dba5a0939c723e2be..0000000000000000000000000000000000000000
--- a/modules/cas/www/linkback.php
+++ /dev/null
@@ -1,27 +0,0 @@
-<?php
-
-/**
- * Handle linkback() response from CAS.
- */
-
-if (!isset($_GET['stateID'])) {
- throw new \SimpleSAML\Error\BadRequest('Missing stateID parameter.');
-}
-$state = \SimpleSAML\Auth\State::loadState($_GET['stateID'], \SimpleSAML\Module\cas\Auth\Source\CAS::STAGE_INIT);
-
-if (!isset($_GET['ticket'])) {
- throw new \SimpleSAML\Error\BadRequest('Missing ticket parameter.');
-}
-$state['cas:ticket'] = (string) $_GET['ticket'];
-
-// Find authentication source
-assert(array_key_exists(\SimpleSAML\Module\cas\Auth\Source\CAS::AUTHID, $state));
-$sourceId = $state[\SimpleSAML\Module\cas\Auth\Source\CAS::AUTHID];
-
-/** @var \SimpleSAML\Module\cas\Auth\Source\CAS|null $source */
-$source = \SimpleSAML\Auth\Source::getById($sourceId);
-if ($source === null) {
- throw new \Exception('Could not find authentication source with id '.$sourceId);
-}
-
-$source->finalStep($state);