X-Git-Url: https://git.mdrn.pl/piwik-CASLogin.git/blobdiff_plain/237569a1cfdd478618b0ecda78a7ac13548c515f..dc6aefd9f59af623481149a8b6c71b973efd1196:/CAS/docs/examples/example_service.php diff --git a/CAS/docs/examples/example_service.php b/CAS/docs/examples/example_service.php new file mode 100644 index 0000000..9af528d --- /dev/null +++ b/CAS/docs/examples/example_service.php @@ -0,0 +1,94 @@ + + * @author Adam Franco + * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 + * @link https://wiki.jasig.org/display/CASC/phpCAS + */ + +// Load the settings from the central config file +require_once 'config.php'; +// Load the CAS lib +require_once $phpcas_path . '/CAS.php'; + +// Uncomment to enable debugging +phpCAS::setDebug(); + +// Initialize phpCAS +phpCAS::client(CAS_VERSION_2_0, $cas_host, $cas_port, $cas_context); + +// For production use set the CA certificate that is the issuer of the cert +// on the CAS server and uncomment the line below +// phpCAS::setCasServerCACert($cas_server_ca_cert_path); + +// For quick testing you can disable SSL validation of the CAS server. +// THIS SETTING IS NOT RECOMMENDED FOR PRODUCTION. +// VALIDATING THE CAS SERVER IS CRUCIAL TO THE SECURITY OF THE CAS PROTOCOL! +phpCAS::setNoCasServerValidation(); + +// If you want your service to be proxied you have to enable it (default +// disabled) and define an accepable list of proxies that are allowed to +// proxy your service. +// +// Add each allowed proxy definition object. For the normal CAS_ProxyChain +// class, the constructor takes an array of proxies to match. The list is in +// reverse just as seen from the service. Proxies have to be defined in reverse +// from the service to the user. If a user hits service A and gets proxied via +// B to service C the list of acceptable on C would be array(B,A). The definition +// of an individual proxy can be either a string or a regexp (preg_match is used) +// that will be matched against the proxy list supplied by the cas server +// when validating the proxy tickets. The strings are compared starting from +// the beginning and must fully match with the proxies in the list. +// Example: +// phpCAS::allowProxyChain(new CAS_ProxyChain(array( +// 'https://app.example.com/' +// ))); +// phpCAS::allowProxyChain(new CAS_ProxyChain(array( +// '/^https:\/\/app[0-9]\.example\.com\/rest\//', +// 'http://client.example.com/' +// ))); +phpCAS::allowProxyChain(new CAS_ProxyChain(array($pgtUrlRegexp))); +phpCAS::allowProxyChain( + new CAS_ProxyChain( + array('/^' . $pgtBase . 'example_service_that_proxies.php$/', + '/^' . $pgtBase . 'example_proxy_serviceWeb_chaining.php$/' + ) + ) +); + +// For quick testing or in certain production screnarios you might want to +// allow allow any other valid service to proxy your service. To do so, add +// the "Any" chain: +// phpcas::allowProxyChain(new CAS_ProxyChain_Any); +// THIS SETTING IS HOWEVER NOT RECOMMENDED FOR PRODUCTION AND HAS SECURITY +// IMPLICATIONS: YOU ARE ALLOWING ANY SERVICE TO ACT ON BEHALF OF A USER +// ON THIS SERVICE. +//phpcas::allowProxyChain(new CAS_ProxyChain_Any); + +// force CAS authentication +phpCAS::forceAuthentication(); + +print '

I am a service that can be proxied.

'; + +// at this step, the user has been authenticated by the CAS server +// and the user's login name can be read with phpCAS::getUser(). +require 'script_info.php'; + +// for this test, simply print that the authentication was successfull +echo '

The user\'s login is ' . phpCAS::getUser() . '.

'; + +// increment the number of requests of the session and print it +if (!isset($_SESSION['n'])) { + $_SESSION['n'] = 0; +} +echo '

request #' . (++$_SESSION['n']) . '

'; + +?>