通过
搜索
搜索iu-vpcm / cas2
用于通过CAS 2.0进行IU登录的库
v1.0.2
2022-12-15 14:58 UTC
Requires
- phpunit/phpunit: ^9.5.18
README
首先,感谢Tom Gregory (@tomgreg) 和 Lee Hadley (@leehadle)。此库基于他们的工作。
实现带有IU Login 2.0 with CAS的脚本并不困难。希望这个库会使它变得更加简单。
请注意,此库仅在用户具有有效的iu凭据时进行验证。它不包含任何授权或权限功能。
为了使您的应用程序具有更细粒度的访问控制,请考虑实现基于角色的访问控制系统。
Tom Gregory的原始存储库(用于以前的CAS登录):https://github.com/tag/IuCasAuthentication
Lee Hadley的工作(用于当前CAS登录的工作脚本)
<?php # modified 1/26/22 to work with IU Login by Lee Hadley leehadley@iu.edu # please don't blame me for the original or the form app itself # it's better than when I found it :) session_save_path('/groups/office/sessions'); //UPDATE TO YOUR SESSIONS PATH session_start(); //THIS FUNCTION GETS THE CURRENT URL function curPageURL(){ $pageURL = 'http'; if ($_SERVER["HTTPS"] == "on") { $pageURL .= "s://"; if ($_SERVER["SERVER_PORT"] != "443") { $pageURL .= $_SERVER["HTTP_HOST"].":".$_SERVER["SERVER_PORT"].$_SERVER["REQUEST_URI"]; } else { $pageURL .= $_SERVER["HTTP_HOST"].$_SERVER["REQUEST_URI"]; } } else { $pageURL .= "://"; if ($_SERVER["SERVER_PORT"] != "80") { $pageURL .= $_SERVER["HTTP_HOST"].":".$_SERVER["SERVER_PORT"].$_SERVER["REQUEST_URI"]; } else { $pageURL .= $_SERVER["HTTP_HOST"].$_SERVER["REQUEST_URI"]; } } return $pageURL; }//END CURRENT URL FUNCTION //THIS FUNCTION SENDS THE USER TO CAS AND THEN BACK function cas_authenticate(){ $sid = SID; //Session ID # if(!isset($_SESSION['CAS'])){ $_SESSION['CAS'] = false; } //if the last session was over 15 minutes ago if (isset($_SESSION['LAST_SESSION']) && (time() - $_SESSION['LAST_SESSION'] > 900)) { $_SESSION['CAS'] = false; // set the CAS session to false } $authenticated = $_SESSION['CAS']; $casurl = curPageURL(); $iu_login = 'https://idp.login.iu.edu'; if(substr_count($casurl, 'sitehost-test')){ $iu_login = 'https://idp-stg.login.iu.edu'; } //send user to CAS login if not authenticated if (!$authenticated) { $_SESSION['LAST_SESSION'] = time(); // update last activity time stamp $_SESSION['CAS'] = true; echo '<META HTTP-EQUIV="Refresh" Content="0; URL=' . $iu_login . '/idp/profile/cas/login?service='.$casurl.'">'; exit; } if ($authenticated) { if (isset($_GET["ticket"])) { //set up validation URL to ask CAS if ticket is good $casurl = str_replace('?ticket='.$_GET['ticket'], '', $casurl); // validate the ticket $validate = $iu_login . '/idp/profile/cas/serviceValidate?ticket=' . $_GET['ticket'] . '&service=' . $casurl; // Set up curl, and tell it to fetch the cas ticket from the cas server specified $curl = curl_init(); curl_setopt($curl, CURLOPT_URL, $validate); curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1); $results = curl_exec($curl); // if the user is authenticated if (substr_count($results, 'authenticationSuccess')) { // set a session variable for the user $user = substr($results, strpos($results, '<cas:user>') + 10); $user = substr($user, 0, strpos($user, '</cas:user>')); $_SESSION['user'] = $user; } } else if (!isset($_SESSION['user'])) { //END GET CAS TICKET echo '<META HTTP-EQUIV="Refresh" Content="0; URL=' . $iu_login . '/idp/profile/cas/login?service='.$casurl.'">'; } } }//END CAS FUNCTION cas_authenticate(); //gets the username from the SESSION variable 'user' created by CAS $username = $_SESSION['user']; //CHANGE THIS LIST TO THE USERS YOU'D LIKE TO HAVE ACCESS //$users = array("user1", "user2", "user3"); //if(!in_array($username, $users)){ // die("Sorry you do not have access to this page."); //} //UNCOMMENT NEXT 3 LINES IF YOU'D LIKE TO RESTRICT TO A SINGLE USER //if($username != "user"){ // die("Sorry you do not have access to this page."); //} ?>
安装
2种方式:使用Composer或直接include/require
Composer
在您的composer项目根目录中运行以下命令,其中包含composer.json。
composer require iu-vpcm/cas2
纯PHP include/require
下载脚本,将其重命名为您想要的名称(例如cas2.php),然后在您的脚本中
require 'PATH-TO/cas2.php'; // or // inlcude 'PATH-TO/cas2.php'
用法
use Edu\IU\VPCM\IULoginCAS\IULoginCAS2; $cas = new IULoginCAS2();
进行验证
$cas->authenticate();
在验证后获取用户名
$username = $cas->getUsername(); //or //$username = $_SESSION['CAS_USER'];
注意:如果使用php -S localhost:PORT在本地开发应用程序时,库会检测到这一点,并跳过与IU Login 2.0的真实验证,同时设置一个假用户名fake_user。