2 /** External authentication via CAS for FusionForge
3 * Copyright 2007, Benoit Lavenier <benoit.lavenier@ifremer.fr>
4 * Copyright 2011, Roland Mas
6 * This file is part of FusionForge
8 * This plugin, like FusionForge, is free software; you can redistribute it
9 * and/or modify it under the terms of the GNU General Public License
10 * as published by the Free Software Foundation; either version 2 of
11 * the License, or (at your option) any later version.
13 * FusionForge is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with FusionForge; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 US
23 require_once $GLOBALS['gfcommon'].'include/User.class.php';
25 // from phpCAS (https://wiki.jasig.org/display/CASC/phpCAS)
26 require_once 'CAS.php';
29 * Authentication manager for FusionForge CASification
32 class AuthCASPlugin extends ForgeAuthPlugin {
33 function AuthCASPlugin () {
35 $this->ForgeAuthPlugin() ;
36 $this->name = "authcas";
37 $this->text = "CAS authentication";
39 $this->_addHook('display_auth_form');
40 $this->_addHook("check_auth_session");
41 $this->_addHook("fetch_authenticated_user");
42 $this->_addHook("close_auth_session");
44 $this->saved_login = '';
45 $this->saved_user = NULL;
47 $this->cookie_name = 'forge_session_cas';
49 $this->declareConfigVars();
52 private static $init = false;
59 phpCAS::client(forge_get_config('cas_version', $this->name),
60 forge_get_config('cas_server', $this->name),
61 intval(forge_get_config('cas_port', $this->name)),
63 if (forge_get_config('validate_server_certificate', $this->name)) {
66 phpCAS::setNoCasServerValidation();
73 * Display a form to input credentials
74 * @param unknown_type $params
77 function displayAuthForm($params) {
78 if (!$this->isRequired() && !$this->isSufficient()) {
81 $return_to = $params['return_to'];
85 echo '<h2>'._('CAS authentication').'</h2>';
87 echo '<form action="' . util_make_url('/plugins/authcas/post-login.php') . '" method="get">
88 <input type="hidden" name="form_key" value="' . form_generate_key() . '"/>
89 <input type="hidden" name="return_to" value="' . htmlspecialchars(stripslashes($return_to)) . '" />
90 <p><input type="submit" name="login" value="' . _('Login via CAS') . '" />
96 * Is there a valid session?
97 * @param unknown_type $params
99 function checkAuthSession(&$params) {
102 $this->saved_user = NULL;
105 $user_id_from_cookie = $this->checkSessionCookie();
106 if ($user_id_from_cookie) {
107 $user = user_get_object($user_id_from_cookie);
108 $this->login($user->getUnixName());
109 } elseif (phpCAS::isAuthenticated()) {
110 $this->login(phpCAS::getUser());
114 if ($this->isSufficient()) {
115 $this->saved_user = $user;
116 $params['results'][$this->name] = FORGE_AUTH_AUTHORITATIVE_ACCEPT;
119 $params['results'][$this->name] = FORGE_AUTH_NOT_AUTHORITATIVE;
122 if ($this->isRequired()) {
123 $params['results'][$this->name] = FORGE_AUTH_AUTHORITATIVE_REJECT;
125 $params['results'][$this->name] = FORGE_AUTH_NOT_AUTHORITATIVE;
131 * What GFUser is logged in?
132 * @param unknown_type $params
134 function fetchAuthUser(&$params) {
135 if ($this->saved_user && $this->isSufficient()) {
136 $params['results'] = $this->saved_user;
140 function closeAuthSession($params) {
143 if ($this->isSufficient() || $this->isRequired()) {
144 $this->unsetSessionCookie();
145 // logs user out from CAS
146 // TODO : make it optional to not mess with other apps' SSO sessions with CAS
147 phpCAS::logoutWithRedirectService(util_make_url('/'));
154 * Terminate an authentication session
155 * @param unknown_type $params
158 protected function declareConfigVars() {
159 parent::declareConfigVars();
161 forge_define_config_item ('cas_server', $this->name, 'cas.example.com');
162 forge_define_config_item ('cas_port', $this->name, 443);
163 forge_define_config_item ('cas_version', $this->name, '2.0');
165 forge_define_config_item('validate_server_certificate', $this->name, 'no');
166 forge_set_config_item_bool('validate_server_certificate', $this->name);
173 // c-file-style: "bsd"