Menu

PhpCAS

In order to provide authentication service to web application https://mathesis.asu.edu/somss/, I have used phpCAS 1.3.5. Before using it, we have to ensure about the following requirements:

CURL (7.5+)

CURL libs must be present on your system, and they must have been compiled with SSL support.

For PHP >= 5.4 (PHP >= 4.2.2 for 1.1.x) (Our version is php 7.0)

phpCAS users must have PHP compiled with the following options:

  • –with-curl: CURL support, needed to access proxies.(MOST IMPORTANT)
  • –with-openssl: SSL support, needed for fopen(‘https://…’), to validate CAS tickets;
  • –with-dom: DOM support, to read the XML responses of the CAS server (PHP4);
  • –with-zlib: Zlib support, needed by DOM.

When storing Horde user preferences to MySQL databases:

  • –with-mysql: MySQL support.

How to check if cURL is disabled in your system.

Try this code:-

<?php
echo '<pre>';
var_dump(curl_version());
echo '</pre>';
?>

If cURL is disabled you will see this error.

Fatal error: Call to undefined function curl_version() in testcurl.php on line .

If cURL is enabled you will see a long list of attributes, like this.

array(9) {
["version_number"]=>
int(461570)
["age"]=>
int(1)
["features"]=>
int(540)
["ssl_version_number"]=>
int(9465919)
["version"]=>
string(6) "7.11.2"
["host"]=>
string(13) "i386-pc-win32"
["ssl_version"]=>
string(15) " OpenSSL/0.9.7c"
["libz_version"]=>
string(5) "1.1.4"
["protocols"]=>
array(9) {
[0]=>
string(3) "ftp"
[1]=>
string(6) "gopher"
[2]=>
string(6) "telnet"
[3]=>
string(4) "dict"
[4]=>
string(4) "ldap"
[5]=>
string(4) "http"
[6]=>
string(4) "file"
[7]=>
string(5) "https"
[8]=>
string(4) "ftps"
}
}

If you are getting an error, as shown above, then cURL is not enabled. You can enable it by making some changes in  “php.ini” file. Normally, it would be in

/etc/php/7.0/cli/php.ini

and in the file “php.ini”: search for keyword “curl” to find this line Below and change it from

;extension=php_curl.dll

To:


extension=php_curl.dll

i.e. just remove the ‘;’.

Next, save your file “php.ini”.

Finally, In your command line restart your server by running:sudo service apache2 restart.

How to install CAS?

1. Download CAS file from here, https://wiki.jasig.org/display/CASC/phpCAS, and put the CAS folder in /var/www/ folder only.

2. in the config.php, you can make changes in the config.example.php, to create your own configuration for the CAS. 

Complete Workflow of phpCAS:

phpCASoverview-2.png

Example:-

if everything works fine then, try this example

<?php

/**
 *   Example for a simple cas 2.0 client
 *
 * PHP Version 5
 *
 * @file     example_simple.php
 * @category Authentication
 * @package  PhpCAS
 * @author   Joachim Fritschi <jfritschi@freenet.de>
 * @author   Adam Franco <afranco@middlebury.edu>
 * @license  http://www.apache.org/licenses/LICENSE-2.0 ;; Apache License 2.0
 * @link     https://wiki.jasig.org/display/CASC/phpCAS
 */

// Load the settings from the central config file
require_once ‘config.php’; // path of config.php inside CAS folder
// Load the CAS lib
require_once $phpcas_path . ‘CAS.php’; // path of CAS.php inside CAS folder

// Enable debugging
phpCAS::setDebug();
// Enable verbose error messages. Disable in production!
phpCAS::setVerbose(true);

// Initialize phpCAS
phpCAS::client(CAS_VERSION_2_0, $cas_host, $cas_port, $cas_context);

// For production use set the CA certificate that is the issuer of the cert
// on the CAS server and uncomment the line below
// phpCAS::setCasServerCACert($cas_server_ca_cert_path);

// For quick testing you can disable SSL validation of the CAS server.
// THIS SETTING IS NOT RECOMMENDED FOR PRODUCTION.
// VALIDATING THE CAS SERVER IS CRUCIAL TO THE SECURITY OF THE CAS PROTOCOL!
phpCAS::setNoCasServerValidation();

// force CAS authentication
echo phpCAS::forceAuthentication();

// at this step, the user has been authenticated by the CAS server
// and the user’s login name can be read with phpCAS::getUser().

// logout if desired
if (isset($_REQUEST[‘logout’])) {
    phpCAS::logout();
}

// for this test, simply print that the authentication was successfull
?>
<html>
  <head>
    <title>phpCAS simple client</title>
  </head>
  <body>
    <h1>Successfull Authentication!</h1>
    <p>the user’s login is <b><?php echo phpCAS::getUser(); ?></b>.</p>
    <p>phpCAS version is <b><?php echo phpCAS::getVersion(); ?></b>.</p>
    <p><a href=”?logout=”>Logout</a></p>
  </body>
</html>

The output should be like this:

Successfull Authentication!

the user’s login is ***Your USER NAME***.

phpCAS version is ***YOUR CAS VERSION***.

Logout

Last posts

Sidebar