Add insecure parameter to allow connection on HTTP only CAS server (7a495ee)

index.php

@@ -19,6 +19,8 @@ $cas_servers=array(
 		'context' => '/cas',
 		// CAS server port
 		'port' => 443,
+		// If you running this application in HTTP only, uncomment following parameter
+		//'insecure' => true,
 		// Disable CAS server Validation
 		'ssl_validation' => false,
 		// If ssl_validation is enable you must define
@@ -33,6 +35,9 @@ $default_cas_server=key($cas_servers);
 // PhpCAS log file
 $phpCAS_logfile='/tmp/cas.log';
 
+// Local app URL (auto-detect on first acces if null)
+$service_url=null;
+
 /*
 
  ************************************
@@ -47,6 +52,23 @@ session_start();
 require $phpCAS_path;
 CAS_GracefullTerminationException::throwInsteadOfExiting();
 
+// Make sure service URL is defined (otherwise, load it from session or auto-detect) 
+if (is_null($service_url)) {
+	if (isset($_SESSION['service_url'])) {
+		$service_url = $_SESSION['service_url'];
+	}
+	else {
+		$https = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off');
+		$request_uri = $_SERVER['REQUEST_URI'];
+		$request_uri = preg_replace('/\?.*$/', '', $request_uri);
+		$service_url = "http".($https?"s":"")."://".$_SERVER['SERVER_NAME'];
+		if (($_SERVER['SERVER_PORT'] != 443 && $https) || ($_SERVER['SERVER_PORT'] != 80 && !$https))
+			$service_url .= ":".$_SERVER['SERVER_PORT'];
+		$service_url .= $request_uri;
+		$_SESSION['service_url'] = $service_url;
+	}
+}
+
 if (isset($_REQUEST['server']) && !isset($cas_servers[$_REQUEST['server']])) {
 	$warnings[]="Invalid CAS server choiced";
 	unset($_REQUEST['server']);
@@ -199,6 +221,7 @@ $phpCAS_config=array(
 	'CAS Hostname' => $cas_host,
 	'CAS server port' => $cas_servers[$cas_host]['port'],
 	'CAS server context' => $cas_servers[$cas_host]['context'],
+	'Service URL' => $service_url,
 );
 
 if (is_writable($phpCAS_logfile)) {
@@ -211,6 +234,28 @@ if (is_writable($phpCAS_logfile)) {
 }
 
 phpCAS::client(CAS_VERSION_2_0, $cas_host, $cas_servers[$cas_host]['port'], $cas_servers[$cas_host]['context']);
+phpCAS::setFixedServiceURL($service_url);
+
+if ($cas_servers[$cas_host]['insecure']) {
+	$phpCAS_config['Insecure'] = 'Yes';
+	$phpCAS_config['Base URL'] = 'http://'.$cas_host.($cas_servers[$cas_host]['port']?':'.$cas_servers[$cas_host]['port']:'').$cas_servers[$cas_host]['context'];
+	// Remove trailing slash if present
+	if (substr($phpCAS_config['Base URL'], -1)=='/')
+		$phpCAS_config['Base URL'] = substr($phpCAS_config['Base URL'], 0, -1);
+	$login_url = "$base_url/login";
+	$service_validate_url = "$base_url/serviceValidate";
+	$logout_url = "$base_url/logout";
+	$phpCAS_config['Login URL'] = $phpCAS_config['Base URL']."/login?service=".urlencode($service_url);
+	$phpCAS_config['Logout URL'] = $phpCAS_config['Base URL']."/logout";
+	$phpCAS_config['Service validate URL'] = $phpCAS_config['Base URL']."/serviceValidate";
+	phpCAS::setServerLoginURL($phpCAS_config['Login URL']);
+	phpCAS::setServerLogoutURL($phpCAS_config['Logout URL']);
+	phpCAS::setServerServiceValidateURL($phpCAS_config['Service validate URL']);
+	// Be sure SSL validation is disabled
+	$cas_servers[$cas_host]['ssl_validation'] = false;
+}
+else
+	$phpCAS_config['Insecure'] = 'No';
 
 echo "<div class='success'>Client successfully initialized</div>";
 
@@ -264,6 +309,7 @@ if (isset($_REQUEST['do'])) {
 			phpCAS::logout();
 			break;
 		case 'locallogout':
+			unset($_SESSION['session_url']);
 			unset($_SESSION['phpCAS']);
 			if (!isset($_SESSION['phpCAS'])) {
 				echo "<div class='success'>Successfully logout</div>";


...	...	@@ -19,6 +19,8 @@ $cas_servers=array(
19	19	'context' => '/cas',
20	20	// CAS server port
21	21	'port' => 443,
	22	+ // If you running this application in HTTP only, uncomment following parameter
	23	+ //'insecure' => true,
22	24	// Disable CAS server Validation
23	25	'ssl_validation' => false,
24	26	// If ssl_validation is enable you must define
...	...	@@ -33,6 +35,9 @@ $default_cas_server=key($cas_servers);
33	35	// PhpCAS log file
34	36	$phpCAS_logfile='/tmp/cas.log';
35	37
	38	+// Local app URL (auto-detect on first acces if null)
	39	+$service_url=null;
	40	+
36	41	/*
37	42
38	43	************************************
...	...	@@ -47,6 +52,23 @@ session_start();
47	52	require $phpCAS_path;
48	53	CAS_GracefullTerminationException::throwInsteadOfExiting();
49	54
	55	+// Make sure service URL is defined (otherwise, load it from session or auto-detect)
	56	+if (is_null($service_url)) {
	57	+ if (isset($_SESSION['service_url'])) {
	58	+ $service_url = $_SESSION['service_url'];
	59	+ }
	60	+ else {
	61	+ $https = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off');
	62	+ $request_uri = $_SERVER['REQUEST_URI'];
	63	+ $request_uri = preg_replace('/\?.*$/', '', $request_uri);
	64	+ $service_url = "http".($https?"s":"")."://".$_SERVER['SERVER_NAME'];
	65	+ if (($_SERVER['SERVER_PORT'] != 443 && $https) \|\| ($_SERVER['SERVER_PORT'] != 80 && !$https))
	66	+ $service_url .= ":".$_SERVER['SERVER_PORT'];
	67	+ $service_url .= $request_uri;
	68	+ $_SESSION['service_url'] = $service_url;
	69	+ }
	70	+}
	71	+
50	72	if (isset($_REQUEST['server']) && !isset($cas_servers[$_REQUEST['server']])) {
51	73	$warnings[]="Invalid CAS server choiced";
52	74	unset($_REQUEST['server']);
...	...	@@ -199,6 +221,7 @@ $phpCAS_config=array(
199	221	'CAS Hostname' => $cas_host,
200	222	'CAS server port' => $cas_servers[$cas_host]['port'],
201	223	'CAS server context' => $cas_servers[$cas_host]['context'],
	224	+ 'Service URL' => $service_url,
202	225	);
203	226
204	227	if (is_writable($phpCAS_logfile)) {
...	...	@@ -211,6 +234,28 @@ if (is_writable($phpCAS_logfile)) {
211	234	}
212	235
213	236	phpCAS::client(CAS_VERSION_2_0, $cas_host, $cas_servers[$cas_host]['port'], $cas_servers[$cas_host]['context']);
	237	+phpCAS::setFixedServiceURL($service_url);
	238	+
	239	+if ($cas_servers[$cas_host]['insecure']) {
	240	+ $phpCAS_config['Insecure'] = 'Yes';
	241	+ $phpCAS_config['Base URL'] = 'http://'.$cas_host.($cas_servers[$cas_host]['port']?':'.$cas_servers[$cas_host]['port']:'').$cas_servers[$cas_host]['context'];
	242	+ // Remove trailing slash if present
	243	+ if (substr($phpCAS_config['Base URL'], -1)=='/')
	244	+ $phpCAS_config['Base URL'] = substr($phpCAS_config['Base URL'], 0, -1);
	245	+ $login_url = "$base_url/login";
	246	+ $service_validate_url = "$base_url/serviceValidate";
	247	+ $logout_url = "$base_url/logout";
	248	+ $phpCAS_config['Login URL'] = $phpCAS_config['Base URL']."/login?service=".urlencode($service_url);
	249	+ $phpCAS_config['Logout URL'] = $phpCAS_config['Base URL']."/logout";
	250	+ $phpCAS_config['Service validate URL'] = $phpCAS_config['Base URL']."/serviceValidate";
	251	+ phpCAS::setServerLoginURL($phpCAS_config['Login URL']);
	252	+ phpCAS::setServerLogoutURL($phpCAS_config['Logout URL']);
	253	+ phpCAS::setServerServiceValidateURL($phpCAS_config['Service validate URL']);
	254	+ // Be sure SSL validation is disabled
	255	+ $cas_servers[$cas_host]['ssl_validation'] = false;
	256	+}
	257	+else
	258	+ $phpCAS_config['Insecure'] = 'No';
214	259
215	260	echo "<div class='success'>Client successfully initialized</div>";
216	261
...	...	@@ -264,6 +309,7 @@ if (isset($_REQUEST['do'])) {
264	309	phpCAS::logout();
265	310	break;
266	311	case 'locallogout':
	312	+ unset($_SESSION['session_url']);
267	313	unset($_SESSION['phpCAS']);
268	314	if (!isset($_SESSION['phpCAS'])) {
269	315	echo "<div class='success'>Successfully logout</div>";
270	316

test-cas-client