phpCAS  version 1.4.0
example_hardening.php
Go to the documentation of this file.
1 <?php
2 
17 // Load the settings from the central config file
18 require_once 'config.php';
19 // Load the CAS lib
20 require_once $phpcas_path . '/CAS.php';
21 
22 // Enable debugging
23 phpCAS::setLogger();
24 // Enable verbose error messages. Disable in production!
25 phpCAS::setVerbose(false);
26 
27 // Harden session cookie to prevent some attacks on the cookie (e.g. XSS)
28 session_set_cookie_params($client_lifetime, $client_path, $client_domain, $client_secure, $client_httpOnly);
29 
30 // Initialize phpCAS
31 phpCAS::client(SAML_VERSION_1_1, $cas_host, $cas_port, $cas_context);
32 
33 // For production use set the CA certificate that is the issuer of the cert
34 // on the CAS server and uncomment the line below
35 phpCAS::setCasServerCACert($cas_server_ca_cert_path);
36 
37 // For quick testing you can disable SSL validation of the CAS server.
38 // THIS SETTING IS NOT RECOMMENDED FOR PRODUCTION.
39 // VALIDATING THE CAS SERVER IS CRUCIAL TO THE SECURITY OF THE CAS PROTOCOL!
40 // phpCAS::setNoCasServerValidation();
41 
42 // Handle SAML logout requests that emanate from the CAS host exclusively.
43 // Failure to restrict SAML logout requests to authorized hosts could
44 // allow denial of service attacks where at the least the server is
45 // tied up parsing bogus XML messages.
46 phpCAS::handleLogoutRequests(true, $cas_real_hosts);
47 
48 // Force CAS authentication on any page that includes this file
49 phpCAS::forceAuthentication();
50 
51 // Some small code triggered by the logout button
52 if (isset($_REQUEST['logout'])) {
53  phpCAS::logout();
54 }
55 ?>
56 <html>
57  <head>
58  <title>Advanced SAML 1.1 example</title>
59  </head>
60  <body>
61 <h2>Advanced SAML 1.1 example</h2>
62 <?php require 'script_info.php' ?>
63 
64 Authentication succeeded for user
65 <strong><?php echo phpCAS::getUser(); ?></strong>.
66 
67 <h3>User Attributes</h3>
68 <ul>
69 <?php
70 foreach (phpCAS::getAttributes() as $key => $value) {
71  if (is_array($value)) {
72  echo '<li>', $key, ':<ol>';
73  foreach ($value as $item) {
74  echo '<li><strong>', $item, '</strong></li>';
75  }
76  echo '</ol></li>';
77  } else {
78  echo '<li>', $key, ': <strong>', $value, '</strong></li>' . PHP_EOL;
79  }
80 }
81  ?>
82 </ul>
83 <p><a href="?logout=">Logout</a></p>
84 </body>
85 </html>
$client_domain
$client_domain
Definition: config.example.php:47
$client_path
$client_path
Definition: config.example.php:48
phpCAS\forceAuthentication
static forceAuthentication()
Definition: CAS.php:1146
phpCAS\getUser
static getUser()
Definition: CAS.php:1227
SAML_VERSION_1_1
const SAML_VERSION_1_1
Definition: CAS.php:91
$client_httpOnly
$client_httpOnly
Definition: config.example.php:50
phpCAS\handleLogoutRequests
static handleLogoutRequests($check_client=true, $allowed_clients=array())
Definition: CAS.php:1324
$cas_server_ca_cert_path
$cas_server_ca_cert_path
Definition: config.example.php:36
$cas_real_hosts
$cas_real_hosts
Definition: config.example.php:44
phpCAS\getAttributes
static getAttributes()
Definition: CAS.php:1246
$client_secure
$client_secure
Definition: config.example.php:49
phpCAS\client
static client($server_version, $server_hostname, $server_port, $server_uri, $changeSessionID=true, \SessionHandlerInterface $sessionHandler=null)
Definition: CAS.php:345
$phpcas_path
$phpcas_path
Definition: config.example.php:20
phpCAS\setLogger
static setLogger($logger=null)
Definition: CAS.php:448
$client_lifetime
$client_lifetime
Definition: config.example.php:51
phpCAS\logout
static logout($params="")
Definition: CAS.php:1480
phpCAS\setCasServerCACert
static setCasServerCACert($cert, $validate_cn=true)
Definition: CAS.php:1670
phpCAS\setVerbose
static setVerbose($verbose)
Definition: CAS.php:512
$cas_host
$cas_host
Definition: config.example.php:27
$cas_context
$cas_context
Definition: config.example.php:30
$cas_port
$cas_port
Definition: config.example.php:33
Generated by   doxygen 1.8.13