Apache2-AuthCASpbh
view release on metacpan or search on metacpan
released under this License and any conditions added under section
7. This requirement modifies the requirement in section 4 to
"keep intact all notices".
c) You must license the entire work, as a whole, under this
License to anyone who comes into possession of a copy. This
License will therefore apply, along with any applicable section 7
additional terms, to the whole of the work, and all its parts,
regardless of how they are packaged. This License gives no
permission to license the work in any other way, but it does not
invalidate such permission if you have separately received it.
d) If the work has interactive user interfaces, each must display
Appropriate Legal Notices; however, if the Program has interactive
interfaces that do not display Appropriate Legal Notices, your
work need not make them do so.
A compilation of a covered work with other separate and independent
works, which are not by their nature extensions of the covered work,
and which are not combined with it such as to form a larger program,
in or on a volume of a storage or distribution medium, is called an
lib/Apache2/AuthCASpbh.pm view on Meta::CPAN
=item C<AuthCAS_RemoveServiceTicket>
Whether or not to remove the ticket parameter from the request arguments (eg,
query string) after it is processed; by default disabled. Note that the value
is only removed from the Apache args variable, not from the unparsed URI; if an
application directly accesses the unparsed URI it will still see the value.
=item C<AuthCAS_RequestPGT>
Whether or not to request a proxy granting ticket when a client service ticket
is validated; by default disabled.
=item C<AuthCAS_ServerURL>
The URL value to access the CAS authentication server; by default
"http://localhost/cas". For example:
AuthCAS_ServerURL https://idp.my.domain/idp/profile/cas
=item C<AuthCAS_ServiceOverride>
lib/Apache2/AuthCASpbh/Authn.pm view on Meta::CPAN
};
$service = Apache2::Util::escape_path($service, $r->pool);
my $st = $q->param('ticket');
if ($st) {
my $ua = LWP::UserAgent->new(timeout => 10, keep_alive => 1);
my $proxy_allow = cfg_value($dir_cfg, 'ProxyAllow');
my $proxy_allow_re = cfg_value($dir_cfg, 'ProxyAllowRE');
my $validate_url = cfg_value($dir_cfg, 'ServerURL') .
(defined($proxy_allow) || defined($proxy_allow_re) ?
cfg_value($dir_cfg, 'ProxyValidatePath') :
cfg_value($dir_cfg, 'ServiceValidatePath')) .
"?service=$service&ticket=$st";
$_log->l($debug_level, "validating via URL $validate_url");
if (cfg_value($dir_cfg, 'RequestPGT')) {
my $pgt_callback = cfg_value($dir_cfg, 'PGTCallback');
if ($pgt_callback !~ m#^https://#) {
$pgt_callback = 'https://' . $r->server->server_hostname .
$pgt_callback;
}
$_log->l($debug_level, "using PGT callback $pgt_callback");
$pgt_callback = Apache2::Util::escape_path($pgt_callback, $r->pool);
$validate_url .= "&pgtUrl=$pgt_callback";
}
my $response;
$response = $ua->get($validate_url);
if(!$response->is_success()) {
$_log->l('error', 'ticket validation call failed - ' .
$response->status_line());
return Apache2::Const::SERVER_ERROR;
}
my $cas_data = eval { XML::Simple::XMLin($response->content(),
ForceArray => [ 'cas:proxy' ]); };
if ($@) {
$_log->l('error', "ticket validation xml parse failed - $@");
return Apache2::Const::SERVER_ERROR;
}
if (exists($cas_data->{'cas:authenticationSuccess'})) {
my $cas_success = $cas_data->{'cas:authenticationSuccess'};
my $user = $cas_success->{'cas:user'};
$_log->l($debug_level, "validated user $user");
$r->user($user);
my $cas_proxy;
if (defined($proxy_allow) || defined($proxy_allow_re)) {
if (exists($cas_success->{'cas:proxies'}{'cas:proxy'})) {
$cas_proxy = $cas_success->{'cas:proxies'}{'cas:proxy'};
if (!_allowed_proxy($_log, $debug_level, $cas_proxy,
$proxy_allow, $proxy_allow_re)) {
$_log->l('notice', 'proxy chain (' .
( run in 0.674 second using v1.01-cache-2.11-cpan-a5abf4f5562 )