curl - Difficulties using PHP to authenticate with CAS -
i'm trying php login , authenticate cas single sign on server proving difficult.
the official site has basic source code here supposed handle authentication , log in user. far can see , in testing completes steps 1 , 2 in process (see diagram basic process). once i've logged test server can complete step 3 , retrieve service ticket url sent me page. there doesn't seem examples anywhere complete steps 4 , 5 of process. correct need write own code that?
i have attempted ticket , send off validation service using of own code curl or fsockopen no luck.
if (isset($_get['ticket'])) { $currentprotocol = (isset($_server['https']) && $_server['https'] != 'off') ? 'https://' : 'http://'; $requesturi = explode('?', $_server['request_uri']); $requesturi = $requesturi[0]; $ticket = $_get['ticket']; $port = ($_server['server_port'] != 80) ? ':8080' : ''; $currenturl = urlencode($currentprotocol . $_server['server_name'] . $port . $requesturi); $validateurl = 'ssl://server.com/cas/servicevalidate?service=' . $currenturl . '&ticket=' . $ticket; $errno = 0; $errstr = ''; $fp = fsockopen($validateurl, 443, $errno, $errstr, 30); if (!$fp) { echo "$errstr ($errno)<br />\n"; } else { var_dump($fp); $out = "get / http/1.1\r\n"; $out .= "host: www.example.com\r\n"; $out .= "connection: close\r\n\r\n"; fwrite($fp, $out); while (!feof($fp)) { echo fgets($fp, 128); } fclose($fp); } } i can legitimate response service if access through browser directly e.g:
https://server.com/cas/servicevalidate?service=http%3a%2f%2flocalhost%3a8080%2ftestcas%2fcas-client.php&ticket=st-35717-xliwq2ucccuks2wsvnmj-cas which returns xml response containing active directory user id:
<cas:serviceresponse xmlns:cas='http://www.server.com/cas'> <cas:authenticationsuccess> <cas:user>c314317</cas:user> </cas:authenticationsuccess> </cas:serviceresponse> but think need able access url directly server side php, once have user id can link our systems , log them site.
my problem there doesn't seem code handle ticket , validation side of things. can point me in right direction?
thanks much.
ok think solved problem curl. didn't have curlopt_ssl_verifypeer set false , that's why failing. can xml response php, process xml response , retrieve user id. here's code:
// current server address executing php $currentprotocol = (isset($_server['https']) && $_server['https'] != 'off') ? 'https://' : 'http://'; $requesturi = explode('?', $_server['request_uri']); $requesturi = $requesturi[0]; $ticket = $_get['ticket']; $port = ($_server['server_port'] != 80) ? ':' . $_server['server_port'] : ''; # don't need port if it's 80, needed if example test server running port 8080 $currenturl = $currentprotocol . $_server['server_name'] . $port . $requesturi; // setup validation url $validateurl = 'https://sso.server.com/cas/servicevalidate?service=' . strtolower(urlencode($currenturl)) . '&ticket=' . $ticket; // send request validate url $ch = curl_init(); curl_setopt($ch, curlopt_url, $validateurl); # url data curl_setopt($ch, curlopt_returntransfer, true); # return value of curl_exec() instead of outputting out directly. curl_setopt($ch, curlopt_connecttimeout, 120); # number of seconds wait while trying connect curl_setopt($ch, curlopt_timeout, 120); # maximum number of seconds allow curl functions execute curl_setopt($ch, curlopt_ssl_verifyhost, 2); # check existence of common name , verify matches hostname provided curl_setopt($ch, curlopt_ssl_verifypeer, false); # stop curl verifying peer's certificate curl_setopt($ch, curlopt_header, false); # don't include header in output // execute request , close handle $xml = curl_exec($ch); curl_close($ch); // user id xml using xpath $xml = new simplexmlelement($xml); $result = $xml->xpath('cas:authenticationsuccess/cas:user'); $userid = null; while(list( , $node) = each($result)) { $userid = (string) $node; } echo 'user: ' . $userid . "<br>";
Comments
Post a Comment