#!/usr/bin/perl # Copyright 2009 SARL BibLibre # # This file is part of Koha. # # Koha is free software; you can redistribute it and/or modify it under the # terms of the GNU General Public License as published by the Free Software # Foundation; either version 2 of the License, or (at your option) any later # version. # # Koha is distributed in the hope that it will be useful, but WITHOUT ANY # WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR # A PARTICULAR PURPOSE. See the GNU General Public License for more details. # # You should have received a copy of the GNU General Public License along with # Koha; if not, write to the Free Software Foundation, Inc., 59 Temple Place, # Suite 330, Boston, MA 02111-1307 USA =head1 DESCRIPTION # Here is an exemple of a CAS Proxy # The proxy is a foreign application that will authenticate the user against CAS # Once authenticated as a proxy, the foreign application will be able to call some # Koha webservices, proving authentication only by giving a proxy ticket # Note: please keep in mind that all url's must be https and their certificates must be trusted =cut use strict; use warnings; use CGI; use Authen::CAS::Client; # URL Of the CAS Server my $casServerUrl = 'https://localhost:8443/cas/'; my $cas = Authen::CAS::Client->new($casServerUrl); my $cgi = new CGI; # URL of the service we're requesting a Service Ticket for (typically this very same page) my $proxy_service = $cgi->url; # Callback URL (this is an URL the CAS Server will query, providing the Proxy Ticket we'll need # to query the koha webservice). It can be this page or another. In this example, another page will be # called back my $pgtUrl = "https://.../proxy_cas_callback.pl"; print $cgi->header({-type => 'text/html'}); print $cgi->start_html("proxy cas"); # If we already have a service ticket if ($cgi->param('ticket')) { print "Got a ticket :" . $cgi->param('ticket') . "
\n"; # We validate it against the CAS Server, providing the callback URL my $r = $cas->service_validate( $proxy_service, $cgi->param('ticket'), pgtUrl => $pgtUrl); # If it is sucessful, we are authenticated if( $r->is_success() ) { print "User authenticated as: ", $r->user(), "
\n"; } else { print "User authentication failed
\n"; } # If we have a PGTIou ticket, the proxy validation was sucessful if (defined $r->iou) { print "Proxy granting ticket IOU: ", $r->iou, "
\n"; my $pgtIou = $r->iou; print 'Next'; } else { print "Service validation for proxying failed\n"; } # If we don't have a Service Ticket, we ask for one (ie : the user will be redirected to the CAS Server for authentication) } else { my $url = $cas->login_url($proxy_service); print "Please log in"; } print $cgi->end_html;