046c996c2f
Squashed commit of the following:
commit 0e13a5278e11b288e48190dc26f31e96d06598dd
Author: Henri-Damien LAURENT <henridamien.laurent@biblibre.com>
Date: Wed Jan 19 21:24:39 2011 +0100
Bug 5630 : fixing C4/Auth.pm
commit b55abc7a0dc1ca43b2610a27246293e9a9346e18
Author: Matthias Meusburger <matthias.meusburger@biblibre.com>
Date: Wed Jan 19 21:24:38 2011 +0100
Bug 5630 : Adds CAS documentation
commit df0098a6a65465e6e734f99f65fb453dd3fa11d1
Author: Henri-Damien LAURENT <henridamien.laurent@biblibre.com>
Date: Wed Jan 19 21:24:37 2011 +0100
Bug 5630 : ilsdi service AuthenticatePatron doesn't with CAS syspref on
Signed-off-by: Henri-Damien LAURENT <henridamien.laurent@biblibre.com>
commit 31c8f0c0facfafae011ad24c9d458c50f2fad296
Author: Matthias Meusburger <matthias.meusburger@biblibre.com>
Date: Wed Jan 19 21:24:36 2011 +0100
Bug 5630 : Adds the ability to authenticate against multiple CAS servers
commit 9d0def826135d5756533dc0dcf8e0a107d1ac8fc
Author: Henri-Damien LAURENT <henridamien.laurent@biblibre.com>
Date: Wed Jan 19 21:24:34 2011 +0100
Auth_with_cas : removing a warning
$sth was defined twice in a function
Removing the second definition
commit 5ee550e9a2bb7ab6bc09f14fced6ce0df8011eb0
Author: Matthias Meusburger <matthias.meusburger@biblibre.com>
Date: Wed Jan 19 21:24:33 2011 +0100
Bug 6012 : MT 2270: CAS proxy
CAS Proxy
Examples included are now really usable
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
91 lines
2.9 KiB
Perl
Executable file
91 lines
2.9 KiB
Perl
Executable file
#!/usr/bin/perl
|
|
|
|
# Copyright 2009 SARL BibLibre
|
|
#
|
|
# This file is part of Koha.
|
|
#
|
|
# Koha is free software; you can redistribute it and/or modify it under the
|
|
# terms of the GNU General Public License as published by the Free Software
|
|
# Foundation; either version 2 of the License, or (at your option) any later
|
|
# version.
|
|
#
|
|
# Koha is distributed in the hope that it will be useful, but WITHOUT ANY
|
|
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
|
|
# A PARTICULAR PURPOSE. See the GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License along with
|
|
# Koha; if not, write to the Free Software Foundation, Inc., 59 Temple Place,
|
|
# Suite 330, Boston, MA 02111-1307 USA
|
|
|
|
=head1 DESCRIPTION
|
|
|
|
# Here is an exemple of a CAS Proxy
|
|
# The proxy is a foreign application that will authenticate the user against CAS
|
|
# Once authenticated as a proxy, the foreign application will be able to call some
|
|
# Koha webservices, proving authentication only by giving a proxy ticket
|
|
|
|
# Note: please keep in mind that all url's must be https and their certificates must be trusted
|
|
|
|
=cut
|
|
|
|
use strict;
|
|
use warnings;
|
|
use CGI;
|
|
use Authen::CAS::Client;
|
|
|
|
# URL Of the CAS Server
|
|
my $casServerUrl = 'https://localhost:8443/cas/';
|
|
my $cas = Authen::CAS::Client->new($casServerUrl);
|
|
my $cgi = new CGI;
|
|
|
|
# URL of the service we're requesting a Service Ticket for (typically this very same page)
|
|
my $proxy_service = $cgi->url;
|
|
|
|
|
|
# Callback URL (this is an URL the CAS Server will query, providing the Proxy Ticket we'll need
|
|
# to query the koha webservice). It can be this page or another. In this example, another page will be
|
|
# called back
|
|
my $pgtUrl = "https://.../proxy_cas_callback.pl";
|
|
|
|
print $cgi->header({-type => 'text/html'});
|
|
print $cgi->start_html("proxy cas");
|
|
|
|
# If we already have a service ticket
|
|
if ($cgi->param('ticket')) {
|
|
|
|
print "Got a ticket :" . $cgi->param('ticket') . "<br>\n";
|
|
|
|
# We validate it against the CAS Server, providing the callback URL
|
|
my $r = $cas->service_validate( $proxy_service, $cgi->param('ticket'), pgtUrl => $pgtUrl);
|
|
|
|
# If it is sucessful, we are authenticated
|
|
if( $r->is_success() ) {
|
|
print "User authenticated as: ", $r->user(), "<br>\n";
|
|
} else {
|
|
print "User authentication failed<br />\n";
|
|
}
|
|
|
|
# If we have a PGTIou ticket, the proxy validation was sucessful
|
|
if (defined $r->iou) {
|
|
print "Proxy granting ticket IOU: ", $r->iou, "<br />\n";
|
|
my $pgtIou = $r->iou;
|
|
|
|
print '<a href="proxy_cas_data.pl?PGTIOU=', $r->iou, '">Next</a>';
|
|
|
|
|
|
|
|
} else {
|
|
print "Service validation for proxying failed\n";
|
|
}
|
|
|
|
# If we don't have a Service Ticket, we ask for one (ie : the user will be redirected to the CAS Server for authentication)
|
|
} else {
|
|
|
|
my $url = $cas->login_url($proxy_service);
|
|
print "<a href=\"$url\">Please log in</a>";
|
|
}
|
|
|
|
print $cgi->end_html;
|
|
|
|
|
|
|