AuthCAS − Client library for JA−SIG CAS 2.0 authentication server
Version 1.7
AuthCAS aims at providing a Perl API to JA-SIG Central Authentication System (CAS). Only a basic Perl library is provided with CAS whereas AuthCAS is a full object-oriented library.
This script requires IO::Socket::SSL and LWP::UserAgent
A simple example
with a direct CAS authentication
use AuthCAS;
my $cas = new AuthCAS(casUrl => 'https://cas.myserver,
CAFile => '/etc/httpd/conf/ssl.crt/ca−bundle.crt',
);
my $login_url =
$cas−>getServerLoginURL('http://myserver/app.cgi');
## The user should be redirected to the $login_url
## When coming back from the CAS server a ticket is provided
in the QUERY_STRING
## $ST should contain the receaved Service Ticket
my $user =
$cas−>validateST('http://myserver/app.cgi', $ST);
printf "User authenticated as %s\n", $user;
In the following example a proxy is requesting a Proxy
Ticket for the target application
$cas−>proxyMode(pgtFile => '/tmp/pgt.txt',
pgtCallbackUrl => 'https://myserver/proxy.cgi?callback=1
);
## Same as before but the URL is the proxy URL
my $login_url =
$cas−>getServerLoginURL('http://myserver/proxy.cgi');
## Like in the previous example we should receave a $ST
my $user =
$cas−>validateST('http://myserver/proxy.cgi', $ST);
## Process errors
printf STDERR "Error: %s\n",
&AuthCAS::get_errors() unless (defined $user);
## Now we request a Proxy Ticket for the target application
my $PT =
$cas−>retrievePT('http://myserver/app.cgi');
## This piece of code is executed by the target application
## It received a Proxy Ticket from the proxy
my ($user, @proxies) =
$cas−>validatePT('http://myserver/app.cgi', $PT);
printf "User authenticated as %s via %s
proxies\n", $user, join(',',@proxies);
Jasig CAS is Yale University’s web authentication system, heavily inspired by Kerberos. Release 2.0 of CAS provides "proxied credential" feature that allows authentication tickets to be carried by intermediate applications (Portals for instance), they are called proxy.
This AuthCAS Perl module provides required subroutines to validate and retrieve CAS tickets.
my $cas = new
AuthCAS(
casUrl => 'https://cas.myserver',
CAFile => '/etc/httpd/conf/ssl.crt/ca−bundle.crt',
);
The
"new" constructor lets you create a new
AuthCAS object.
casUrl − REQUIRED
CAFile
CAPath
loginPath − ’/login’
logoutPath − ’/logout’
serviceValidatePath − ’/serviceValidate’
proxyPath − ’/proxy’
proxyValidatePath − ’/proxyValidate’
SSL_version − unset
Sets the version of the SSL protocol used to transmit data. If the default causes connection issues, setting it to ’SSLv3’ may help. see the documentation for "METHODS" in IO::Socket::SSL for more information see <http://www.perlmonks.org/?node_id=746493> for more details.
Returns a new AuthCAS or dies on error.
Return module errors
Use the CAS
object as a proxy
pgtFile =item pgtCallbackUrl
Returns a URL that you can redirect the browser to, which includes the URL to return to
TODO: it escapes the return URL, but I’ve noticed some issues with more complicated URL’s
Returns non-blocking login URL ie: if user is logged in, return the ticket, otherwise do not prompt for login
Return logout URL After logout user is redirected back to the application
Returns
Returns
Returns
Validate a Service Ticket Also used to get a PGT
Returns the login that created the ticket, if the ticket is valid for that $service URL
returns undef if the ticket is not valid.
Validate a Proxy Ticket
Returns the
login that created the ticket, if the ticket is valid for
that $service URL,
and a list of Proxies used.
user returned == undef if its not a valid ticket
## Access a CAS URL and parses received XML
Returns
Returns
request a document using https, return status and content
Sven suspects this is intended to be private.
Returns
JA-SIG Central Authentication Service <http://www.jasig.org/cas>
was Yale Central Authentication Service <http://www.yale.edu/tp/auth/>
phpCAS <http://esup−phpcas.sourceforge.net/>
Copyright (C)
2003, 2005,2006,2007,2009 Olivier Salaun −
Comité Réseau des
Universités <http://www.cru.fr>
2012 Sven Dowideit −
<mailto:[email protected]>
This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself.
Olivier Salaun
Sven Dowideit