Rev 12555 | Details | Compare with Previous | Last modification | View Log | RSS feed
| Rev | Author | Line No. | Line |
|---|---|---|---|
| 4993 | bpr | 1 | |
| 5417 | bpr | 2 | !!# Input variables: authdef=def file / superclass |
| 3 | !!# Parameters: NOTHING |
||
| 4 | !!# Output : auth_test,auth_error |
||
| 4993 | bpr | 5 | |
| 13868 | obado | 6 | !!# See https://apereo.github.io/cas/4.2.x/protocol/CAS-Protocol-Specification.html |
| 7 | !! to know more about CAS protocol |
||
| 8 | |||
| 4993 | bpr | 9 | auth_test=ERROR |
| 10 | |||
| 5015 | bpr | 11 | cas_auth = !defof class_cas_auth in $authdef |
| 12 | !default cas_auth=!defof cas_auth in wimshome/log/wims.conf |
||
| 4993 | bpr | 13 | |
| 14 | ticket = !replace internal & by $\ |
||
| 15 | $ in $module_init_parm |
||
| 5015 | bpr | 16 | module_init_parm=!replace &ticket=.* by in $module_init_parm |
| 5028 | bpr | 17 | type= !getopt type in $ticket |
| 8429 | bpr | 18 | ticket = !getopt ticket in $ticket |
| 4993 | bpr | 19 | !if $ticket != $empty |
| 12190 | bpr | 20 | url = $wims_ref_name?module=adm/class/classes&$module_init_parm |
| 21 | !read adm/codeurl $url |
||
| 22 | tmpdir=$wims_home/tmp/sessions/$wims_session |
||
| 13868 | obado | 23 | !sh mkdir -p $tmpdir |
| 24 | |||
| 25 | !! First, we test if the server handles service ticket validation [CAS 2.0] |
||
| 26 | response=!sh export wims_exec_parm="$cas_auth/serviceValidate?ticket=$ticket&service=$script_out" ;\ |
||
| 12191 | bpr | 27 | bin/webget > $tmpdir/getcas ; gunzip -c -f $tmpdir/getcas |
| 13868 | obado | 28 | |
| 29 | !if cas:serviceResponse isin $response |
||
| 12190 | bpr | 30 | !if authenticationFailure notin $response |
| 13868 | obado | 31 | !! Parse the serviceValidate answer (xml) |
| 12191 | bpr | 32 | !set auth_user=!detag $response |
| 12190 | bpr | 33 | !set auth_user=!nonempty lines $auth_user |
| 34 | !set auth_user=!line 1 of $auth_user |
||
| 35 | !set auth_user=!nospace $auth_user |
||
| 36 | !set auth_user=!lowercase $auth_user |
||
| 37 | !set auth_test=OK |
||
| 38 | !endif |
||
| 13868 | obado | 39 | !else |
| 40 | !! it was probably not a CAS 2.0 server. We test for [CAS 1.0] |
||
| 41 | response=!sh export wims_exec_parm="$cas_auth/validate?ticket=$ticket&service=$script_out" ;\ |
||
| 42 | bin/webget > $tmpdir/getcas ; gunzip -c -f $tmpdir/getcas |
||
| 43 | test2 = !line 1 of $response |
||
| 44 | !if $test2=yes |
||
| 45 | auth_user=!line 2 of $response |
||
| 46 | auth_user=!lowercase $auth_user |
||
| 47 | auth_test=OK |
||
| 48 | !endif |
||
| 12190 | bpr | 49 | !endif |
| 13868 | obado | 50 | |
| 51 | !if $auth_test!=OK |
||
| 52 | error=bad_cas_connexion |
||
| 53 | !exit |
||
| 54 | !endif |
||
| 55 | |||
| 4993 | bpr | 56 | !endif |
| 13868 | obado | 57 | |
| 5072 | bpr | 58 | auth_user_orig=$auth_user |
| 4993 | bpr | 59 | auth_error=$wims_exec_error |
| 60 | wims_exec_error= |