Rev 12555 | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log | RSS feed
| Rev 12555 | Rev 13868 | ||
|---|---|---|---|
| Line 4... | Line 4... | ||
| 4 | !!# Output : auth_test,auth_error |
4 | !!# Output : auth_test,auth_error |
| - | 5 | ||
| - | 6 | !!# See https://apereo.github.io/cas/4.2.x/protocol/CAS-Protocol-Specification.html |
|
| - | 7 | !! to know more about CAS protocol |
|
| 5 | 8 | ||
| 6 | auth_test=ERROR |
9 | auth_test=ERROR |
| 7 | 10 | ||
| 8 | cas_auth = !defof class_cas_auth in $authdef |
11 | cas_auth = !defof class_cas_auth in $authdef |
| 9 | !default cas_auth=!defof cas_auth in wimshome/log/wims.conf |
12 | !default cas_auth=!defof cas_auth in wimshome/log/wims.conf |
| Line 15... | Line 18... | ||
| 15 | ticket = !getopt ticket in $ticket |
18 | ticket = !getopt ticket in $ticket |
| 16 | !if $ticket != $empty |
19 | !if $ticket != $empty |
| 17 | url = $wims_ref_name?module=adm/class/classes&$module_init_parm |
20 | url = $wims_ref_name?module=adm/class/classes&$module_init_parm |
| 18 | !read adm/codeurl $url |
21 | !read adm/codeurl $url |
| 19 | tmpdir=$wims_home/tmp/sessions/$wims_session |
22 | tmpdir=$wims_home/tmp/sessions/$wims_session |
| 20 | response=!sh export wims_exec_parm="$cas_auth/validate?ticket=$ticket&service=$script_out" ;\ |
- | |
| 21 | bin/webget > $tmpdir/getcas ; gunzip -c -f $tmpdir/getcas |
- | |
| 22 |
|
23 | !sh mkdir -p $tmpdir |
| 23 | !if $test2 = yes |
- | |
| 24 | auth_user=!line 2 of $response |
- | |
| - | 24 | ||
| 25 |
|
25 | !! First, we test if the server handles service ticket validation [CAS 2.0] |
| 26 | auth_test=OK |
- | |
| 27 | !else |
- | |
| 28 |
|
26 | response=!sh export wims_exec_parm="$cas_auth/serviceValidate?ticket=$ticket&service=$script_out" ;\ |
| 29 | bin/webget > $tmpdir/getcas ; gunzip -c -f $tmpdir/getcas |
27 | bin/webget > $tmpdir/getcas ; gunzip -c -f $tmpdir/getcas |
| - | 28 | ||
| - | 29 | !if cas:serviceResponse isin $response |
|
| 30 | !if authenticationFailure notin $response |
30 | !if authenticationFailure notin $response |
| 31 |
|
31 | !! Parse the serviceValidate answer (xml) |
| 32 | !set auth_user=!detag $response |
32 | !set auth_user=!detag $response |
| 33 | !set auth_user=!nonempty lines $auth_user |
33 | !set auth_user=!nonempty lines $auth_user |
| 34 | !set auth_user=!line 1 of $auth_user |
34 | !set auth_user=!line 1 of $auth_user |
| 35 | !set auth_user=!nospace $auth_user |
35 | !set auth_user=!nospace $auth_user |
| 36 | !set auth_user=!lowercase $auth_user |
36 | !set auth_user=!lowercase $auth_user |
| 37 | !set auth_test=OK |
37 | !set auth_test=OK |
| 38 | !else |
- | |
| 39 | error=bad_cas_connexion |
- | |
| 40 | !exit |
- | |
| 41 | !endif |
38 | !endif |
| - | 39 | !else |
|
| - | 40 | !! it was probably not a CAS 2.0 server. We test for [CAS 1.0] |
|
| - | 41 | response=!sh export wims_exec_parm="$cas_auth/validate?ticket=$ticket&service=$script_out" ;\ |
|
| - | 42 | bin/webget > $tmpdir/getcas ; gunzip -c -f $tmpdir/getcas |
|
| - | 43 | test2 = !line 1 of $response |
|
| - | 44 | !if $test2=yes |
|
| - | 45 | auth_user=!line 2 of $response |
|
| - | 46 | auth_user=!lowercase $auth_user |
|
| - | 47 | auth_test=OK |
|
| - | 48 | !endif |
|
| - | 49 | !endif |
|
| - | 50 | ||
| - | 51 | !if $auth_test!=OK |
|
| - | 52 | error=bad_cas_connexion |
|
| - | 53 | !exit |
|
| 42 | !endif |
54 | !endif |
| - | 55 | ||
| 43 | !endif |
56 | !endif |
| - | 57 | ||
| 44 | auth_user_orig=$auth_user |
58 | auth_user_orig=$auth_user |
| 45 | auth_error=$wims_exec_error |
59 | auth_error=$wims_exec_error |
| 46 | wims_exec_error= |
60 | wims_exec_error= |