inc/init.php
129 include_once('CAS.php');
130 phpCAS::client(CAS_VERSION_2_0,'cas.example.com',443,'');
131 session_start();
Another idea is do define('NOSESSION', true); in conf/local.php. This makes
dokuwiki skip session handling which then succeeds for phpCAS but it also
has the same problems as above.
**Update**: A modification to handle_action to set authentication information
at each page reload makes this work:
if (phpCAS::checkAuthentication()) {
global $ACT, $auth, $conf, $INFO, $USERINFO;
// user logged in, fill auth info so dokuwiki is happy
$casuser = phpCAS::getUser();
$_SERVER['REMOTE_USER'] = $casuser;
$USERINFO = $auth->getUserData($casuser);
$INFO = pageinfo();
}
This is probably not the right way to do it, so please contribute if you know how.
--- [[user>alfs]] //2011/02/11 11:27//
== Proposal ==
I have been testing the plugin.
In the function ''handle_action'' of file ''action.php'':
* I had to add a last empty parameter (or set to false) when ''calling phpCAS::client(...)'', to avoid "phpCAS error: phpCAS::client(): Another session was started before phpcas."
* Just after calling ''phpCAS::client'', I have added the instruction ''session_start();'', which seems to solve the infinite loop issue in my case.
I don't know if it has bad impacts in the rest of the program...
Here is what I did:
[...]
function handle_action (&$event, $param) {
global $ACT;
require_once ('CAS.php');
// AVEILLAS - 20110518 - CASsification dokuWiki: start of modif"
//phpCAS::client($this->getConf('version').'.0',$this->getConf('server'),(integer) $this->getConf('port'),$this->getConf('uri'));
phpCAS::client($this->getConf('version').'.0',$this->getConf('server'),(integer) $this->getConf('port'),$this->getConf('uri'), false);
session_start();
// AVEILLAS - 20110518 - CASsification... end of modif."
phpCAS::setNoCasServerValidation();
[...]
Ca you tell me if it works for you too?
--- Aurélien //2011/05/19//
== Reply ==
Thank you Aurélien for your help, it seems that the ''session_start ()'' solves the multiredirection problems. In fact, when I put this line
phpCAS::client($this->getConf('version').'.0',$this->getConf('server'),(integer) $this->getConf('port'),$this->getConf('uri'));
or this line
phpCAS::client($this->getConf('version').'.0',$this->getConf('server'),(integer) $this->getConf('port'),$this->getConf('uri'), false);
there is an error like this
phpCAS::client(): phpCAS::client() has already been called
so I comment these two lines. Thank you again for your help
---24/05/2011
== Report ==
Now (after adding session_start(), adding last empty parameter in phpCAS::client call, changing 'CAS' password to hashed string, and check perms) everything seems to work well.
--- Aurélien Veillas //2011/06/06//
==== Can Haz WhiteList? ====
After defeating the phpCAS updates of doom and successfully logging in, it was time to decide if I wanted to add all the users I wanted to be able to use CAS. Or, do I want to extend the plugin to allow account creation with a whitelist? Is that a challenge With my longing to refresh my simple PHP skills, I concluded that latter was a good plan.
== Changes ==
What I did:
* See note in Comments regarding my change to phpCAS.
* Updated the logout function to not check if CAS is currently authenticated (This is a pain when debugging because CAS tries to save itself some calls to the CAS server and caches. Rapid setting changes in the debugging process result in this producing anomalous results. Also, no harm in sending the user to the CAS page even if they already logged out from CAS some other way.)
* Updated the login function for increased flow control.
Functionality added:
* Account creation
* Whitelist checking
* Whitelist config option (Comma separated list of allowed usernames. If this is big, I suggest pasting into your favorite text editor to manipulate)
* Email domain config option (When creating the user, the user's email will be set to username@this.setting. This is useful for many organizations that have email addresses based on usernames.)
* WhiteList override. Do you want to allow all users to log in? Check if so. (Will disable whitelist functionality and just let everybody log in)
* Enable account creation. Do you want accounts to be created by this plugin? Check if so. (If you have accounts in the whitelist and this is set to false, even those accounts won't be created)
Note that I changed my specific install to user server validation. I suggest you do this as well. Also, this means I never was able to "test" the specific code I am posting (since I changed validation back in this code). If there is an error, it would likely be syntactical. Please feel free to make corrections if needed.
== The Code ==
Here is the full action file with a modified login and logout function.
'Iain Hallam',
'email' => 'iain@iainhallam.com',
'date' => '2009-09-22',
'name' => 'SSO CAS Plugin',
'desc' => 'Authenticate DokuWiki users via CAS',
'url' => 'http://www.dokuwiki.org/plugin:ssocas',
);
}
function register (Doku_Event_Handler $controller) {
if ($this->getConf('server') != '') {
$controller->register_hook ('HTML_LOGINFORM_OUTPUT', 'BEFORE', $this, 'handle_login_form');
$controller->register_hook ('ACTION_ACT_PREPROCESS', 'BEFORE', $this, 'handle_action');
$controller->register_hook ('TPL_ACT_UNKNOWN', 'BEFORE', $this, 'handle_template');
}
}
function _self () {
global $ID;
return wl($ID, '', true, '');
}
function _selfdo ($do) {
global $ID;
return wl($ID, 'do=' . $do, true, '&');
}
function _redirect ($url) {
header ('Location: ' . $url);
exit;
}
function handle_login_form (&$event, $param) {
global $auth;
global $conf;
global $lang;
global $ID;
// Remove the register and resendpwd links, if they exist.
for ($formPosition = 0; $formPosition < count($event->data->_content); $formPosition++) {
$formElement = $event->data->getElementAt($formPosition);
if ((! is_array($formElement)) and (substr($formElement, 0, 2) == 'data->replaceElement ($formPosition, NULL);
}
}
$insertElement = 5;
if($auth && $auth->canDo('addUser') && actionOK('register')){
$event->data->insertElement($insertElement,'
'.$lang['reghere'].': '.$lang['register'].'
');
$insertElement = 6;
}
if ($auth && $auth->canDo('modPass') && actionOK('resendpwd')) {
$event->data->insertElement($insertElement,''.$lang['pwdforget'].': '.$lang['btn_resendpwd'].'
');
}
if ($this->getConf('logourl') != '') {
$caslogo = ' ';
} else {
$caslogo = '';
}
$event->data->insertElement(0,'');
if ($this->getConf('jshidelocal')) {
$event->data->insertElement(3,'Only use this if you cannot use the '.$this->getConf('name').' above.
');
$event->data->replaceElement(4,'
Here is the new defualt.php
Here is the new metadata.php
'/[0-9]*/');
$meta['uri'] = array('string');
$meta['version'] = array('string');
$meta['caslogout'] = array('onoff');
$meta['stickysession'] = array('onoff');
$meta['logourl'] = array('string');
$meta['jshidelocal'] = array('onoff');
$meta['wluserstring'] = array('string');
$meta['useredomain'] = array('string');
$meta['allowall'] = array('onoff');
$meta['makenew'] = array('onoff');;
I agree with the comment in known issues that this could use better localised string support. However, I think it is reasonable for the person who wishes to port this to another language to implement that. And when tehy do, it would be great if it would be shared. The most common way comunity efforts move forward is that people create what they need, and then share it. Let's keep up the good work.
--- [[user>cletnick]] //2010/10/11 05:32//
==== Set CAS login as default mecanism for frontend ====
Hi, i've just configured the plugin. \\
My default setup allow @all group no read access. \\
How it will be possible to configure the CAS authentification as default (no choice) only for the frontend ? \\
The CAS auth for backend is not need, i prefer keep the choice (or better only default auth for backend).
--- [[user>M4t]] //2015/13/28 00:00//