ARCHIVED: IU Login with PHP on IU Sitehosting
This content has been archived, and is no longer maintained by Indiana University. Information here may no longer be accurate, and links may no longer be available or reliable.
IU Login authentication can be used with an existing session., removing the need for users to enter their credentials if they've already logged in elsewhere.
The following example shows how to restrict a list of users using IU Login and PHP.
cas.php
<?php session_start(); //THIS FUNCTION GETS THE CURRENT URL function curPageURL() { $pageURL = 'http'; if ($_SERVER["HTTPS"] == "on") { $pageURL .= "s://"; if ($_SERVER["SERVER_PORT"] != "443") { $pageURL .= $_SERVER["HTTP_HOST"].":".$_SERVER["SERVER_PORT"].$_SERVER["REQUEST_URI"]; } else { $pageURL .= $_SERVER["HTTP_HOST"].$_SERVER["REQUEST_URI"]; } } else { $pageURL .= "://"; if ($_SERVER["SERVER_PORT"] != "80") { $pageURL .= $_SERVER["HTTP_HOST"].":".$_SERVER["SERVER_PORT"].$_SERVER["REQUEST_URI"]; } else { $pageURL .= $_SERVER["HTTP_HOST"].$_SERVER["REQUEST_URI"]; } } return $pageURL; }//END CURRENT URL FUNCTION //THIS FUNCTION SENDS THE USER TO CAS AND THEN BACK function cas_authenticate(){ $sid = SID; //Session ID # //if the last session was over 15 minutes ago if (isset($_SESSION['LAST_SESSION']) && (time() - $_SESSION['LAST_SESSION'] > 900)) { $_SESSION['CAS'] = false; // set the CAS session to false } $authenticated = $_SESSION['CAS']; $casurl = curPageURL(); $casurl = strtok($casurl, '?'); //send user to CAS login if not authenticated if (!$authenticated) { $_SESSION['LAST_SESSION'] = time(); // update last activity time stamp $_SESSION['CAS'] = true; echo '<META HTTP-EQUIV="Refresh" Content="0; URL=https://cas.iu.edu/cas/login?cassvc=IU&casurl='.$casurl.'">'; //header("Location: https://cas.iu.edu/cas/login?cassvc=IU&casurl=$casurl"); exit; } if ($authenticated) { if (isset($_GET["casticket"])) { //set up validation URL to ask CAS if ticket is good $_url = 'https://cas.iu.edu/cas/validate'; $cassvc = 'IU'; //search kb.indiana.edu for "cas application code" to determine code to use here in place of "appCode" $params = "cassvc=$cassvc&casticket=$_GET[casticket]&casurl=$casurl"; $urlNew = "$_url?$params"; //CAS sending response on 2 lines. First line contains "yes" or "no". If "yes", second line contains username (otherwise, it is empty). $ch = curl_init(); $timeout = 5; // set to zero for no timeout curl_setopt ($ch, CURLOPT_URL, $urlNew); curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, $timeout); ob_start(); curl_exec($ch); curl_close($ch); $cas_answer = ob_get_contents(); ob_end_clean(); //explode CAS answer into access and user list($access,$user) = explode("\n",$cas_answer,2); $access = trim($access); $user = trim($user); //set user and session variable if CAS says YES if ($access == "yes") { $_SESSION['user'] = $user; }//END SESSION USER } else if (!isset($_SESSION['user'])) { //END GET CAS TICKET echo '<META HTTP-EQUIV="Refresh" Content="0; URL=https://cas.iu.edu/cas/login?cassvc=IU&casurl='.$casurl.'">'; exit; } } }//END CAS FUNCTION cas_authenticate(); //gets the username from the SESSION variable 'user' created by CAS $username = $_SESSION['user']; //CHANGE THIS LIST TO THE USERS YOU'D LIKE TO HAVE ACCESS $users = array("user1", "user2", "user3"); if(!in_array($username, $users)){ die("Sorry you do not have access to this page."); } //UNCOMMENT NEXT 3 LINES IF YOU'D LIKE TO RESTRICT TO A SINGLE USER //if($username != "user"){ // die("Sorry you do not have access to this page."); //} ?>
example.php
<?php include("cas.php"); ?> <html> <head> <title>CAS Example</title> </head> <body> <h1>You're authenticated using CAS!</h1> </body> </html>
Notes:
- An alternative method is available at the IuCasAuthentication GitHub repository. Note that UITS does not maintain this repository.
-
To stay informed or provide feedback about IU Login, or to ask questions about developing with it, use the
auth-discuss-l
mailing list. To subscribe, send email toauth-discuss-l-subscribe@iu.edu
.
This is document bfru in the Knowledge Base.
Last modified on 2021-09-08 10:22:24.