GSP
Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages


Manual Reference Pages  -  AUTHCAS (3)

.ds Aq ’

NAME

AuthCAS - Client library for JA-SIG CAS 2.0 authentication server

CONTENTS

VERSION

Version 1.6

DESCRIPTION

AuthCAS aims at providing a Perl API to JA-SIG Central Authentication System (CAS). Only a basic Perl library is provided with CAS whereas AuthCAS is a full object-oriented library.

PREREQUISITES

This script requires IO::Socket::SSL and LWP::UserAgent

SYNOPSIS



  A simple example with a direct CAS authentication

  use AuthCAS;
  my $cas = new AuthCAS(casUrl => https://cas.myserver,
                    CAFile => /etc/httpd/conf/ssl.crt/ca-bundle.crt,
                    );

  my $login_url = $cas->getServerLoginURL(http://myserver/app.cgi);

  ## The user should be redirected to the $login_url
  ## When coming back from the CAS server a ticket is provided in the QUERY_STRING

  ## $ST should contain the receaved Service Ticket
  my $user = $cas->validateST(http://myserver/app.cgi, $ST);

  printf "User authenticated as %s\n", $user;


  In the following example a proxy is requesting a Proxy Ticket for the target application

  $cas->proxyMode(pgtFile => /tmp/pgt.txt,
                  pgtCallbackUrl => https://myserver/proxy.cgi?callback=1
                  );
 
  ## Same as before but the URL is the proxy URL
  my $login_url = $cas->getServerLoginURL(http://myserver/proxy.cgi);

  ## Like in the previous example we should receave a $ST

  my $user = $cas->validateST(http://myserver/proxy.cgi, $ST);

  ## Process errors
  printf STDERR "Error: %s\n", &AuthCAS::get_errors() unless (defined $user);

  ## Now we request a Proxy Ticket for the target application
  my $PT = $cas->retrievePT(http://myserver/app.cgi);
   
  ## This piece of code is executed by the target application
  ## It received a Proxy Ticket from the proxy
  my ($user, @proxies) = $cas->validatePT(http://myserver/app.cgi, $PT);

  printf "User authenticated as %s via %s proxies\n", $user, join(,,@proxies);



DESCRIPTION

Jasig CAS is Yale University’s web authentication system, heavily inspired by Kerberos. Release 2.0 of CAS provides proxied credential feature that allows authentication tickets to be carried by intermediate applications (Portals for instance), they are called proxy.

This AuthCAS Perl module provides required subroutines to validate and retrieve CAS tickets.

    new



  my $cas = new AuthCAS(
                    casUrl => https://cas.myserver,
                    CAFile => /etc/httpd/conf/ssl.crt/ca-bundle.crt,
                    );



The new constructor lets you create a new <B>AuthCASB> object.
casUrl - REQUIRED
CAFile
CAPath
loginPath - ’/login’
logoutPath - ’/logout’
serviceValidatePath - ’/serviceValidate’
proxyPath - ’/proxy’
proxyValidatePath - ’/proxyValidate’
SSL_version - unset Sets the version of the SSL protocol used to transmit data. If the default causes connection issues, setting it to ’SSLv3’ may help. see the documentation for METHODS in IO::Socket::SSL for more information see <http://www.perlmonks.org/?node_id=746493> for more details.
Returns a new <B>AuthCASB> or dies on error.

    get_errors

Return module errors

    proxyMode

Use the CAS object as a proxy
pgtFile =item pgtCallbackUrl

    dump_var

    getServerLoginURL($service)

Returns a URL that you can redirect the browser to, which includes the URL to return to

TODO: it escapes the return URL, but I’ve noticed some issues with more complicated URL’s

    getServerLoginGatewayURL($service)

Returns non-blocking login URL ie: if user is logged in, return the ticket, otherwise do not prompt for login

    getServerLogoutURL($service)

Return logout URL After logout user is redirected back to the application

getServerServiceValidateURL($service, CW$ticket, CW$pgtUrl)

Returns

getServerProxyURL($targetService, CW$pgt)

Returns

getServerProxyValidateURL($service, CW$ticket)

Returns

validateST($service, CW$ticket)

Validate a Service Ticket Also used to get a PGT

Returns the login that created the ticket, if the ticket is valid for that $service URL

returns undef if the ticket is not valid.

validatePT($service, CW$ticket)

Validate a Proxy Ticket

Returns the login that created the ticket, if the ticket is valid for that $service URL,
and a list of Proxies used.



    user returned == undef if its not a valid ticket



    callCAS($url)

## Access a CAS URL and parses received XML

Returns

storePGT($pgtIou, CW$pgtId)

    retrievePT($service)

Returns

    get_https2

request a document using https, return status and content

Sven suspects this is intended to be private.

Returns

SEE ALSO

JA-SIG Central Authentication Service <http://www.jasig.org/cas>

was Yale Central Authentication Service <http://www.yale.edu/tp/auth/>

phpCAS <http://esup-phpcas.sourceforge.net/>

COPYRIGHT

Copyright (C) 2003, 2005,2006,2007,2009 Olivier Salaun - Comite\k:'Re\k:'des Universite\k:'<http://www.cru.fr>
2012 Sven Dowideit - <mailto:SvenDowideit@fosiki.com>

This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

AUTHORS



  Olivier Salaun
  Sven Dowideit



POD ERRORS

Hey! <B>The above document had some coding errors, which are explained below:B>
Around line 759: Non-ASCII character seen before =encoding in ’Comite\k:'Assuming UTF-8
Search for    or go to Top of page |  Section 3 |  Main Index


perl v5.20.3 AUTHCAS (3) 2012-09-10

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with manServer 1.07.