Merge branch '6266-cas-library-1-6-need-a-new-parameter' into '1.4-dev'

Resolve "CAS library 1.6 need a new parameter" Closes #6266 See merge request fusiondirectory/fd!1027

Merge branch '6266-cas-library-1-6-need-a-new-parameter' into '1.4-dev'
Resolve "CAS library 1.6 need a new parameter" Closes #6266 See merge request fusiondirectory/fd!1027
0bd2ad1e · dockx thibault · e6b18759 · 299a320a · 0bd2ad1e · 0bd2ad1e
Commit 0bd2ad1e authored 2 years ago by dockx thibault
Hide whitespace changes
Inline Side-by-side

Showing

with 55 additions and 10 deletions
+55 -10
--- a/contrib/openldap/core-fd-conf.schema
+++ b/contrib/openldap/core-fd-conf.schema
@@ -518,6 +518,19 @@ attributetype ( 1.3.6.1.4.1.38414.8.21.6 NAME 'fdCasVerbose'
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
  SINGLE-VALUE )
+attributetype ( 1.3.6.1.4.1.38414.8.21.7 NAME 'fdCasLibraryBool'
+  DESC 'FusionDirectory - CAS boolean to activate CAS library >= 1.6'
+  EQUALITY booleanMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+  SINGLE-VALUE )
+attributetype ( 1.3.6.1.4.1.38414.8.21.8 NAME 'fdCasClientServiceName'
+  DESC 'FusionDirectory - CAS client service name'
+  EQUALITY caseExactIA5Match
+  SUBSTR caseExactIA5SubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+  SINGLE-VALUE)
 # merged from dashboard-fd.schema - Needed by Fusion Directory for dashboard options
 attributetype ( 1.3.6.1.4.1.38414.27.1.1 NAME 'fdDashboardPrefix'
@@ -632,7 +645,7 @@ objectclass ( 1.3.6.1.4.1.38414.8.2.1 NAME 'fusionDirectoryConf'
    fdIncrementalModifierStates $
    fdSslCaCertPath $ fdSslKeyPath $ fdSslCertPath $
    fdCasActivated $ fdCasServerCaCertPath $ fdCasHost $ fdCasPort $ fdCasContext $ fdCasVerbose $
-    fdLoginMethod
+    fdLoginMethod $ fdCasLibraryBool $ fdCasClientServiceName
  ) )
 objectclass ( 1.3.6.1.4.1.38414.8.2.2 NAME 'fusionDirectoryPluginsConf'

--- a/include/login/class_LoginCAS.inc
+++ b/include/login/class_LoginCAS.inc
@@ -39,20 +39,30 @@ class LoginCAS extends LoginMethod
    spl_autoload_unregister('fusiondirectory_autoload');
    spl_autoload_register('fusiondirectory_autoload');
-    if ($config->get_cfg_value('casVerbose') == 'TRUE') {
+    if ($config->get_cfg_value('CasVerbose') == 'TRUE') {
      phpCAS::setVerbose(TRUE);
    }
-    // Initialize phpCAS
+    // Initialize CAS with proper library and call.
-    phpCAS::client(
+    if ($config->get_cfg_value('CasLibraryBool')) {
-      CAS_VERSION_2_0,
+      phpCAS::client(
-      $config->get_cfg_value('casHost', 'localhost'),
+        CAS_VERSION_2_0,
-      (int) ($config->get_cfg_value('casPort', 443)),
+        $config->get_cfg_value('CasHost', 'localhost'),
-      $config->get_cfg_value('casContext', '')
+        (int) ($config->get_cfg_value('CasPort', 443)),
-    );
+        $config->get_cfg_value('CasContext'),
+        $config->get_cfg_value('CasClientServiceName')
+      );
+    } else {
+      phpCAS::client(
+        CAS_VERSION_2_0,
+        $config->get_cfg_value('CasHost', 'localhost'),
+        (int) ($config->get_cfg_value('CasPort', 443)),
+        $config->get_cfg_value('CasContext')
+      );
+    }
    // Set the CA certificate that is the issuer of the cert
-    phpCAS::setCasServerCACert($config->get_cfg_value('casServerCaCertPath'));
+    phpCAS::setCasServerCACert($config->get_cfg_value('CasServerCaCertPath'));
  }
  /*! \brief All login steps in the right order for CAS login */

--- a/plugins/config/class_configInLdap.inc
+++ b/plugins/config/class_configInLdap.inc
@@ -247,6 +247,14 @@ class configInLdap extends simplePlugin
            _('Verbose error'), _('Activate verbose errors in phpCAS. Avoid in production.'),
            'fdCasVerbose', FALSE
          ),
+          new BooleanAttribute(
+            _('Library CAS 1.6'), _('Activate if library CAS >= 1.6 is being used.'),
+            'fdCasLibraryBool', FALSE
+          ),
+          new StringAttribute(
+            _('Client service'), _('The client service name'),
+            'fdCasClientServiceName', FALSE
+          ),
        ]
      ],
      'people_and_group' => [
@@ -495,6 +503,18 @@ class configInLdap extends simplePlugin
        ]
      ]
    );
+    // CAS boolean case to allow the use of CAS library >= 1.6
+    $this->attributesAccess['fdCasLibraryBool']->setManagedAttributes(
+      [
+        'disable' => [
+          FALSE => [
+            'fdCasClientServiceName',
+          ]
+        ]
+      ]
+    );
    $this->attributesAccess['fdLoginMethod']->setManagedAttributes(
      [
        'multiplevalues' => [
@@ -516,6 +536,8 @@ class configInLdap extends simplePlugin
            'fdCasPort',
            'fdCasContext',
            'fdCasVerbose',
+            'fdCasClientServiceName',
+            'fdCasLibraryBool'
          ],
          'nonheader' => [
            'fdHttpHeaderAuthHeaderName',