AuthCAS - Client library for JA-SIG CAS 2.0 authentication server

         Olivier Salaun
         Sven Dowideit

perl v5.32.0                                       2021-01-07                                       AuthCAS(3pm)

       Copyright  (C)   2003,   2005,2006,2007,2009   Olivier   Salaun   -   Comite   Reseau   des   Universites
       <http://www.cru.fr>
                     2012 Sven Dowideit - <mailto:SvenDowideit@fosiki.com>

       This  library  is  free  software;  you can redistribute it and/or modify it under the same terms as Perl
       itself.

       Jasig CAS is Yale University's web authentication system, heavily inspired by Kerberos.  Release 2.0 of
       CAS provides "proxied credential" feature that allows authentication tickets to be carried by
       intermediate applications (Portals for instance), they are called proxy.

       This AuthCAS Perl module provides required subroutines to validate and retrieve CAS tickets.

   new
         my $cas = new AuthCAS(
                           casUrl => 'https://cas.myserver',
                           CAFile => '/etc/httpd/conf/ssl.crt/ca-bundle.crt',
                           );

       The "new" constructor lets you create a new AuthCAS object.

       casUrl - REQUIRED
       CAFile
       CAPath
       loginPath - '/login'
       logoutPath - '/logout'
       serviceValidatePath - '/serviceValidate'
       proxyPath - '/proxy'
       proxyValidatePath - '/proxyValidate'
       SSL_version - unset
           Sets  the version of the SSL protocol used to transmit data. If the default causes connection issues,
           setting it to 'SSLv3' may help.  see the documentation for  "METHODS"  in  IO::Socket::SSL  for  more
           information see <http://www.perlmonks.org/?node_id=746493> for more details.

       Returns a new AuthCAS or dies on error.

   get_errors
       Return module errors

   proxyMode
       Use the CAS object as a proxy

       pgtFile =item pgtCallbackUrl

   dump_vargetServerLoginURL($service)
       Returns a URL that you can redirect the browser to, which includes the URL to return to

       TODO: it escapes the return URL, but I've noticed some issues with more complicated URL's

   getServerLoginGatewayURL($service)
       Returns  non-blocking  login URL ie: if user is logged in, return the ticket, otherwise do not prompt for
       login

   getServerLogoutURL($service)
       Return logout URL After logout user is redirected back to the application

   getServerServiceValidateURL($service,$ticket,$pgtUrl)
       Returns

   getServerProxyURL($targetService,$pgt)
       Returns

   getServerProxyValidateURL($service,$ticket)
       Returns

   validateST($service,$ticket)
       Validate a Service Ticket Also used to get a PGT

       Returns the login that created the ticket, if the ticket is valid for that $service URL

       returns undef if the ticket is not valid.

   validatePT($service,$ticket)
       Validate a Proxy Ticket

       Returns the login that created the ticket, if the ticket is valid for that $service URL,
           and a list of Proxies used.

           user returned == undef if its not a valid ticket

   callCAS($url)
       ## Access a CAS URL and parses received XML

       Returns

   storePGT($pgtIou,$pgtId)retrievePT($service)
       Returns

   get_https2
       request a document using https, return status and content

       Sven suspects this is intended to be private.

       Returns

       AuthCAS - Client library for JA-SIG CAS 2.0 authentication server

       This script requires IO::Socket::SSL and LWP::UserAgent

       JA-SIG Central Authentication Service <http://www.jasig.org/cas>

       was Yale Central Authentication Service <http://www.yale.edu/tp/auth/>

       phpCAS <http://esup-phpcas.sourceforge.net/>

         A simple example with a direct CAS authentication

         use AuthCAS;
         my $cas = new AuthCAS(casUrl => 'https://cas.myserver,
                           CAFile => '/etc/httpd/conf/ssl.crt/ca-bundle.crt',
                           );

         my $login_url = $cas->getServerLoginURL('http://myserver/app.cgi');

         ## The user should be redirected to the $login_url
         ## When coming back from the CAS server a ticket is provided in the QUERY_STRING

         ## $ST should contain the receaved Service Ticket
         my $user = $cas->validateST('http://myserver/app.cgi', $ST);

         printf "User authenticated as %s\n", $user;

         In the following example a proxy is requesting a Proxy Ticket for the target application

         $cas->proxyMode(pgtFile => '/tmp/pgt.txt',
                         pgtCallbackUrl => 'https://myserver/proxy.cgi?callback=1
                         );

         ## Same as before but the URL is the proxy URL
         my $login_url = $cas->getServerLoginURL('http://myserver/proxy.cgi');

         ## Like in the previous example we should receave a $ST

         my $user = $cas->validateST('http://myserver/proxy.cgi', $ST);

         ## Process errors
         printf STDERR "Error: %s\n", &AuthCAS::get_errors() unless (defined $user);

         ## Now we request a Proxy Ticket for the target application
         my $PT = $cas->retrievePT('http://myserver/app.cgi');

         ## This piece of code is executed by the target application
         ## It received a Proxy Ticket from the proxy
         my ($user, @proxies) = $cas->validatePT('http://myserver/app.cgi', $PT);

         printf "User authenticated as %s via %s proxies\n", $user, join(',',@proxies);

       Version 1.7