CAS Authentication Using PHP

Overview

This document uses PHP to show how the basics of CAS work. If at all possible, it is best to use a supported CAS client, but if you can not get one to work, the code below shows how basic CAS authentication works. Of course, you can do this in any programming language.

We highly recommend using JA-SIG's phpCAS rather than this sample code if possible. phpCAS has many more features, plus a great deal of error handling.

Many thanks to Nancy Schimmelman for giving us the file_get_contents code which replaces the need to use curl (which Nancy found to not work very well on a Windows-based server).

Example PHP


<?php
 
// Set up some variables for CAS
$casService = 'https://auth-test.berkeley.edu/cas';
$thisService = 'https://<your server>.berkeley.edu' . $_SERVER['PHP_SELF'];
 
/*
* Check to see if there is a ticket in the GET request.
* CAS uses "ticket" for the service ticket. Bad choice of words, but
* it is what CAS uses.
*
* If the ticket exists, validate it with CAS. If not, redirect the user
* to CAS.
*
* Of course, you will want to hook this in with your application's
* session management system, i.e., if the user already has a session,
* you don't want to do either of these two things.
*
*/
if ($_SERVER["REQUEST_METHOD"] && $_GET["ticket"]) {
   if ($response = responseForTicket($_GET["ticket"])) {
      if ($uid = uid($response)) {
         echo "The user is: $uid";
      }
      else {
         echo "Could not get UID from response.";
      }
   }
   else {
      echo "The response was not valid.";
   }
}
else {
   header("Location: $casService/login?service=$thisService");
}
 
 
/*
* Returns the CAS response if the ticket is valid, and false if not.
*/
function responseForTicket($ticket) {
   global $casService, $thisService;
 
   $casGet = "$casService/serviceValidate?ticket=$ticket&service=" . urlencode($thisService);
 
   // See the PHP docs for warnings about using this method:
   // http://us3.php.net/manual/en/function.file-get-contents.php
   $response = file_get_contents($casGet);
 
   if (preg_match('/cas:authenticationSuccess/', $response)) {
      return $response;
   }
   else {
      return false;
   }
}
 
/*
* Returns the UID from the passed in response, or it
* returns false if there is no UID.
*/
function uid($response) {
   // Turn the response into an array
   $responseArray = preg_split("/\n/", $response);
   // Get the line that has the cas:user tag
   $casUserArray = preg_grep("/(\d+)<\/cas:user>/", $responseArray);
   if (is_array($casUserArray)) {
      $uid = trim(strip_tags(implode($casUserArray)));
      if (is_numeric($uid)) {
         return $uid;
      }
   }
   return false;
}
 
?>