Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add cas 3.0 protocol #121

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

add cas 3.0 protocol #121

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 6 additions & 3 deletions DotNetCasClient.sln
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@

Microsoft Visual Studio Solution File, Format Version 12.00
# Visual Studio 15
VisualStudioVersion = 15.0.26430.15
# Visual Studio Version 17
VisualStudioVersion = 17.0.31912.275
MinimumVisualStudioVersion = 10.0.40219.1
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "DotNetCasClient", "DotNetCasClient\DotNetCasClient.csproj", "{883A296E-C898-4D1F-9ED9-DE7569DEFB3D}"
Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "DotNetCasClient", "DotNetCasClient\DotNetCasClient.csproj", "{883A296E-C898-4D1F-9ED9-DE7569DEFB3D}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Expand All @@ -19,4 +19,7 @@ Global
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
GlobalSection(ExtensibilityGlobals) = postSolution
SolutionGuid = {92BDC157-981A-4EE2-B2B9-4CD3CCC41CE4}
EndGlobalSection
EndGlobal
2 changes: 2 additions & 0 deletions DotNetCasClient/CasAuthentication.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -253,6 +253,8 @@ public static void Initialize()
ticketValidator = new Cas10TicketValidator();
else if (String.Compare(CasClientConfiguration.CAS20_TICKET_VALIDATOR_NAME, ticketValidatorName) == 0)
ticketValidator = new Cas20ServiceTicketValidator();
else if (String.Compare(CasClientConfiguration.CAS30_TICKET_VALIDATOR_NAME, ticketValidatorName) == 0)
ticketValidator = new Cas30ServiceTicketValidator();
else if (String.Compare(CasClientConfiguration.SAML11_TICKET_VALIDATOR_NAME, ticketValidatorName) == 0)
ticketValidator = new Saml11TicketValidator();
else
Expand Down
1 change: 1 addition & 0 deletions DotNetCasClient/Configuration/CasClientConfiguration.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -75,6 +75,7 @@ public class CasClientConfiguration : ConfigurationSection
// Names for the supported ticket validators
public const string CAS10_TICKET_VALIDATOR_NAME = "Cas10";
public const string CAS20_TICKET_VALIDATOR_NAME = "Cas20";
public const string CAS30_TICKET_VALIDATOR_NAME = "Cas30";
public const string SAML11_TICKET_VALIDATOR_NAME = "Saml11";

// Names for the supported Service Ticket state provider
Expand Down
48 changes: 48 additions & 0 deletions DotNetCasClient/Validation/Schema/Cas30/AuthenticationSuccessAttributes.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
using System.Collections.Generic;
using System.IO;
using System.Xml;

namespace DotNetCasClient.Validation.Schema.Cas30
{
public class AuthenticationSuccessAttributes
{
internal AuthenticationSuccessAttributes() { }

public static AuthenticationSuccessAttributes ParseResponse(string casResponse)
{
XmlDocument document = new XmlDocument();
document.Load(new StringReader(casResponse));

XmlNamespaceManager nsmgr = new XmlNamespaceManager(document.NameTable);
nsmgr.AddNamespace("cas", "http://www.yale.edu/tp/cas");

var entity = new AuthenticationSuccessAttributes()
{
Attributes = new Dictionary<string, IList<string>>()
};
var attributes = entity.Attributes;

if (document.DocumentElement != null)
{
XmlNode xmlNode = document.DocumentElement.SelectSingleNode("cas:authenticationSuccess/cas:attributes", nsmgr);

if (xmlNode != null)
{
foreach (XmlNode node in xmlNode.ChildNodes)
{
string key = node.LocalName, value = node.InnerText;
if (!attributes.ContainsKey(key))
{
attributes.Add(key, new List<string>());
}
attributes[key].Add(value);
}
}
}

return entity;
}

public IDictionary<string, IList<string>> Attributes;
}
}
162 changes: 162 additions & 0 deletions DotNetCasClient/Validation/TicketValidator/Cas30ServiceTicketValidator.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,162 @@
/*
* Licensed to Apereo under one or more contributor license
* agreements. See the NOTICE file distributed with this work
* for additional information regarding copyright ownership.
* Apereo licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a
* copy of the License at:
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on
* an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/

using System;
using System.Web;
using DotNetCasClient.Security;
using DotNetCasClient.Utils;
using DotNetCasClient.Validation.Schema.Cas20;
using DotNetCasClient.Validation.Schema.Cas30;

namespace DotNetCasClient.Validation.TicketValidator
{
/// <summary>
/// CAS 3.0 Ticket Validator
/// </summary>
/// <remarks>
/// This is the .Net port of org.jasig.cas.client.validation.Cas30ServiceTicketValidator.
/// </remarks>
/// <author>Tian Hong</author>
class Cas30ServiceTicketValidator : AbstractCasProtocolTicketValidator
{
#region Properties
/// <summary>
/// The endpoint of the validation URL. Should be relative (i.e. not start with a "/").
/// i.e. validate or serviceValidate.
/// </summary>
public override string UrlSuffix
{
get
{
if (CasAuthentication.ProxyTicketManager != null)
{
return "p3/proxyValidate";
}
else
{
return "p3/serviceValidate";
}
}
}
#endregion

#region Methods
/// <summary>
/// Performs Cas20ServiceTicketValidator initialization.
/// </summary>
public override void Initialize()
{
if (CasAuthentication.ProxyTicketManager != null)
{
CustomParameters.Add("pgtUrl", HttpUtility.UrlEncode(UrlUtil.ConstructProxyCallbackUrl()));
}
}

/// <summary>
/// Parses the response from the server into a CAS Assertion and includes this in
/// a CASPrincipal.
/// <remarks>
/// Parsing of a &lt;cas:attributes&gt; element is <b>not</b> supported. The official
/// CAS 3.0 protocol does include this feature. If attributes are needed,
/// SAML must be used.
/// </remarks>
/// </summary>
/// <param name="response">the response from the server, in any format.</param>
/// <param name="ticket">The ticket used to generate the validation response</param>
/// <returns>
/// a Principal backed by a CAS Assertion, if one could be created from the response.
/// </returns>
/// <exception cref="TicketValidationException">
/// Thrown if creation of the Assertion fails.
/// </exception>
protected override ICasPrincipal ParseResponseFromServer(string response, string ticket)
{
if (String.IsNullOrEmpty(response))
{
throw new TicketValidationException("CAS Server response was empty.");
}

ServiceResponse serviceResponse;
try
{
serviceResponse = ServiceResponse.ParseResponse(response);
}
catch (InvalidOperationException)
{
throw new TicketValidationException("CAS Server response does not conform to CAS 3.0 schema");
}

if (serviceResponse.IsAuthenticationSuccess)
{
AuthenticationSuccess authSuccessResponse = (AuthenticationSuccess)serviceResponse.Item;

if (String.IsNullOrEmpty(authSuccessResponse.User))
{
throw new TicketValidationException(string.Format("CAS Server response parse failure: missing 'cas:user' element."));
}

string proxyGrantingTicketIou = authSuccessResponse.ProxyGrantingTicket;

if (CasAuthentication.ProxyTicketManager != null && !string.IsNullOrEmpty(proxyGrantingTicketIou))
{
string proxyGrantingTicket = CasAuthentication.ProxyTicketManager.GetProxyGrantingTicket(proxyGrantingTicketIou);
if ( proxyGrantingTicket != null )
CasAuthentication.ProxyTicketManager.InsertProxyGrantingTicketMapping( proxyGrantingTicketIou, proxyGrantingTicket );
}

var attributes = AuthenticationSuccessAttributes.ParseResponse(response);

if (authSuccessResponse.Proxies != null && authSuccessResponse.Proxies.Length > 0)
{
return new CasPrincipal(new Assertion(authSuccessResponse.User, attributes.Attributes), proxyGrantingTicketIou, authSuccessResponse.Proxies);
}
else
{
return new CasPrincipal(new Assertion(authSuccessResponse.User, attributes.Attributes), proxyGrantingTicketIou);
}
}

if (serviceResponse.IsAuthenticationFailure)
{
try
{
AuthenticationFailure authFailureResponse = (AuthenticationFailure) serviceResponse.Item;
throw new TicketValidationException(authFailureResponse.Message, authFailureResponse.Code);
}
catch
{
throw new TicketValidationException("CAS ticket could not be validated.");
}
}

if (serviceResponse.IsProxySuccess)
{
throw new TicketValidationException("Unexpected service validate response: ProxySuccess");
}

if (serviceResponse.IsProxyFailure)
{
throw new TicketValidationException("Unexpected service validate response: ProxyFailure");
}

throw new TicketValidationException("Failed to validate CAS ticket.");
}
#endregion
}
}