$sessionID = undef;
$userid = undef;
- if ( $cas and $caslogout ) {
- logout_cas($query);
+ if ($cas and $caslogout) {
+ logout_cas($query, $type);
}
# If we are in a shibboleth session (shibboleth is enabled, a shibboleth match attribute is set and matches koha matchpoint)
if ( $cas && $query->param('ticket') ) {
my $retuserid;
( $return, $cardnumber, $retuserid ) =
- checkpw( $dbh, $userid, $password, $query );
+ checkpw( $dbh, $userid, $password, $query, $type );
$userid = $retuserid;
$info{'invalidCasLogin'} = 1 unless ($return);
}
else {
my $retuserid;
( $return, $cardnumber, $retuserid ) =
- checkpw( $dbh, $userid, $password, $query );
+ checkpw( $dbh, $userid, $password, $query, $type );
$userid = $retuserid if ($retuserid);
$info{'invalid_username_or_password'} = 1 unless ($return);
}
my $casservers = C4::Auth_with_cas::getMultipleAuth();
my @tmplservers;
foreach my $key ( keys %$casservers ) {
- push @tmplservers, { name => $key, value => login_cas_url( $query, $key ) . "?cas=$key" };
+ push @tmplservers, { name => $key, value => login_cas_url( $query, $key, $type ) . "?cas=$key" };
}
$template->param(
casServersLoop => \@tmplservers
);
} else {
$template->param(
- casServerUrl => login_cas_url($query),
+ casServerUrl => login_cas_url($query, undef, $type),
);
}
}
sub checkpw {
- my ( $dbh, $userid, $password, $query ) = @_;
+ my ( $dbh, $userid, $password, $query, $type ) = @_;
+ $type = 'opac' unless $type;
if ($ldap) {
$debug and print STDERR "## checkpw - checking LDAP\n";
my ( $retval, $retcard, $retuserid ) = checkpw_ldap(@_); # EXTERNAL AUTH
# In case of a CAS authentication, we use the ticket instead of the password
my $ticket = $query->param('ticket');
$query->delete('ticket'); # remove ticket to come back to original URL
- my ( $retval, $retcard, $retuserid ) = checkpw_cas( $dbh, $ticket, $query ); # EXTERNAL AUTH
+ my ( $retval, $retcard, $retuserid ) = checkpw_cas( $dbh, $ticket, $query, $type ); # EXTERNAL AUTH
($retval) and return ( $retval, $retcard, $retuserid );
return 0;
}
use Authen::CAS::Client;
use CGI qw ( -utf8 );
use FindBin;
+use YAML;
use vars qw($VERSION @ISA @EXPORT @EXPORT_OK %EXPORT_TAGS $debug);
my $context = C4::Context->new() or die 'C4::Context->new failed';
my $defaultcasserver;
my $casservers;
-my $yamlauthfile = "../C4/Auth_cas_servers.yaml";
+my $yamlauthfile = C4::Context->config('intranetdir') . "/C4/Auth_cas_servers.yaml";
# If there's a configuration for multiple cas servers, then we get it
if (multipleAuth()) {
- ($defaultcasserver, $casservers) = YAML::LoadFile(qq($FindBin::Bin/$yamlauthfile));
+ ($defaultcasserver, $casservers) = YAML::LoadFile($yamlauthfile);
$defaultcasserver = $defaultcasserver->{'default'};
} else {
# Else, we fall back to casServerUrl syspref
# Is there a configuration file for multiple cas servers?
sub multipleAuth {
- return (-e qq($FindBin::Bin/$yamlauthfile));
+ return (-e qq($yamlauthfile));
}
# Returns configured CAS servers' list if multiple authentication is enabled
# Logout from CAS
sub logout_cas {
- my ($query) = @_;
- my ( $cas, $uri ) = _get_cas_and_service($query);
+ my ($query, $type) = @_;
+ my ( $cas, $uri ) = _get_cas_and_service($query, undef, $type);
print $query->redirect( $cas->logout_url($uri));
print $query->redirect( $cas->logout_url(url => $uri));
}
# Login to CAS
sub login_cas {
- my ($query) = @_;
- my ( $cas, $uri ) = _get_cas_and_service($query);
+ my ($query, $type) = @_;
+ my ( $cas, $uri ) = _get_cas_and_service($query, undef, $type);
print $query->redirect( $cas->login_url($uri));
}
# Returns CAS login URL with callback to the requesting URL
sub login_cas_url {
- my ( $query, $key ) = @_;
- my ( $cas, $uri ) = _get_cas_and_service( $query, $key );
+ my ( $query, $key, $type ) = @_;
+ my ( $cas, $uri ) = _get_cas_and_service( $query, $key, $type );
return $cas->login_url($uri);
}
# In our case : is there a ticket, is it valid and does it match one of our users ?
sub checkpw_cas {
$debug and warn "checkpw_cas";
- my ($dbh, $ticket, $query) = @_;
+ my ($dbh, $ticket, $query, $type) = @_;
my $retnumber;
- my ( $cas, $uri ) = _get_cas_and_service($query);
+ my ( $cas, $uri ) = _get_cas_and_service($query, undef, $type);
# If we got a ticket
if ($ticket) {
# Proxy CAS auth
sub check_api_auth_cas {
$debug and warn "check_api_auth_cas";
- my ($dbh, $PT, $query) = @_;
+ my ($dbh, $PT, $query, $type) = @_;
my $retnumber;
- my ( $cas, $uri ) = _get_cas_and_service($query);
+ my ( $cas, $uri ) = _get_cas_and_service($query, undef, $type);
# If we have a Proxy Ticket
if ($PT) {
sub _get_cas_and_service {
my $query = shift;
my $key = shift; # optional
+ my $type = shift;
- my $uri = _url_with_get_params($query);
+ my $uri = _url_with_get_params($query, $type);
my $casparam = $defaultcasserver;
$casparam = $query->param('cas') if defined $query->param('cas');
# This method replaces $query->url() which will give both GET and POST params
sub _url_with_get_params {
my $query = shift;
+ my $type = shift;
+
+ my $uri_base_part = ($type eq 'opac') ?
+ C4::Context->preference('OPACBaseURL') . $query->script_name():
+ C4::Context->preference('staffClientBaseURL');
- my $uri_base_part = C4::Context->preference('OPACBaseURL') . $query->script_name();
my $uri_params_part = '';
foreach ( $query->url_param() ) {
# url_param() always returns parameters that were deleted by delete()
<p class="submit"><input id="submit" type="submit" value="Login" tabindex="4" /></p>
</form>
+[% IF ( casAuthentication ) %]
+<h4>Cas login</h4>
+
+[% IF ( invalidCasLogin ) %]
+<!-- This is what is displayed if cas login has failed -->
+<p>Sorry, the CAS login failed.</p>
+[% END %]
+
+<p>If you have a <acronym title="Central Authentication Service">CAS</acronym> account,
+[% IF ( casServerUrl ) %]
+ please <a href="[% casServerUrl %]">click here to login</a>.<p>
+[% END %]
+
+[% IF ( casServersLoop ) %]
+please choose against which one you would like to authenticate: </p>
+<ul>
+ [% FOREACH casServer IN casServersLoop %]
+ <li><a href="[% casServer.value %]">[% casServer.name %]</a></li>
+ [% END %]
+[% END %]
+[% END %]
+
[% IF ( nopermission ) %]
<p><a href="javascript:window.history.back()">[Previous page]</a>
<a href="/">[Main page]</a></p>
[% END %]
+
<!--<ul> -->
<!-- <li><a href="/cgi-bin/koha/lostpassword.pl" title="Password lost and found">Lost your password?</a></li> -->
<!-- </ul> -->