CAS4.2.7 的 php 客户端1.3.5 的简单实践

CAS作为开源的sso项目，很多人都在使用，网上也很多教程，但是普遍都比较老的版本，时间也很久了，目前我的项目需要用到单点登录，我找了cas比较新的版本来做部署，经过一周的折腾，终于调试成功，现将经验说明如下。

CAS Server需单独部署，我部署的是4.2.7的版本，环境windows7 x64 + jdk8 + tomcat8，网上下载CAS server的war包，解压后修改配置，放到tomcat的webapps下运行即可。此处不详述，以后有空再写cas sever的配置过程。

CAS client的java版本，我本机也已经配置，大概步骤就是maven的pom.xml添加cas的依赖包，web.xml配置5个过滤器和1个监听器，然后把原系统的登录页去掉，原登录验证的过滤器或者拦截器改一下就ok了，具体不详述，本文的重点是php。

php cas 配置步骤：

    1、先新建一个php项目phpproj，我用的PhpStorm.

    2、从官网下载php的client， https://wiki.jasig.org/display/CASC/phpCAS

          选择 download 下面的 Current Version，我目前的是1.3.5.

          解压后把CAS-1.3.5下的CAS目录拷贝到工程目录phpproj下，把CAS-1.3.5\CAS.php拷贝到工程目录下，把CAS-1.3.5\docs\examples\config.example.php、script_info.php拷贝到工程目录下，config.example.php改名config.php。我的项目结构如下：

    3、修改配置config.php

$cas_host = ‘localhost’,$cas_context = '/cas',
$cas_port = 8443
$cas_real_hosts = array('localhost', 'localhost');
$client_domain = 'localhost';
$client_path = 'phpproj';
$rebroadcast_node_1 = 'http://localhost:81';$rebroadcast_node_2 = 'http://localhost:81';
我的config.php如下：
<?php/** * The purpose of this central config file is configuring all examples * in one place with minimal work for your working environment * Just configure all the items in this config according to your environment * and rename the file to config.php * * PHP Version 5 * * @file     config.php * @category Authentication * @package  PhpCAS * @author   Joachim Fritschi <jfritschi@freenet.de> * @author   Adam Franco <afranco@middlebury.edu> * @license  http://www.apache.org/licenses/LICENSE-2.0  Apache License 2.0 * @link     https://wiki.jasig.org/display/CASC/phpCAS */$phpcas_path = '../../source/';///////////////////////////////////////// Basic Config of the phpCAS client /////////////////////////////////////////// Full Hostname of your CAS Server$cas_host = 'localhost';// Context of the CAS Server$cas_context = '/cas';// Port of your CAS server. Normally for a https server it's 443$cas_port = 8443;// Path to the ca chain that issued the cas server certificate$cas_server_ca_cert_path = '/path/to/cachain.pem';//////////////////////////////////////////// Advanced Config for special purposes ////////////////////////////////////////////// The "real" hosts of clustered cas server that send SAML logout messages// Assumes the cas server is load balanced across multiple hosts$cas_real_hosts = array('localhost', 'localhost');// Client config for cookie hardening$client_domain = 'localhost';$client_path = 'phpproj';$client_secure = true;$client_httpOnly = true;$client_lifetime = 0;// Database config for PGT Storage$db = 'pgsql:host=localhost;dbname=phpcas';//$db = 'mysql:host=localhost;dbname=phpcas';$db_user = 'phpcasuser';$db_password = 'mysupersecretpass';$db_table = 'phpcastabel';$driver_options = '';///////////////////////////////////////////// End Configuration -- Don't edit below /////////////////////////////////////////////// Generating the URLS for the local cas example services for proxy testingif (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') {    $curbase = 'https://' . $_SERVER['SERVER_NAME'];} else {    $curbase = 'http://' . $_SERVER['SERVER_NAME'];}if ($_SERVER['SERVER_PORT'] != 80 && $_SERVER['SERVER_PORT'] != 443) {    $curbase .= ':' . $_SERVER['SERVER_PORT'];}$curdir = dirname($_SERVER['REQUEST_URI']) . "/";// CAS client nodes for rebroadcasting pgtIou/pgtId and logoutRequest$rebroadcast_node_1 = 'http://localhost:81';$rebroadcast_node_2 = 'http://localhost:81';// access to a single service$serviceUrl = $curbase . $curdir . 'example_service.php';// access to a second service$serviceUrl2 = $curbase . $curdir . 'example_service_that_proxies.php';$pgtBase = preg_quote(preg_replace('/^http:/', 'https:', $curbase . $curdir), '/');$pgtUrlRegexp = '/^' . $pgtBase . '.*$/';$cas_url = 'https://' . $cas_host;if ($cas_port != '443') {    $cas_url = $cas_url . ':' . $cas_port;}$cas_url = $cas_url . $cas_context;// Set the session-name to be unique to the current script so that the client script// doesn't share its session with a proxied script.// This is just useful when running the example code, but not normally.session_name(    'session_for:'    . preg_replace('/[^a-z0-9-]/i', '_', basename($_SERVER['SCRIPT_NAME'])));// Set an UTF-8 encoding header for internation characters (User attributes)header('Content-Type: text/html; charset=utf-8');?>

4、用个简单页面做测试，把CAS-1.3.5\docs\examples\example_simple.php拷贝到工程目录，
修改require_once $phpcas_path . '/CAS.php'; 为
require_once  'CAS.php';
添加
phpCAS::setLang(PHPCAS_LANG_CHINESE_SIMPLIFIED);
支持中文。

这样配置就做好了。

5、现在重启apache，注意php需要添加curl库，php用ticket到认证服务器校验票据时会用到，不知道怎么加的亲们看我的上一篇文章。

访问 http://localhost:81/phpproj/example_simple.php ，就会出现cas server的登录页：




输入用户密码登录成功后即跳转回本页面：




然后同一个浏览器内关掉这个页，再重新打开，或者直接刷新，不会再出现登录页面。 我访问java的cas客户端项目登录后，再打开这个php项目，也无需登录直接可进入，并显示登录用户

这样php的客户端就配置完成！

CAS Sever还可以携带除登录名外的其他用户信息给客户端，php接收用户信息的代码如下：
<?php$attr_array = phpCAS::getAttributes();foreach($attr_array as $x=>$x_value){    echo "cas server返回的用户属性 $x = $x_value";    echo "<br>";}?>
效果图：




当然这只是最简单的配置，实际项目中，还有许多细节要处理，比如登录成功后 添加session属性值等。