Hi Matthew,
we did introduce visibility (public/private) heavily in the past to
prevent the very common "misuse" of the phpcas library and the external
API we have to maintain. To many errors occurred through people not
understanding the mechanics of CAS. getPGT() is one of those functions
we removed from the public API.
Please have a look at the many different cas proxy example we have on
the wiki [1] or inside the doc/ folder of the client.
I believe a proper implementation would be a straight forward:
phpCAS::proxy(CAS_VERSION_2_0, $cas_host, $cas_port, $cas_context);
phpCAS::forceAuthentication();
$pt = phpCAS::retrievePT('http://localhost/your_proxied_app', $err_code,
$err_msg);
And then passing the PT to the java app that wants to access some
application. Handing over the PGT does not really make sense in my view
since this implies that you have to re-implement part of the cas client
again somewhere else to fetch PTs based on the PGT.
You also have to remember that a PGT is an "unlimited" ticket to request
as many PTs for _any_ proxy enabled service in your CAS domain. The PGT
does not expire but remains valid for your complete CAS session. Sharing
such a PGT with other apps and transmitting unencrypted is a risk and is
not recommended from a security perspective. A PT on the other hand is
one time use for a specific service and valid for a short period of time
which severely reduces the risks.
As you have already discovered you can of course retrieve the PGT out of
the session variables.
Regards,
Joachim
[1]https://wiki.jasig.org/display/CASC/phpCAS+examples#phpCASexamples-ACASproxy
On 12.04.2013 09:18, Matthew wrote:
Hi all.
I'm absolutely new to phpCAS and I have to update the old work of my colleague
which is gone. He used phpCAS 1.0.0 and I think it is a good idea to upgrade to
1.3.2.
Maybe, it will be easy for you but I've just a little question.
We have a web page which gives the PGT to a Java application through a PHP
socket.
We used $PHPCAS_CLIENT->getPGT() to get this PGT. But now, I can't find an
equivalent function to get this PGT. It seems there is a _getPGT, but this
function is private. How can I do this?
Do you have a hint for me?
Best regards,
Matthew.
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
