On Thu, 1 Aug 2013, Marvin Addison wrote:
I recently upgraded an integration test host from phpCAS 1.1.x to
1.3.2 and apparently did not look too closely at the API changes. My
old config worked and I moved on, but apparently the way forced
authentication works has changed. Formerly I did the following:
phpCAS::forceAuthentication(true);
Now that simply causes CAS authentication and not forced
authentication in the CAS sense of renew=true, apparently because
forceAuthentication doesn't take a boolean parameter for renew=true
any longer. I can't find any documentation examples for renew/forced
auth with the latest release, so I'm guessing how to do this now. It
looks like I should be able to do the following instead:
phpCAS::renewAuthentication();
Unfortunately that takes me to the CAS login page with the renew
parameter on every attempt to access the phpCAS-protected resource. In
other words I can't get through to the app despite successfully
authenticating to CAS.
Can someone point me in the right direction?
I've been looking at the CAS/Client.php code for a long time this
afternoon trying to figure this out. There is only one path in the code
that will redirect to CAS with renew=true:
if ( $this->isAuthenticated() ) {
phpCAS::trace('user already authenticated; renew');
$this->redirectToCas(false, true);
It appears this can only ever happen when isAuthenticated() returns true.
If I understand the way they intend the renewAuthentication() function to
be used, then it doesn't fit your use case.
I have to agree with you - there should be another function or an argument
to forceAuthentication that will cause the redirect to CAS to use
renew=true.
Maybe you should file a bug or enhancement request?
Andy
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
