Authen::CAS::Client is an implementation of a client for use with
JA-SIG's Central Authentication Service.


More information about the CAS protocol can be found
at the JA-SIG CAS homepage:

http://www.ja-sig.org/products/cas/


To install this module, use the following steps:

 perl Makefile.PL
 make
 make test
 make install


NAME
   Authen::CAS::Client - Provides an easy-to-use interface for
   authentication using JA-SIG's Central Authentication Service

SYNOPSIS
     use Authen::CAS::Client;

     my $cas = Authen::CAS::Client->new( 'https://example.com/cas' );


     # generate an HTTP redirect to the CAS login URL
     my $r = HTTP::Response->new( 302 );
     $r->header( Location => $cas->login_url );


     # generate an HTTP redirect to the CAS logout URL
     my $r = HTTP::Response->new( 302 );
     $r->header( Location => $cas->logout_url );


     # validate a service ticket (CAS v1.0)
     my $r = $cas->validate( $service, $ticket );
     if( $r->is_success ) {
       print "User authenticated as: ", $r->user, "\n";
     }

     # validate a service ticket (CAS v2.0)
     my $r = $cas->service_validate( $service, $ticket );
     if( $r->is_success ) {
       print "User authenticated as: ", $r->user, "\n";
     }


     # validate a service/proxy ticket (CAS v2.0)
     my $r = $cas->proxy_validate( $service, $ticket );
     if( $r->is_success ) {
       print "User authenticated as: ", $r->user, "\n";
       print "Proxied through:\n";
       print "  $_\n"
         for $r->proxies;
     }


     # validate a service ticket and request a proxy ticket (CAS v2.0)
     my $r = $cas->service_validate( $server, $ticket, pgtUrl => $url );
     if( $r->is_success ) {
       print "User authenticated as: ", $r->user, "\n";

       unless( defined $r->iou ) {
         print "Service validation for proxying failed\n";
       }
       else {
         print "Proxy granting ticket IOU: ", $r->iou, "\n";

         ...
         # map IOU to proxy granting ticket via request to pgtUrl
         ...

         $r = $cas->proxy( $pgt, $target_service );
         if( $r->is_success ) {
           print "Proxy ticket issued: ", $r->proxy_ticket, "\n";
         }
       }
     }

DESCRIPTION
   The Authen::CAS::Client module provides a simple interface for
   authenticating users using JA-SIG's CAS protocol. Both CAS v1.0 and v2.0
   are supported.

METHODS
 new $url [, %args]
   "new()" creates an instance of an "Authen::CAS::Client" object. $url
   refers to the CAS server's base URL. %args may contain the following
   optional parameter:

  fatal => $boolean
   If this argument is true, the CAS client will "die()" when an error
   occurs and $@ will contain the error message. Otherwise an
   "Authen::CAS::Client::Response::Error" object will be returned. See
   Authen::CAS::Client::Response for more detail on response objects.

 login_url $service [, %args]
   "login_url()" returns the CAS server's login URL which can be used to
   redirect users to start the authentication process. $service is the
   service identifier that will be used during validation requests. %args
   may contain the following optional parameters:

  renew => $boolean
   This causes the CAS server to force a user to re-authenticate even if an
   SSO session is already present for that user.

  gateway => $boolean
   This causes the CAS server to only rely on SSO sessions for
   authentication. If an SSO session is not available for the current user,
   validation will result in a failure.

 logout_url [%args]
   "logout_url()" returns the CAS server's logout URL which can be used to
   redirect users to end authenticated sessions. %args may contain the
   following optional parameter:

  url => $url
   If present, the CAS server will present the user with a link to the
   given URL once the user has logged out.

 validate $service, $ticket [, %args]
   "validate()" attempts to validate a service ticket using the CAS v1.0
   protocol. $service is the service identifier that was passed to the CAS
   server during the login process. $ticket is the service ticket that was
   received after a successful authentication attempt. Returns an
   appropriate Authen::CAS::Client::Response object. %args may contain the
   following optional parameter:

  renew => $boolean
   This will cause the CAS server to respond with a failure if
   authentication validation was done via a CAS SSO session.

 service_validate $service, $ticket [, %args]
   "service_validate()" attempts to validate a service ticket using the CAS
   v2.0 protocol. This is similar to "validate()", but allows for greater
   flexibility when there is a need for proxying authentication to back-end
   services. The $service and $ticket parameters are the same as above.
   Returns an appropriate Authen::CAS::Client::Response object. %args may
   contain the following optional parameters:

  renew => $boolean
   This will cause the CAS server to respond with a failure if
   authentication validation was done via a CAS SSO session.

  pgtUrl => $url
   This tells the CAS server that a proxy ticket needs to be issued for
   proxying authentication to a back-end service. $url corresponds to a
   callback URL that the CAS server will use to verify the service's
   identity. Per the CAS specification, this URL must be HTTPS. If this
   verification fails, normal validation will occur, but a proxy granting
   ticket IOU will not be issued.

   Also note that this call will block until the CAS server completes its
   service verification attempt. The returned proxy granting ticket IOU can
   then be used to retrieve the proxy granting ticket that was passed as a
   parameter to the given URL.

 proxy_validate $service, $ticket [, %args]
   "proxy_validate()" is almost identical in operation to
   "service_validate()" except that both service tickets and proxy tickets
   can be used for validation and a list of proxies will be provided if
   proxied authentication has been used. The $service and $ticket
   parameters are the same as above. Returns an appropriate
   Authen::CAS::Client::Response object. %args may contain the following
   optional parameters:

  renew => $boolean
   This is the same as described above.

  pgtUrl => $url
   This is the same as described above.

 proxy $pgt, $target
   "proxy()" is used to retrieve a proxy ticket that can be passed to a
   back-end service for proxied authentication. $pgt is the proxy granting
   ticket that was passed as a parameter to the "pgtUrl" specified in
   either "service_validate()" or "proxy_validate()". $target is the
   service identifier for the back-end system that will be using the
   returned proxy ticket for validation. Returns an appropriate
   Authen::CAS::Client::Response object.

BUGS
   None are known at this time, but if you find one, please feel free to
   submit a report to the author.

AUTHOR
   jason hord <[email protected]>

SEE ALSO
   Authen::CAS::Client::Response

   More information about CAS can be found at JA-SIG's CAS homepage:
   <http://www.ja-sig.org/products/cas/>

LICENSE
   This software is information. It is subject only to local laws of
   physics.

You are viewing proxied material from ftp.icm.edu.pl. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.