Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

We're retiring the forums!

The SilverStripe forums have passed their heyday. They'll stick around, but will be read only. We'd encourage you to get involved in the community via the following channels instead:

Customising the CMS /

Moderators: martimiz, Sean, Ed, biapar, Willr, Ingo, swaiba

phpCAS autologin issue


Go to End


1657 Views

Avatar
benshu

Community Member, 4 Posts

4 April 2012 at 1:39am

Hi,

I am trying to get an automatic login to the admin panel based on a phpCAS authentifcation server.
I have extended MemberLoginform and managed to include the CAS classes.
I have been able to get the authentifcation from CAS and to automatically login to the front end.

However, I can then no longer login to admin, I just get a blank page.
The user I am using is an admin user, but it doesn't redirect to admin section, it displays the front end "you are now logged in as ...".

any ideas what is wrong ? possibly a conflict between SS classes and the phpCAS external classes I am calling ?

here is the content of my class:


<?php

//let SS know to use the new class rather than the default one for the login form
//Object::useCustomClass('MemberLoginForm', 'CustomLoginForm');

class CustomLoginForm extends MemberLoginForm {

   	function __construct($controller, $name, $fields = null, $actions = null, $checkCurrentUser = true) {

		////////START CASified/////////////

		//CAS required classes and configs
		include_once 'cas/config-lab.php';
		include_once 'cas/CAS.php';
		
		// Initialize phpCAS
		/* @link https://wiki.jasig.org/display/CASC/phpCAS*/
		//last param disable session handling as SS already has session running
		phpCAS::client(CAS_VERSION_2_0, $cas_host, $cas_port, $cas_context, $start_session=false);
		
		// Uncomment to enable debugging
		//phpCAS::setDebug();
		
		// For production use set the CA certificate that is the issuer of the cert
		// on the CAS server and uncomment the line below
		// phpCAS::setCasServerCACert($cas_server_ca_cert_path);

		// For quick testing you can disable SSL validation of the CAS server.
		// THIS SETTING IS NOT RECOMMENDED FOR PRODUCTION.
		// VALIDATING THE CAS SERVER IS CRUCIAL TO THE SECURITY OF THE CAS PROTOCOL!
		phpCAS::setNoCasServerValidation();
		
		// force CAS authentication
		phpCAS::forceAuthentication();		
		
		// at this step, the user has been authenticated by the CAS server
		// and the user's login name can be read with phpCAS::getUser().
		
		$CASusername = phpCAS::getUser();
		
		///////////END CASified////////////////
		
		// This is now set on the class directly to make it easier to create subclasses
		// $this->authenticator_class = $authenticatorClassName;

		$customCSS = project() . '/css/member_login.css';
		if(Director::fileExists($customCSS)) {
			Requirements::css($customCSS);
		}
		
		if(isset($_REQUEST['BackURL'])) {
			$backURL = $_REQUEST['BackURL'];
		} else {
			$backURL = Session::get('BackURL');
		}

		if($checkCurrentUser && Member::currentUser() && Member::logged_in_session_exists()) {
			$fields = new FieldSet(
				new HiddenField("AuthenticationMethod", null, $this->authenticator_class, $this)
			);
			$actions = new FieldSet(
				new FormAction("logout", _t('Member.BUTTONLOGINOTHER', "Log in as someone else"))
			);
		} else {
						
			if($CASusername == 'mycasusername') {
			//CAS authentified
			
			$emailAddress='myemail';
			$password='mypassword';
				
				$member = false;
				
				$emailAddress = Convert::raw2sql($emailAddress);
				$password     = Convert::raw2sql($password);
				
				$member = MemberAuthenticator::authenticate(array(
					'Email'    => $emailAddress,
					'Password' => $password
				));

				if ($member) {
					$member->logIn();
				}
			
			}
			else {
			//else regular login form
		   //new TextareaField( name, title, rows, cols, value, form) 
		
				if(!$fields) {
					$label=singleton('Member')->fieldLabel(Member::get_unique_identifier_field());
					$fields = new FieldSet(
						new HiddenField("AuthenticationMethod", null, $this->authenticator_class, $this),
						//Regardless of what the unique identifer field is (usually 'Email'), it will be held in the 'Email' value, below:
						new TextField("Email", $label, Session::get('SessionForms.MemberLoginForm.Email'), null, $this),
						new PasswordField("Password", _t('Member.PASSWORD', 'Password'))
					);
					if(Security::$autologin_enabled) {
						$fields->push(new CheckboxField(
							"Remember", 
							_t('Member.REMEMBERME', "Remember me next time?")
						));
					}
				}
				if(!$actions) {
					$actions = new FieldSet(
						new FormAction('dologin', _t('Member.BUTTONLOGIN', "Log in")),
						new LiteralField(
							'forgotPassword',
							'<p id="ForgotPassword"><a href="Security/lostpassword">' . _t('Member.BUTTONLOSTPASSWORD', "I've lost my password") . '</a></p>'
						)
					);
				}
			
			}
			
		}

		if(isset($backURL)) {
			$fields->push(new HiddenField('BackURL', 'BackURL', $backURL));
		}

		parent::__construct($controller, $name, $fields, $actions);

		// Focus on the email input when the page is loaded
		// Only include this if other form JS validation is enabled
		if($this->getValidator()->getJavascriptValidationHandler() != 'none') {
			Requirements::customScript(<<<JS
				(function() {
					var el = document.getElementById("MemberLoginForm_LoginForm_Email");
					if(el && el.focus) el.focus(); 
				})();
JS
			);
		}
	}
	   

}


thanks