forked from CWRUChielLab/CASAuth
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathCASAuthSettings.php.template
157 lines (132 loc) · 5.18 KB
/
CASAuthSettings.php.template
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
<?php
# This file controls the configuration of the CASAuth extension. The defaults
# for these options are defined in CASAuth.php, and are only defined here as
# well for the sake of documentation. It is highly suggested you should not
# modify the CASAuth defaults unless you know what you are doing.
# Location of the phpCAS library, which is required for this Extension. For
# more information, see https://wiki.jasig.org/display/CASC/phpCAS for more
# information.
#
# Default: $CASAuth["phpCAS"]="$IP/extensions/CASAuth/CAS";
$CASAuth["phpCAS"]="$IP/extensions/CASAuth/CAS";
# Location of the CAS authentication server. You must set this to the location
# of your CAS server. You have a CAS server right?
#
# Default: $CASAuth["Server"]="auth.example.com";
$CASAuth["Server"]="auth.example.com";
# An array of servers that are allowed to make use of the Single Sign Out
# feature. Leave to false if you do not support this feature, of if you dont
# want to use it. Otherwise, add servers on individual lines.
# Example:
# $CASAuth["LogoutServers"][]='cas-logout-01.example.com';
# $CASAuth["LogoutServers"][]='cas-logout-02.example.com';
#
# Default: $CASAuth["LogoutServers"]=false;
$CASAuth["LogoutServers"]=false;
# Server port for communicating with the CAS server.
#
# Default: $CASAuth["Port"]=443;
$CASAuth["Port"]=443;
# URI Path to the CAS authentication service
#
# Default: $CASAuth["Url"]="/cas/";
$CASAuth["Url"]="/cas/";
# CA Certificate Settings
#
# Set UseCert to true if you need to use a CA certificate to authenticate
# then set Cert to the certificate location.
#
# Default: $CASAuth["UseCert"]=false;
# Default: $CASAuth["Cert"]="/crt/cert.crt";
$CASAuth["UseCert"]=false;
$CASAuth["Cert"]="/crt/cert.crt";
# CAS Version. Available versions are "1.0" and "2.0".
#
# Default: $CASAuth["Version"]="2.0";
$CASAuth["Version"]="2.0";
# Enable auto-creation of users when signing in via CASAuth. This is required
# if the users do not already exist in the MediaWiki use database. If accounts
# are not regularly being creating, it is recommended that this be set to false
#
# Default: $CASAuth["CreateAccounts"]=false
$CASAuth["CreateAccounts"]=false;
# If the "CreateAccounts" option is set "true", the string below is used as a
# salt for generating passwords for the users. This salt is not used by
# the normal Mediawiki authentication and is only in place to prevent someone
# from cracking passwords in the database. This should be changed to something
# long and horrendous to remember.
#
# Default: $CASAuth["PwdSecret"]="Secret";
$CASAuth["PwdSecret"]="Secret";
# The email domain is appended to the end of the username when the user logs
# in. This does not affect their email address, and is for aesthetic purposes
# only.
#
# Default: $CASAuth["EmailDomain"]="example.com";
$CASAuth["EmailDomain"]="example.com";
# Restrict which users can login to the wiki? If set to true, only the users
# in the $CASAuth["AllowedUsers"] array can login.
#
# Default: $CASAuth["RestrictUsers"]=false
$CASAuth["RestrictUsers"]=true;
# Should CAS users be logged in with the "Remember Me" option?
#
# Default: $CASAuth["RememberMe"]=true;
$CASAuth["RememberMe"]=true;
# If $CASAuth["RestrictUsers"] is set to true, the list of users below are the
# users that are allowed to login to the wiki.
#
# Default: $CASAuth["AllowedUsers"] = false;
$CASAuth["AllowedUsers"] = false;
# If a user is not allowed to login, where should we redirect them to?
#
# Default: $CASAuth["RestrictRedirect"]="http://www.example.com";
$CASAuth["RestrictRedirect"]="http://www.example.com";
# If you dont like the uid that CAS returns (ie. it returns a number) you can
# modify the routine below to return a customized username instead.
#
# Default: Returns the username, untouched
function casNameLookup($username) {
return $username;
}
# If your users aren't all on the same email domain you can
# modify the routine below to return their email address
#
# Default: Returns $username@EmailDomain
function casEmailLookup($username) {
global $CASAuth;
return $username."@".$CASAuth["EmailDomain"];
}
# If you dont like the uid that CAS returns (ie. it returns a number) you can
# modify the routine below to return a customized real name instead.
#
# Default: Returns the username, untouched
function casRealNameLookup($username) {
return $username;
}
/*
# If you would like to use ldap to retrieve real names, you can use these
# functions instead. Remember to fill in appropriate parameters for ldap.
function casRealNameLookup($username) {
return @casRealNameLookupFromLDAP($username);
}
function casRealNameLookupFromLDAP($username) {
try {
# login to the LDAP server
$ldap = ldap_connect("host");
$bind = ldap_bind($ldap, "bind_rdn", "bind_password");
# look up the user's name by user id
$result = ldap_search($ldap, "base_dn", "(uid=$username)");
$info = ldap_get_entries($ldap, $result);
$first_name = $info[0]["givenname"][0];
$last_name = $info[0]["sn"][0];
# log out of the server
ldap_unbind($ldap);
$realname = $first_name . " " . $last_name;
} catch (Exception $e) {}
if ($realname == " " || $realname == "" || $realname == NULL) {
$realname = $username;
}
return $realname;
}
*/