Download the PHP package felixrupp/user_cas without Composer

On this page you can find all versions of the php package felixrupp/user_cas. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:
If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

  • Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
  • To use Composer is sometimes complicated. Especially for beginners.
  • Composer needs much resources. Sometimes they are not available on a simple webspace.
  • If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
  • Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Please rate this library. Is it a good library?

Informations about the package user_cas

INTRODUCTION

This App provides CAS authentication support, using the phpCAS library of jasig/apereo.

INSTALLATION

1. DEPENDENCIES

This app does not require a standalone version of jasig’s/apereo’s phpCAS any longer. The library is shipped within composer dependencies, in the archive file you downloaded or the Market/App-Store version if used. Although you can configure to use your own version of jasig’s/apereo’s phpCAS library later on.

2. Recommended - ownCloud Market:

  1. Access the ownCloud web interface with a locally created ownCloud user with admin privileges.
  2. Navigate to the market in your ownCloud instance.
  3. Navigate to the Security category and find CAS user and group backend.
  4. Install the app.
  5. Access the administrations panel => Apps and enable the CAS user and group backend app.
  6. Access the administration panel => User Authentication and configure the app.

3. Basic - Release archive/Nextcloud Appstore:

  1. Download the current stable release from the github releases page according to your platform (ownCloud or Nextcloud) or use the link provided on apps.nextcloud.com for Nextcloud.
  2. Unzip/Untar the archive.
  3. Rename the unarchived folder to user_cas if not already named like that.
  4. Move the user_cas folder to the apps folder of your platform installation.
  5. Adjust the settings for the user_cas folder according to your webserver setup.
  6. Access the platform web interface with a locally created platform user with admin privileges.
  7. Access the administrations panel => Apps and enable the CAS user and group backend app.
  8. Access the administration panel => Security and configure the app.

4. Advanced for development purposes only – GIT clone with composer:

  1. Git clone/copy the downloaded user_cas folder into the platform’s apps folder and make sure to set correct permissions for your webserver.
  2. Change directory inside user_cas folder after cloning and perform a composer update command if you installed via GIT. The dependencies will be installed. Attention: You will need the composer binary to be installed.
  3. Adjust the settings for the user_cas folder according to your webserver setup.
  4. Access the platform web interface with a locally created platform user with admin privileges.
  5. Access the administrations panel => Apps and enable the CAS user and group backend app.
  6. Access the administration panel => User Authentication/Security and configure the app.

Be aware that you may need to add the following entry to your config/config.php to prevent warning messages about the missing app signature in your backend:

CONFIGURATION

The app is configured by using the administration panel. Please make sure to configure with an admin user, authenticated locally against your ownCloud instance (and not against CAS). Make sure to fill in all the fields provided.

CAS Server

CAS Server Version: Default is CAS version 3.0, if you have no special configuration leave it as is.

CAS Server Hostname: The host name of the webserver hosting your CAS, lookup /etc/hosts or your DNS configuration or ask your IT-Department.

CAS Server Port: The port CAS is listening to. Default for HTTPS should be 443.

CAS Server Path: The directory of your CAS. In common setups this path is /cas. Use / if your CAS is in your document root.

Service URL: Service URL pointing to your plattform used for CAS authentication and redirection. Useful when behind a reverse proxy. This url must end in /apps/user_cas/login.

Certification file path (.crt): If you don't want to validate the certificate (i.e. self-signed certificates) then leave this blank. Otherwise enter the absolute path to the certificate (.crt) on your server, beginning at root level.

Use CAS proxy initialization: If active, the CAS-Client is initialized as a proxy. Default off. Activate only, if you know what you’re doing.

Basic

Force user login using CAS?: If checked, users will immediately be redirected to CAS login page, after visiting the ownCloud URL. If checked, Disable CAS logout is automatically disabled. Default: off

Don’t use force login on these client-IPs: Comma separated list of client IP addresses (or address ranges), which won’t be forced to login if "Force user login" is enabled (e.g. 192.168.1.1-254,192.168.2.5). Default: empty

Disable CAS logout: If checked, you will only be logged out from ownCloud/Nextcloud and not from your CAS instance. Default: off

Autocreate user after first CAS login?: If checked, users authenticated against CAS are automatically created. This means, users which did not exist in the database yet who authenticate against CAS will be created and stored in the ownCloud database on their first login. Default: on

Update user data after each CAS login?: If checked, the data provided by CAS is used to update ownCloud user attributes each time the user logs in. Default: off

Disable CAS SingleSignout: If checked, SingleSignout requests from your CAS server will be ignored. ownCloud/Nextcloud sessions will not be terminated because of SSO. Default: off

SingleSignout Servers: Provide a list of servers which can send SingleSignout requests for your CAS ticket (leave empty if you do not have to restrict logout to defined servers).

Keep CAS-ticket-ids in URL?: If checked, CAS-ticket-ids are not removed from the URL. Beware: Potential security risk! Only activate, if you know what you are doing. Default off

Overwrite Login Button Label: Overwrites the CAS-Login button label (only used in Nextcloud). Default: empty

Protect "public share" links with CAS: If checked, public share links will be protected by CAS-login. If a user is already logged in with a valid ownCloud/Nexctloud session, no additional CAS-login is needed. Default off

Mapping

If CAS provides extra attributes, user_cas can retrieve the values of them. Since their name differs in various setups it is necessary to map ownCloud-attribute-names to CAS-attribute-names.

User-ID: Name of user-id attribute in CAS. Only fill this out, if you need to use a specific CAS attribute for the user-id. If left empty, the default CAS user-id is used. Default: empty

Email: Name of email attribute in CAS. Default: empty

Display Name: Name of display name attribute(s) in CAS (this might be the "real name" of a user or a combination of two fields like: firstnames+surnames). Default: empty

Group: Name of group attribute in CAS. Default: empty

Quota: Name of quota attribute in CAS. Quota can be a numeric byte value or a human readable string, like 1GB or 512MB. Default: empty

Groups

Locked Groups: Groups that will not be unlinked. These groups are preserved, when updating a user after login and are not unlinked. Please provide a comma separated list without blanks (eg.: group1,group2). Default: empty

Default group (when autocreating users): When auto creating users after authentication, these groups are set as default if the user has no CAS groups. Please provide a comma separated list without blanks (eg.: group1,group2). Default: empty

Authorized CAS Groups: Members of these groups are authorized to use the ownCloud instance. This setting is especially helpful, if your CAS instance is not handling authorization itself. Please provide a comma separated list without blanks (eg.: group1,group2). Default: empty

Group Quotas: Define quotas for groups of the users authenticated via CAS. Please provide a comma separated list without blanks and with : between group names and quotas (eg.: group1:10GB,group2:500MB). Default: empty

Group Name Filter: Define a filter (PHP RegExp syntax!) with only the allowed characters for a group name. Group names are cut after 63 characters per definition by ownCloud/Nextcloud core and appended by an horizontal ellipsis. Default when empty: a-zA-Z0-9\.\-_ @

Group Name: Replace Umlauts: Activate to filter german umlauts out of the group’s name. Only works, if Group in "Mapping" is filled. Default: off

Group Name: JSON Decode: Activate to JSON decode the delivered data in the group field. Only works, if Group in "Mapping" is filled and your CAS-Server uses JSON syntax for it. Default: off

User’s Default Group: Create default group for each user with UID and optional prefix. Default: off and no prefix

ECAS Settings:

Since Version 1.5 user_cas provides support for using a European Commission ECAS-Server implementation.

Use ECAS Attribute Parser?: Activate the ECAS attribute parser to enable the parsing of groups provided by the European Commission ECAS implementation (do NOT activate until you know what you are doing).

Request full user details?: Activate to request a full user profile in the ECAS callback (do NOT activate until you know what you are doing).

ECAS Strength: Set the authentication strength used by the ECAS instance when validating a user’s ticket (do NOT select until you know what you are doing).

ECAS AssuranceLevel: Set the assurance level used by the ECAS instance when validating a user’s ticket (do NOT select until you know what you are doing).

Query ECAS groups: Define which ECAS groups should be queried when validating a user’s ticket. Please provide a comma separated list without blanks (eg.: GROUP1,GROUP2 or use * for all groups). (Do NOT select until you know what you are doing).

Don’t use Multi-Factor-Authentication on these client-IPs: Comma separated list of client IP addresses (or address ranges), which won’t be forced to use Multi-Factor-Authentication if "ECAS AssuranceLevel" is at least MEDIUM (e.g. 192.168.1.1-254,192.168.2.5). (Do NOT fill until you know what you are doing).

Import CLI:

Since Version Version 1.7.2 user_cas provides support for importing users from an ActiveDirectory LDAP.

ActiveDirectory (LDAP): Provide the necessary information to connect to your AD LDAP Server

LDAP-Host: Provide the LDAP-host information. Set the protocol, host and port to use. Default: empty

LDAP-User and Domain: Provide the LDAP user and domain to authenticate the LDAP connection Default: empty

LDAP-User Password: Set the password for the user (see above). Default: empty

LDAP Base DN: Set the LDAP Base Distinguished Name (DN) for the query. Default: empty

LDAP Sync Filter: Define the filter to be used when querying the according user’s from LDAP. Default: empty

LDAP Syn Pagesize (1-1500): Define the pagesize of the LDAP query response according to your LDAP server’s settings. Default: 1500

CLI Attribute Mapping: Provide the necessary information to map your AD LDAP users to ownCloud

UID/Username: Name of uid/username attribute in your LDAP response. Default: empty

Display Name: Name of display name attribute(s) in your LDAP response (this might be the "real name" of a user or a combination of two fields like: givenname+sn). Default: empty

Email: Name of email attribute in your LDAP response. Default: empty

Group: Name of group attribute in your LDAP response. Default: empty

Group Name Field: Name of the LDAP attribute in your group node to set a group’s name. If no name filed is set or found, the DN of the group will be used as the group’s name. Default: empty

Quota: Name of quota attribute in your LDAP response. Quota can be a numeric byte value or a human readable string, like 1GB or 512MB. Default: empty

Enable: Name of the enable attribute in your LDAP response. This sets the account to enabled/disabled on import, while enabled = 1 and disabled = 0. Default: empty

Calculate Enable Attribute Bitwise AND with: Provide to use a bitwise AND calculation to define the enabled status of the account. Only use if your LDAP’s enabled attribute value is not 0|1. Default: empty

Merge Accounts: Activate to enable account merging. Default: off

Prefer Enabled over Disabled Accounts on Merge: Activate to prefer enabled second accounts over disabled primary accounts. Only works, if Merge Accounts is enabled. Default: off

Merge two active accounts by: Name of the attribute in your LDAP response by which you want to merge two activated accounts. Only works, if Merge Accounts is enabled. Default: empty

Merge two active accounts by: Filterstring: Define a filterstring for the Merge by attribute, that defines which activated account should be preferred on merge. Only works, if Merge by is set and Merge Accounts is enabled. Default: empty

PHP-CAS Library

Setting up the PHP-CAS library options :

Overwrite phpCAS path (CAS.php file): Set a custom path to a CAS.php file of the jasig/phpcas library version you want to use. Beginning at rootlevel of your server. Default: empty, meaning it uses the composer installed dependency in the user_cas folder.

PHP CAS debug file: Set path to a custom phpcas debug file. Beginning at rootlevel of your server. Default: empty

EXTRA INFO

By default the CAS App will unlink all the groups from a user and will provide the groups defined at the Mapping attributes. If this mapping is not defined, the value of the Default group field will be used instead. If both are undefined, then the user will be set with no groups. If you set the Locked Groups field, those groups will not be unlinked from the user.

OCC Commands

user_cas has the following OCC commands implemented:

Create a user:

cas:create-user [--display-name [DISPLAY-NAME]] [--email [EMAIL]] [-g|--group [GROUP]] [-o|--quota [QUOTA]] [-e|--enabled [ENABLED]] [--] <uid>

Notice: Protected groups will never be unlinked from the user! See also Groups.

Update a user:

cas:update-user [--display-name [DISPLAY-NAME]] [--email [EMAIL]] [-g|--group [GROUP]] [-o|--quota [QUOTA]] [-e|--enabled [ENABLED]] [-c|--convert-backend [CONVERT-BACKEND]] [--] <uid>

Notice: Protected groups will never be unlinked from the user! See also Groups.

Import users from ActiveDirectory (LDAP):

cas:import-users-ad [-d|--delta-update [1]] [-c|--convert-backend [1]]

Additional Info: If you want to automate the ActiveDirectory import, call this command in a cronjob of your webservers user (e.g. www-data on debian based linux systems).

Additional Info: If you want additional debug information, use the options -vv or -vvv in your command, to raise the debug level. To quiet the output, use the option -q

Example for usage as daily cronjob with delta updates and backend conversion (if needed), output will be zeroed:

0 0 * * * /usr/bin/php /path/to/owncloud/occ cas:import-users-ad -d 1 -c 1 -q >/dev/null 2>&1

Bugs and Support

Please contribute bug reports and feedback to GitHub Issues.

Commercial support and feature implementation is available via felixrupp.com.

ABOUT

License

AGPL 3.0 or later - http://www.gnu.org/licenses/agpl-3.0.html

Authors

Current Version, since 1.4.0:

Older Versions:

Links


All versions of user_cas with dependencies

PHP Build Version
Package Version
Requires jasig/phpcas Version ^1.5.0
ec-europa/ecas-phpcas-parser Version ^0.3
php Version ^7.3
ext-json Version *
Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package felixrupp/user_cas contains the following files

Loading the files please wait ....