Information Technology - Password protecting your pages with PHP and AUthenticate (CAS)

PHP files on the UNIX web server may be configured to require authentication via Auburn's active directory services through AUthenticate (CAS). This measure also benefits users by participating in the single sign-on feature, which means if a user logs into AU Access, for example, they can then use your website without logging in again - and vice versa.

Require Basic Authentication

This method simply requires a user to log in, thereby proving their Auburn University affiliation.

<?php
  // REQUIRE CAS AUTHENTICATION
  require_once $_SERVER['DOCUMENT_ROOT'] . '/includes/PHPCAS/auburncas.php';
?>
<!doctype html>
<html>
  <body>
    <!-- THIS PAGE WILL ONLY LOAD UPON SUCCESSFUL LOGIN.  BAD LOGINS ARE HANDLED BY CAS. -->
    <p><a href="?logout=">Logout</a></p>
  </body>
</html>

Display Content Based on AD Groups

You may want to restrict content to a specific AD group. We have a simple method for this type of authorization. As you can see below, the checkGroupMembership method passes two parameters: the logged in user and an array of AD groups. A user must be in at least one of these groups to pass the authorization test. In your code, replace the two example AD groups with any number of Auburn AD groups of your choosing.

<?php
  // REQUIRE CAS AUTHENTICATION
  require_once $_SERVER['DOCUMENT_ROOT'] . '/includes/PHPCAS/auburncas.php';
  
  // REQUEST AUTHORIZATION VIA LDAP
  $user = phpCAS::getUser();
  $auth = checkGroupMembership($user, array("exampleADgroup1","exampleADgroup2"));
?>
<!doctype html>
<html>
  <body>
    <h1>LDAP Authorization</h1>
<?
  if ($auth) {
?>
    <p>Authorized! Insert your restricted content here.</p>
<?
  } else {
?>
    <p>Denied! Insert your rejection message here.</p>
<?
  }
?>
    <p><a href="?logout=">Logout</a></p>
  </body>
</html>

Get Active Directory Attributes for Logged In User

The getAttr method has been created so you can retrieve information about the logged in user. This could be used to organize and filter information on the page or used to present personalized information like in the following example. Use this Knowledge Article for attribute names you can request.

<?php
  // REQUIRE CAS AUTHENTICATION
  require_once $_SERVER['DOCUMENT_ROOT'] . '/includes/PHPCAS/auburncas.php';
  
  // REQUEST AUTHORIZATION VIA LDAP
  $user = phpCAS::getUser();
  $auth = checkGroupMembership($user, array("exampleADgroup1","exampleADgroup2"));
?>
<!doctype html>
<html>
  <body>
    <h1>LDAP Authorization</h1>
<?
  if ($auth) {
?>
    <p>Congratulations <? echo getAttr('displayName') ?>! You have access to this restricted content.</p>
<?
  } else {
?>
    <p>Denied! Insert your rejection message here.</p>
<?
  }
?>
    <p><a href="?logout=">Logout</a></p>
  </body>
</html>