This method simply requires a user to log in, thereby proving their Auburn University affiliation.
<?php
// REQUIRE CAS AUTHENTICATION
require_once $_SERVER['DOCUMENT_ROOT'] . '/_includes/simplesamlphp/AuburnSimpleSAMLphp.php';
?>
<!doctype html>
<html>
<body>
<!-- THIS PAGE WILL ONLY LOAD UPON SUCCESSFUL LOGIN. BAD LOGINS ARE HANDLED BY Authenticate. -->
<p><a href="?logout=">Logout</a></p>
</body>
</html>
You may want to restrict content to a specific AD group. We have a simple method for this type of authorization. As you can see below, the checkGroupMembership method passes two parameters: the logged in user and an array of AD groups. A user must be in at least one of these groups to pass the authorization test. In your code, replace the two example AD groups with any number of Auburn AD groups of your choosing.
<?php
// REQUIRE CAS AUTHENTICATION
require_once $_SERVER['DOCUMENT_ROOT'] . '/_includes/simplesamlphp/AuburnSimpleSAMLphp.php';
// REQUEST AUTHORIZATION VIA LDAP
$auth = checkGroupMembership($user, array("exampleADgroup1","exampleADgroup2"));
?>
<!doctype html>
<html>
<body>
<!-- THIS PAGE WILL ONLY LOAD UPON SUCCESSFUL LOGIN. BAD LOGINS ARE HANDLED BY Authenticate. -->
<h1>LDAP Authorization</h1>
<?
if ($auth) {
?>
<p>Authorized! Insert your restricted content here.</p>
<?
} else {
?>
<p>Denied! Insert your rejection message here.</p>
<?
}
?>
<p><a href="?logout=">Logout</a></p>
</body>
</html>