This method simply requires a user to log in, thereby proving their Auburn University affiliation.
<?php // REQUIRE CAS AUTHENTICATION require_once $_SERVER['DOCUMENT_ROOT'] . '/includes/PHPCAS/auburncas.php'; ?> <!doctype html> <html> <body> <!-- THIS PAGE WILL ONLY LOAD UPON SUCCESSFUL LOGIN. BAD LOGINS ARE HANDLED BY CAS. --> <p><a href="?logout=">Logout</a></p> </body> </html>
You may want to restrict content to a specific AD group. We have a simple method for this type of authorization. As you can see below, the checkGroupMembership method passes two parameters: the logged in user and an array of AD groups. A user must be in at least one of these groups to pass the authorization test. In your code, replace the two example AD groups with any number of Auburn AD groups of your choosing.
<?php // REQUIRE CAS AUTHENTICATION require_once $_SERVER['DOCUMENT_ROOT'] . '/includes/PHPCAS/auburncas.php'; // REQUEST AUTHORIZATION VIA LDAP $user = phpCAS::getUser(); $auth = checkGroupMembership($user, array("exampleADgroup1","exampleADgroup2")); ?> <!doctype html> <html> <body> <h1>LDAP Authorization</h1> <? if ($auth) { ?> <p>Authorized! Insert your restricted content here.</p> <? } else { ?> <p>Denied! Insert your rejection message here.</p> <? } ?> <p><a href="?logout=">Logout</a></p> </body> </html>
The getAttr method has been created so you can retrieve information about the logged in user. This could be used to organize and filter information on the page or used to present personalized information like in the following example. Use this Knowledge Article for attribute names you can request.
<?php // REQUIRE CAS AUTHENTICATION require_once $_SERVER['DOCUMENT_ROOT'] . '/includes/PHPCAS/auburncas.php'; // REQUEST AUTHORIZATION VIA LDAP $user = phpCAS::getUser(); $auth = checkGroupMembership($user, array("exampleADgroup1","exampleADgroup2")); ?> <!doctype html> <html> <body> <h1>LDAP Authorization</h1> <? if ($auth) { ?> <p>Congratulations <? echo getAttr('displayName') ?>! You have access to this restricted content.</p> <? } else { ?> <p>Denied! Insert your rejection message here.</p> <? } ?> <p><a href="?logout=">Logout</a></p> </body> </html>