.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\"
.\" If the F register is >0, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{\
.    if \nF \{\
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{\
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear.  Run.  Save yourself.  No user-serviceable parts.
.    \" fudge factors for nroff and troff
.if n \{\
.    ds #H 0
.    ds #V .8m
.    ds #F .3m
.    ds #[ \f1
.    ds #] \fP
.\}
.if t \{\
.    ds #H ((1u-(\\\\n(.fu%2u))*.13m)
.    ds #V .6m
.    ds #F 0
.    ds #[ \&
.    ds #] \&
.\}
.    \" simple accents for nroff and troff
.if n \{\
.    ds ' \&
.    ds ` \&
.    ds ^ \&
.    ds , \&
.    ds ~ ~
.    ds /
.\}
.if t \{\
.    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
.    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
.    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
.    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
.    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
.    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
.    \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
.    \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
.    \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
.    ds : e
.    ds 8 ss
.    ds o a
.    ds d- d\h'-1'\(ga
.    ds D- D\h'-1'\(hy
.    ds th \o'bp'
.    ds Th \o'LP'
.    ds ae ae
.    ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ========================================================================
.\"
.IX Title "AuthCAS 3pm"
.TH AuthCAS 3pm "2021-01-07" "perl v5.32.0" "User Contributed Perl Documentation"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
AuthCAS \- Client library for JA\-SIG CAS 2.0 authentication server
.SH "VERSION"
.IX Header "VERSION"
Version 1.7
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
AuthCAS aims at providing a Perl \s-1API\s0 to JA-SIG Central Authentication System (\s-1CAS\s0). 
Only a basic Perl library is provided with \s-1CAS\s0 whereas AuthCAS is a full object-oriented library.
.SH "PREREQUISITES"
.IX Header "PREREQUISITES"
This script requires IO::Socket::SSL and LWP::UserAgent
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\&  A simple example with a direct CAS authentication
\&
\&  use AuthCAS;
\&  my $cas = new AuthCAS(casUrl => \*(Aqhttps://cas.myserver, 
\&                    CAFile => \*(Aq/etc/httpd/conf/ssl.crt/ca\-bundle.crt\*(Aq,
\&                    );
\&
\&  my $login_url = $cas\->getServerLoginURL(\*(Aqhttp://myserver/app.cgi\*(Aq);
\&
\&  ## The user should be redirected to the $login_url
\&  ## When coming back from the CAS server a ticket is provided in the QUERY_STRING
\&
\&  ## $ST should contain the receaved Service Ticket
\&  my $user = $cas\->validateST(\*(Aqhttp://myserver/app.cgi\*(Aq, $ST);
\&
\&  printf "User authenticated as %s\en", $user;
\&
\&
\&  In the following example a proxy is requesting a Proxy Ticket for the target application
\&
\&  $cas\->proxyMode(pgtFile => \*(Aq/tmp/pgt.txt\*(Aq,
\&                  pgtCallbackUrl => \*(Aqhttps://myserver/proxy.cgi?callback=1
\&                  );
\&  
\&  ## Same as before but the URL is the proxy URL
\&  my $login_url = $cas\->getServerLoginURL(\*(Aqhttp://myserver/proxy.cgi\*(Aq);
\&
\&  ## Like in the previous example we should receave a $ST
\&
\&  my $user = $cas\->validateST(\*(Aqhttp://myserver/proxy.cgi\*(Aq, $ST);
\&
\&  ## Process errors
\&  printf STDERR "Error: %s\en", &AuthCAS::get_errors() unless (defined $user);
\&
\&  ## Now we request a Proxy Ticket for the target application
\&  my $PT = $cas\->retrievePT(\*(Aqhttp://myserver/app.cgi\*(Aq);
\&    
\&  ## This piece of code is executed by the target application
\&  ## It received a Proxy Ticket from the proxy
\&  my ($user, @proxies) = $cas\->validatePT(\*(Aqhttp://myserver/app.cgi\*(Aq, $PT);
\&
\&  printf "User authenticated as %s via %s proxies\en", $user, join(\*(Aq,\*(Aq,@proxies);
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
Jasig \s-1CAS\s0 is Yale University's web authentication system, heavily inspired by Kerberos.
Release 2.0 of \s-1CAS\s0 provides \*(L"proxied credential\*(R" feature that allows authentication
tickets to be carried by intermediate applications (Portals for instance), they are
called proxy.
.PP
This AuthCAS Perl module provides required subroutines to validate and retrieve \s-1CAS\s0 tickets.
.SS "new"
.IX Subsection "new"
.Vb 4
\&  my $cas = new AuthCAS(
\&                    casUrl => \*(Aqhttps://cas.myserver\*(Aq, 
\&                    CAFile => \*(Aq/etc/httpd/conf/ssl.crt/ca\-bundle.crt\*(Aq,
\&                    );
.Ve
.PP
The \f(CW\*(C`new\*(C'\fR constructor lets you create a new \fBAuthCAS\fR object.
.IP "casUrl \- \s-1REQUIRED\s0" 4
.IX Item "casUrl - REQUIRED"
.PD 0
.IP "CAFile" 4
.IX Item "CAFile"
.IP "CAPath" 4
.IX Item "CAPath"
.IP "loginPath \- '/login'" 4
.IX Item "loginPath - '/login'"
.IP "logoutPath \- '/logout'" 4
.IX Item "logoutPath - '/logout'"
.IP "serviceValidatePath \- '/serviceValidate'" 4
.IX Item "serviceValidatePath - '/serviceValidate'"
.IP "proxyPath \- '/proxy'" 4
.IX Item "proxyPath - '/proxy'"
.IP "proxyValidatePath \- '/proxyValidate'" 4
.IX Item "proxyValidatePath - '/proxyValidate'"
.IP "SSL_version \- unset" 4
.IX Item "SSL_version - unset"
.PD
Sets the version of the \s-1SSL\s0 protocol used to transmit data. If the default causes connection issues, setting it to 'SSLv3' may help.
see the documentation for \*(L"\s-1METHODS\*(R"\s0 in IO::Socket::SSL for more information
see <http://www.perlmonks.org/?node_id=746493> for more details.
.PP
Returns a new \fBAuthCAS\fR or dies on error.
.SS "get_errors"
.IX Subsection "get_errors"
Return module errors
.SS "proxyMode"
.IX Subsection "proxyMode"
Use the \s-1CAS\s0 object as a proxy
.IP "pgtFile =item pgtCallbackUrl" 4
.IX Item "pgtFile =item pgtCallbackUrl"
.SS "dump_var"
.IX Subsection "dump_var"
.SS "getServerLoginURL($service)"
.IX Subsection "getServerLoginURL($service)"
Returns a \s-1URL\s0 that you can redirect the browser to, which includes the \s-1URL\s0 to return to
.PP
\&\s-1TODO:\s0 it escapes the return \s-1URL,\s0 but I've noticed some issues with more complicated \s-1URL\s0's
.SS "getServerLoginGatewayURL($service)"
.IX Subsection "getServerLoginGatewayURL($service)"
Returns non-blocking login \s-1URL\s0
ie: if user is logged in, return the ticket, otherwise do not prompt for login
.SS "getServerLogoutURL($service)"
.IX Subsection "getServerLogoutURL($service)"
Return logout \s-1URL\s0
After logout user is redirected back to the application
.ie n .SS "getServerServiceValidateURL($service, $ticket, $pgtUrl)"
.el .SS "getServerServiceValidateURL($service, \f(CW$ticket\fP, \f(CW$pgtUrl\fP)"
.IX Subsection "getServerServiceValidateURL($service, $ticket, $pgtUrl)"
Returns
.ie n .SS "getServerProxyURL($targetService, $pgt)"
.el .SS "getServerProxyURL($targetService, \f(CW$pgt\fP)"
.IX Subsection "getServerProxyURL($targetService, $pgt)"
Returns
.ie n .SS "getServerProxyValidateURL($service, $ticket)"
.el .SS "getServerProxyValidateURL($service, \f(CW$ticket\fP)"
.IX Subsection "getServerProxyValidateURL($service, $ticket)"
Returns
.ie n .SS "validateST($service, $ticket)"
.el .SS "validateST($service, \f(CW$ticket\fP)"
.IX Subsection "validateST($service, $ticket)"
Validate a Service Ticket
Also used to get a \s-1PGT\s0
.PP
Returns the login that created the ticket, if the ticket is valid for that \f(CW$service\fR \s-1URL\s0
.PP
returns undef if the ticket is not valid.
.ie n .SS "validatePT($service, $ticket)"
.el .SS "validatePT($service, \f(CW$ticket\fP)"
.IX Subsection "validatePT($service, $ticket)"
Validate a Proxy Ticket
.PP
Returns the login that created the ticket, if the ticket is valid for that \f(CW$service\fR \s-1URL,\s0 
    and a list of Proxies used.
.PP
.Vb 1
\&    user returned == undef if its not a valid ticket
.Ve
.SS "callCAS($url)"
.IX Subsection "callCAS($url)"
## Access a \s-1CAS URL\s0 and parses received \s-1XML\s0
.PP
Returns
.ie n .SS "storePGT($pgtIou, $pgtId)"
.el .SS "storePGT($pgtIou, \f(CW$pgtId\fP)"
.IX Subsection "storePGT($pgtIou, $pgtId)"
.SS "retrievePT($service)"
.IX Subsection "retrievePT($service)"
Returns
.SS "get_https2"
.IX Subsection "get_https2"
request a document using https, return status and content
.PP
Sven suspects this is intended to be private.
.PP
Returns
.SH "SEE ALSO"
.IX Header "SEE ALSO"
JA-SIG Central Authentication Service <http://www.jasig.org/cas>
.PP
was Yale Central Authentication Service <http://www.yale.edu/tp/auth/>
.PP
phpCAS <http://esup\-phpcas.sourceforge.net/>
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright (C) 2003, 2005,2006,2007,2009 Olivier Salaun \- Comite\*' Re\*'seau des Universite\*'s <http://www.cru.fr>
              2012 Sven Dowideit \- <mailto:SvenDowideit@fosiki.com>
.PP
This library is free software; you can redistribute it and/or modify
it under the same terms as Perl itself.
.SH "AUTHORS"
.IX Header "AUTHORS"
.Vb 2
\&  Olivier Salaun
\&  Sven Dowideit
.Ve