admin/kubesphere
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
0d852e8276f9455508ef9bc077bfca00d50ef971
kubesphere/pkg/apiserver/authentication/identityprovider/cas/cas.go
hongming 0d852e8276 chore: update copyright headers (#6496) 
Signed-off-by: hongming <coder.scala@gmail.com>
2025-04-30 15:53:51 +08:00

91 lines
2.2 KiB
Go
Raw Blame History

/*
* Copyright 2024 the KubeSphere Authors.
* Please refer to the LICENSE file in the root directory of the project.
* https://github.com/kubesphere/kubesphere/blob/master/LICENSE
*/
package cas
import (
"crypto/tls"
"fmt"
"net/http"
"net/url"
"github.com/mitchellh/mapstructure"
gocas "gopkg.in/cas.v2"
"kubesphere.io/kubesphere/pkg/apiserver/authentication/identityprovider"
"kubesphere.io/kubesphere/pkg/server/options"
)
func init() {
identityprovider.RegisterOAuthProviderFactory(&casProviderFactory{})
}
type cas struct {
RedirectURL string `json:"redirectURL" yaml:"redirectURL"`
CASServerURL string `json:"casServerURL" yaml:"casServerURL"`
InsecureSkipVerify bool `json:"insecureSkipVerify" yaml:"insecureSkipVerify"`
client *gocas.RestClient
}
type casProviderFactory struct {
}
type casIdentity struct {
User string `json:"user"`
}
func (c casIdentity) GetUserID() string {
return c.User
}
func (c casIdentity) GetUsername() string {
return c.User
}
func (c casIdentity) GetEmail() string {
return ""
}
func (f casProviderFactory) Type() string {
return "CASIdentityProvider"
}
func (f casProviderFactory) Create(opts options.DynamicOptions) (identityprovider.OAuthProvider, error) {
var cas cas
if err := mapstructure.Decode(opts, &cas); err != nil {
return nil, err
}
casURL, err := url.Parse(cas.CASServerURL)
if err != nil {
return nil, err
}
redirectURL, err := url.Parse(cas.RedirectURL)
if err != nil {
return nil, err
}
cas.client = gocas.NewRestClient(&gocas.RestOptions{
CasURL: casURL,
ServiceURL: redirectURL,
Client: &http.Client{
Transport: &http.Transport{
TLSClientConfig: &tls.Config{InsecureSkipVerify: cas.InsecureSkipVerify},
},
},
URLScheme: nil,
})
return &cas, nil
}
func (c cas) IdentityExchangeCallback(req *http.Request) (identityprovider.Identity, error) {
// CAS callback, see also https://apereo.github.io/cas/6.3.x/protocol/CAS-Protocol-V2-Specification.html#25-servicevalidate-cas-20
ticket := req.URL.Query().Get("ticket")
resp, err := c.client.ValidateServiceTicket(gocas.ServiceTicket(ticket))
if err != nil {
return nil, fmt.Errorf("cas: failed to validate service ticket : %v", err)
}
return &casIdentity{User: resp.User}, nil
}
Reference in New Issue View Git Blame Copy Permalink