diff --git a/backend/AUTH/methode/cas.php b/backend/AUTH/methode/cas.php
index ed4291755..6aa906d7f 100755
--- a/backend/AUTH/methode/cas.php
+++ b/backend/AUTH/methode/cas.php
@@ -44,8 +44,22 @@ function get_cas_config() {
if (!isset($sql_update)) {
$cas->client(CAS_VERSION_2_0, $config['CAS_HOST'], (int)$config['CAS_PORT'], $config['CAS_URI']);
- // uncomment following line if not using server validation
- $cas->setNoCasServerValidation();
+ // Set Service URL
+ // required if operating behind a load balancer or reverse proxy.
+ if (!isset($config['CAS_BASEURL'])) {
+ $cas->setFixedServiceURL($config['CAS_BASEURL']);
+ }
+
+ // Set CAS Server CA Cert
+ // Strongly recommended for production environments
+ if (!isset($config['CAS_SERVER_CA_CERT_PATH'])) {
+ $cas->setCasServerCACert($config['CAS_SERVER_CA_CERT_PATH']);
+ } else {
+ // if CAS Server CA Cert Path not set, fall back to no validation.
+ $cas->setNoCasServerValidation();
+ }
+
+ // force CAS authentication on any page that includes this file.
$cas->forceAuthentication();
$login = $cas->getUser();
$mdp = "";
diff --git a/files/update/7075.sql b/files/update/7075.sql
new file mode 100644
index 000000000..5e7a5f190
--- /dev/null
+++ b/files/update/7075.sql
@@ -0,0 +1,5 @@
+-- Add CAS variables to config table
+
+INSERT IGNORE INTO `config` (NAME, IVALUE, TVALUE, COMMENTS)
+VALUES ('CAS_BASEURL',0,'','Server URL as seen by CAS IdP, e.g. : https://ocs.example.com/ocsreports'),
+ ('CAS_SERVER_CA_CERT_PATH',0,'','Path to IdP Server CA Certificate for server validation function, e.g. : files/certificates/CA.pem');
\ No newline at end of file
diff --git a/plugins/language/de_DE/de_DE.txt b/plugins/language/de_DE/de_DE.txt
index 8d13d235d..7854dd7fa 100644
--- a/plugins/language/de_DE/de_DE.txt
+++ b/plugins/language/de_DE/de_DE.txt
@@ -1648,6 +1648,8 @@
9700 CAS Server Port, z.B. : 443
9701 CAS Server URI, z.B. : /cas
9702 CAS Server Host, z.B. : authentication.org
+9705 CAS Basis URI, z.B. : ocs.example.com
+9706 CAS Server CA-Zertifikatspfad, z.B. : /path/to/cachain.pem
9704 CAS Konfiguration
diff --git a/plugins/language/en_GB/en_GB.txt b/plugins/language/en_GB/en_GB.txt
index 46af1b79c..1ef8ab3a2 100755
--- a/plugins/language/en_GB/en_GB.txt
+++ b/plugins/language/en_GB/en_GB.txt
@@ -1847,6 +1847,8 @@
9701 CAS server uri, e.g : /cas
9702 CAS server host, e.g. : authentication.org
9703 CAS default role, applied on first connection initiated using CAS authentication
+9705 CAS Base URI, e.g. : ocs.example.com
+9706 CAS Server CA Certificate Path, e.g. : /path/to/cachain.pem
9704 CAS Configuration
9800 Exclude archived computers from statistics, CVE inventory, all softwares count, computers per TAG count
diff --git a/plugins/language/fr_FR/fr_FR.txt b/plugins/language/fr_FR/fr_FR.txt
index e51c9f292..ea0a1542e 100644
--- a/plugins/language/fr_FR/fr_FR.txt
+++ b/plugins/language/fr_FR/fr_FR.txt
@@ -1842,6 +1842,8 @@
9701 URI du serveur CAS, e.g : /cas
9702 Adresse du serveur CAS, e.g. : authentication.org
9703 Profil par défaut, appliqué à la première connexion CAS
+9705 URI de base du CAS, e.g. : ocs.example.com
+9706 Chemin du certificat du serveur CAS, e.g. : /path/to/cachain.pem
9704 Configuration CAS
9800 Exlure les machines archivées des Statistiques, de l'inventaire CVE, du compte de Tous les logiciels, du compte des machines par TAG
diff --git a/plugins/language/ja_JP/ja_JP.txt b/plugins/language/ja_JP/ja_JP.txt
index 9cb22b23f..cfd197d34 100755
--- a/plugins/language/ja_JP/ja_JP.txt
+++ b/plugins/language/ja_JP/ja_JP.txt
@@ -1836,6 +1836,8 @@
9701 CAS server uri, e.g : /cas
9702 CAS server host, e.g. : authentication.org
9703 CAS default role, applied on first connection initiated using CAS authentication
+9705 CAS Base URI, e.g. : ocs.example.com
+9706 CAS Server CA Certificate Path, e.g. : /path/to/cachain.pem
9704 CAS Configuration
9800 Exclude archived computers from statistics, CVE inventory, all softwares count, computers per TAG count
diff --git a/require/function_config_generale.php b/require/function_config_generale.php
index f9343c0fe..b2cff853c 100644
--- a/require/function_config_generale.php
+++ b/require/function_config_generale.php
@@ -392,6 +392,8 @@ function update_default_value($POST) {
'CAS_URI' => 'CAS_URI',
'CAS_HOST' => 'CAS_HOST',
'CAS_DEFAULT_ROLE' => 'CAS_DEFAULT_ROLE',
+ 'CAS_BASEURL' => 'CAS_BASEURL',
+ 'CAS_SERVER_CA_CERT_PATH' => 'CAS_SERVER_CA_CERT_PATH',
'VULN_CVESEARCH_HOST', 'VULN_BAN_LIST',
'IT_SET_NAME_TEST', 'IT_SET_NAME_LIMIT', 'IT_SET_TAG_NAME',
'IT_SET_NIV_CREAT', 'IT_SET_NIV_TEST', 'IT_SET_NIV_REST', 'IT_SET_NIV_TOTAL', 'EXPORT_SEP', 'WOL_PORT',
@@ -1048,6 +1050,8 @@ function pageCas() {
'CAS_URI' => 'CAS_URI',
'CAS_HOST' => 'CAS_HOST',
'CAS_DEFAULT_ROLE' => 'CAS_DEFAULT_ROLE',
+ 'CAS_BASEURL' => 'CAS_BASEURL',
+ 'CAS_SERVER_CA_CERT_PATH' => 'CAS_SERVER_CA_CERT_PATH'
);
$values = look_config_default_values($champs);
$role1 = get_profile_labels();
@@ -1058,6 +1062,8 @@ function pageCas() {
ligne('CAS_URI', $l->g(9701) . '
' . '', 'input', array('VALUE' => $values['tvalue']['CAS_URI'] ?? '', 'SIZE' => "30%", 'MAXLENGTH' => 200));
ligne('CAS_HOST', $l->g(9702) . '
' . '', 'input', array('VALUE' => $values['tvalue']['CAS_HOST'] ?? '', 'SIZE' => "30%", 'MAXLENGTH' => 200));
ligne('CAS_DEFAULT_ROLE', $l->g(9703), 'select', array('VALUE' => $values['tvalue']['CAS_DEFAULT_ROLE'] ?? '', 'SELECT_VALUE' => $default_role));
+ ligne('CAS_BASEURL', $l->g(9705) . '
' . '', 'input', array('VALUE' => $values['tvalue']['CAS_BASEURL'] ?? '', 'SIZE' => "30%", 'MAXLENGTH' => 200));
+ ligne('CAS_SERVER_CA_CERT_PATH', $l->g(9706) . '
' . '', 'input', array('VALUE' => $values['tvalue']['CAS_SERVER_CA_CERT_PATH'] ?? '', 'SIZE' => "30%", 'MAXLENGTH' => 200));
}
diff --git a/var.php b/var.php
index 4fd4c8083..71be34bbc 100644
--- a/var.php
+++ b/var.php
@@ -73,7 +73,8 @@
/**
* OCS' MySQL database version
*/
-define('GUI_VER', '7074');
+
+define('GUI_VER', '7075');
/**
* GUI Version