Migrate to cas-lib

.github/workflows/php.yml

@@ -19,9 +19,9 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        php-version: ['8.1', '8.2', '8.3', '8.4']
+        php-version: ['8.2', '8.3', '8.4', '8.5']
 
-    uses: simplesamlphp/simplesamlphp-test-framework/.github/workflows/reusable_phplinter.yml@v1.9.2
+    uses: simplesamlphp/simplesamlphp-test-framework/.github/workflows/reusable_phplinter.yml@v1.10.6
     with:
       php-version: ${{ matrix.php-version }}
 
@@ -30,7 +30,7 @@ jobs:
     strategy:
       fail-fast: false
 
-    uses: simplesamlphp/simplesamlphp-test-framework/.github/workflows/reusable_linter.yml@v1.9.2
+    uses: simplesamlphp/simplesamlphp-test-framework/.github/workflows/reusable_linter.yml@v1.10.6
     with:
       enable_eslinter: false
       enable_jsonlinter: true
@@ -45,15 +45,15 @@ jobs:
       fail-fast: false
       matrix:
         operating-system: [ubuntu-latest]
-        php-versions: ['8.1', '8.2', '8.3', '8.4']
+        php-versions: ['8.2', '8.3', '8.4', '8.5']
 
     steps:
       - name: Setup PHP, with composer and extensions
         # https://github.com/shivammathur/setup-php
         uses: shivammathur/setup-php@v2
         with:
           php-version: ${{ matrix.php-versions }}
-          extensions: ctype, date, dom, fileinfo, filter, hash, intl, mbstring, openssl, pcre, spl, xml
+          extensions: ctype, date, dom, fileinfo, filter, hash, intl, ldap, mbstring, openssl, pcre, spl, xml
           tools: composer
           ini-values: error_reporting=E_ALL
           coverage: pcov
@@ -85,15 +85,15 @@ jobs:
         run: composer install --no-progress --prefer-dist --optimize-autoloader
 
       - name: Run unit tests with coverage
-        if: ${{ matrix.php-versions == '8.4' }}
+        if: ${{ matrix.php-versions == '8.5' }}
         run: vendor/bin/phpunit
 
       - name: Run unit tests (no coverage)
-        if: ${{ matrix.php-versions != '8.4' }}
+        if: ${{ matrix.php-versions != '8.5' }}
         run: vendor/bin/phpunit --no-coverage
 
       - name: Save coverage data
-        if: ${{ matrix.php-versions == '8.4' }}
+        if: ${{ matrix.php-versions == '8.5' }}
         uses: actions/upload-artifact@v4
         with:
           name: coverage-data
@@ -107,15 +107,15 @@ jobs:
       fail-fast: true
       matrix:
         operating-system: [windows-latest]
-        php-versions: ['8.1', '8.2', '8.3', '8.4']
+        php-versions: ['8.2', '8.3', '8.4', '8.5']
 
     steps:
       - name: Setup PHP, with composer and extensions
         # https://github.com/shivammathur/setup-php
         uses: shivammathur/setup-php@v2
         with:
           php-version: ${{ matrix.php-versions }}
-          extensions: ctype, date, dom, fileinfo, filter, hash, intl, mbstring, openssl, pcre, spl, xml, zip
+          extensions: ctype, date, dom, fileinfo, filter, hash, intl, ldap, mbstring, openssl, pcre, spl, xml, zip
           tools: composer
           ini-values: error_reporting=E_ALL
           coverage: none
@@ -161,7 +161,7 @@ jobs:
         uses: shivammathur/setup-php@v2
         with:
           # Should be the higest supported version, so we can use the newest tools
-          php-version: '8.4'
+          php-version: '8.5'
           tools: composer, composer-require-checker, composer-unused, phpcs
           extensions: ctype, date, dom, fileinfo, filter, hash, intl, mbstring, openssl, pcre, spl, xml
 
@@ -193,7 +193,7 @@ jobs:
         run: composer-unused
 
       - name: PHP Code Sniffer
-        run: phpcs
+        run: vendor/bin/phpcs
 
       - name: PHPStan
         run: |
@@ -214,7 +214,7 @@ jobs:
         uses: shivammathur/setup-php@v2
         with:
           # Should be the lowest supported version
-          php-version: '8.1'
+          php-version: '8.2'
           extensions: ctype, date, dom, fileinfo, filter, hash, intl, mbstring, openssl, pcre, spl, xml
           tools: composer
           coverage: none

composer.json

@@ -17,9 +17,9 @@
         },
         "allow-plugins": {
             "composer/package-versions-deprecated": true,
-            "simplesamlphp/composer-module-installer": true,
             "dealerdirect/phpcodesniffer-composer-installer": true,
             "phpstan/extension-installer": true,
+            "simplesamlphp/composer-module-installer": true,
             "simplesamlphp/composer-xmlprovider-installer": true
         }
     },
@@ -34,17 +34,47 @@
         }
     },
     "require": {
-        "php": "^8.1",
-        "simplesamlphp/composer-module-installer": "^1.3.4",
-        "simplesamlphp/simplesamlphp": "~2.4.0",
+        "php": "^8.2",
+        "ext-pcre": "*",
+        "ext-dom": "*",
+
+        "simplesamlphp/assert": "^1.9",
+        "simplesamlphp/composer-module-installer": "^1.4",
+        "simplesamlphp/simplesamlphp": "dev-simplesamlphp-2.5 as v2.5.x-dev",
         "simplesamlphp/simplesamlphp-module-ldap": "~1.2",
-        "symfony/http-foundation": "^6.4"
+        "simplesamlphp/xml-cas-module-slate": "~1.1.0",
+        "simplesamlphp/xml-cas": "^v2.2.0",
+        "simplesamlphp/xml-common": "~2.4",
+        "symfony/http-foundation": "~7.4",
+        "symfony/http-client": "~7.4",
+        "symfony/http-client-contracts": "^3.5"
     },
     "require-dev": {
-        "simplesamlphp/simplesamlphp-test-framework": "^1.9.2"
+        "simplesamlphp/simplesamlphp-test-framework": "^1.10",
+        "phpunit/phpunit": "^11",
+        "icanhazstring/composer-unused": "^0.9.5",
+        "squizlabs/php_codesniffer": "^4.0.0",
+        "phpstan/phpstan": "^2.1.33",
+        "maglnet/composer-require-checker": "^4"
     },
     "support": {
         "issues": "https://github.com/simplesamlphp/simplesamlphp-module-cas/issues",
         "source": "https://github.com/simplesamlphp/simplesamlphp-module-cas"
+    },
+    "scripts": {
+        "pre-commit": [
+            "vendor/bin/phpcs -p",
+            "vendor/bin/composer-require-checker check --config-file=tools/composer-require-checker.json composer.json",
+            "vendor/bin/phpstan analyze -c phpstan.neon",
+            "vendor/bin/phpstan analyze -c phpstan-dev.neon",
+            "vendor/bin/composer-unused",
+            "vendor/bin/phpunit --no-coverage --testdox"
+        ],
+        "tests": [
+            "vendor/bin/phpunit --no-coverage"
+        ],
+        "propose-fix": [
+            "vendor/bin/phpcs --report=diff"
+        ]
     }
 }

docs/cas.md

@@ -5,7 +5,7 @@ the only difference is this is authentication module and not a script.
 
 ## Setting up the CAS authentication module
 
-Adding a authentication source
+Adding an authentication source
 
 Example authsource.php:
 
@@ -31,7 +31,7 @@ Example authsource.php:
 
 ## Querying Attributes
 
-CAS V3 (since 2017) supports querying attributes. Those have to be published
+CAS v3 (since 2017) supports querying attributes. Those have to be published
 for the service you're calling. Here the service publishes `sn`, `firstName`
 and `mail`.
 
@@ -51,6 +51,35 @@ Or you might have to call serviceValidate for Protocol 3 via **/p3/**:
 ]
 ```
 
+### Optional: Enabling Slate extensions
+
+Some deployments include vendor‑specific fields (for example `slate:*`) in CAS responses.
+You can opt in to Slate support:
+
+```php
+'cas' => [
+    // ...
+    'serviceValidate' => 'https://cas.example.com/p3/serviceValidate',
+    // Enable Slate support (optional)
+    'slate.enabled' => true,
+
+    // Optional XPath-based attribute mappings
+    'attributes' => [
+        // Standard CAS attributes
+        'uid'       => 'cas:user',
+        'mail'      => 'cas:attributes/cas:mail',
+
+        // Slate namespaced attributes inside cas:attributes
+        'slate_person' => 'cas:attributes/slate:person',
+        'slate_round'  => 'cas:attributes/slate:round',
+        'slate_ref'    => 'cas:attributes/slate:ref',
+
+        // Some deployments also place vendor elements at the top level
+        'slate_person_top' => '/cas:serviceResponse/cas:authenticationSuccess/slate:person',
+    ],
+],
+```
+
 which would return something like
 
 ```xml
@@ -76,22 +105,22 @@ for each value:
 ```php
 'cas' => [
     'attributes' => [
-        'uid' => '/cas:serviceResponse/cas:authenticationSuccess/cas:user',
-        'sn' => '/cas:serviceResponse/cas:authenticationSuccess/cas:attributes/cas:sn',
-        'givenName' => '/cas:serviceResponse/cas:authenticationSuccess/cas:attributes/cas:firstname',
-        'mail' => '/cas:serviceResponse/cas:authenticationSuccess/cas:attributes/cas:mail',
+        'uid' => 'cas:user',
+        'sn' => 'cas:attributes/cas:sn',
+        'givenName' => 'cas:attributes/cas:firstname',
+        'mail' => 'cas:attributes/cas:mail',
     ],
 ],
 ```
 
 and even some custom attributes if they're set:
 
 ```php
-'customabc' => '/cas:serviceResponse/cas:authenticationSuccess/custom:abc',
+'customabc' => 'custom:abc',
 ```
 
 You'll probably want to avoid querying LDAP for attributes:
-set `ldap` to a `null`:
+set `ldap` to `null`:
 
 ```php
 'example-cas' => [

phpstan-dev.neon

@@ -1,4 +1,4 @@
 parameters:
-  level: 8
+  level: 9
   paths:
     - tests

phpstan.neon

@@ -1,4 +1,4 @@
 parameters:
-  level: 7
+  level: 8
   paths:
     - src

phpunit.xml

@@ -1,5 +1,9 @@
 <?xml version="1.0" encoding="utf-8"?>
-<phpunit xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" bootstrap="tests/bootstrap.php" xsi:noNamespaceSchemaLocation="https://schema.phpunit.de/10.5/phpunit.xsd" cacheDirectory=".phpunit.cache">
+<phpunit xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         bootstrap="tests/bootstrap.php"
+         xsi:noNamespaceSchemaLocation="https://schema.phpunit.de/10.5/phpunit.xsd"
+         colors="true"
+         cacheDirectory=".phpunit.cache">
   <coverage>
     <report>
       <clover outputFile="build/logs/clover.xml"/>