CAS Implementation Guidelines for Developers

Overview

There are two use cases for authenticating a William Hill customer.

  • The first is using the Sessions API. This must only be used for direct connections between client and server. For example, the SSL connection is unbroken between the device on which the customer enters credentials and the William Hil API server. An example is a native iPhone application using the William Hil API services directly. Existing API documentation covers this case.
  • The second case is when the customer wants to use a 3rd party service that in turn makes use of William Hill APIs. The customer presents their William Hill credentials to the 3rd party service and that service can then make use of the WIlliam Hill API services. In this case there is a secure (SSL) connection from the user's device to the 3rd party service and anFoother from that service to the TWHAPI server. 

3rd Party Service use case

If the second case is implemented, the following happens:

  • The 3rd party service provides a login link to the William Hill SSO service.
  • This presents the customer with a William Hill themed login dialog where credentials are entered (note credentials are passed from client device to William Hill SSO server directly).
  • The William Hill SSO service authenticates the customer and if the authentication is successful, redirects them back to the 3rd party service with a Service Ticket (ST).
  • The 3rd party service then takes this service ticket and validates it with the William Hill SSO service.
  • If the validation is successful then the William Hill SSO service returns a who-ticket that gives the 3rd party service access to all TWHAPI services for the customer's account.
  • For logout, the 3rd party service provides a link to the William Hill SSO service. This logs out the customer and the 3rd party service that accesses William Hill API services on their behalf.

 

Note: The 3rd party service must be accessible via HTTPS with a correctly signed certificate (for example, from Verisign or other trusted CA) matching the name of the provided service which must be configured by William Hill in the SSO service. Client libraries are available that simplify the implementation for 3rd parties. Implementation with the PHP client is described below. Other clients can be found at https://wiki.jasig.org/display/CASC/Official+Clients.

System requirements

  • PHP 5.0 or later
  • Web server supporting PHP
  • Curl 7.5 or later

Installation

To install with PEAR:

pear install  http://downloads.jasig.org/cas-clients/php/current.tgz

RPMs are available for RHEL (and clones).

For other installation methods see here.

Implementation

The phpCAS library provides a simple API for authenticating William Hill customers against the William Hill SSO server. Here is an example landing page for customer login:

<?php
require_once 'config.php';
require_once $phpcas_path . 'CAS.php';
 
$user = 'Nobody';
$whoTicket = 'None';
 
// Initialize phpCAS
phpCAS::setDebug();
$version = phpCAS::getVersion();
 
// Start work
phpCAS::proxy(CAS_VERSION_2_0, $cas_host, $cas_port, $cas_context);
 
if (isset($_POST["login"])) {
  phpcas::allowProxyChain(new CAS_ProxyChain_Any);
  phpCAS::forceAuthentication();
}
if (isset($_REQUEST["logout"])) {
  phpCAS::logout();
}
 
// Retrieve the who-ticket
if (isset($_SESSION['phpCAS']['pgt'])) {
  $whoTicket =  $_SESSION['phpCAS']['pgt'];
}
 
// Only for non-production!
phpCAS::setNoCasServerValidation();
 
// Do the real work right here
$auth = phpCAS::isAuthenticated();
 
// Get a friendly username
if (isset($_SESSION['phpCAS']['attributes']['username'])) {
  $user = $_SESSION['phpCAS']['attributes']['username'];
}
 
// Decide what to display based on whether we are logged in or not
if ($auth) {
  $prompt = '<h2>'. $user.' is now logged in';
  $prompt.= '</h2><pre>';
  $prompt.= '</pre><a href="?logout">logout</a>';
} else {
  $prompt = '<form method="POST"><input type="submit" value="login" />';
  $prompt.= '<input type="hidden" name="login" value="true" /></form>';
}
?>
 
<html>
<head><title>William Hill SSO - Simple example</title></head>
<body>
<h1>William Hill SSO - Simple example</h1>
<hr>
<?php echo $prompt; ?>
<p>who-ticket is:
<?php
  echo $whoTicket;
?></p>
</body>
</html>

The who-ticket can now be used by the 3rd party service with the TWHAPI services on behalf of the customer.

In config.php set the following parameters:

$phpcas_path = 'CAS-1.3.2/';  // path to CAS.php
$cas_host = 'auth.williamhill.com';
$cas_context = '/cas';
$cas_port = 443;
 

More Information

https://github.com/Jasig/phpCAS/blob/master/docs/examples/config.example....