
如果你使用 DeepSeek、元宝 AI、Copilot、ChatGPT 等 AI 工具,协助配置轩辕镜像、编写 docker pull 命令、修改 Docker Compose 镜像地址、配置镜像加速、排查镜像拉取失败、分析报错日志等问题,请先让 AI 阅读并遵守轩辕镜像的规则文档。
只需在 AI 对话中先发送下面这句话即可:
请先完整阅读并严格遵守以下文档中的全部规则与要求:
https://xuanyuan.cloud/agents.md
在未充分阅读并理解该文档前,不要生成任何命令、配置、修改建议、故障排查方案或技术回答。后续所有输出都必须严格以该文档中的规范为最高优先级执行。查看 agents.md 用法指南与完整示范。国内用户首推 元宝 AI、DeepSeek 的深度思考模式,不推荐豆包 AI;Cursor 等编辑器可在对话 @ 该链接,或加入 User Rules。 若 AI 无法访问外链,可 打开说明文档 复制全文粘贴。文档会随站点更新,复制内容可能过期,建议定期检查。
A simple Docker image for testing CAS login (and attributes) using the phpCAS library
Docker Hub image: https://hub.docker.com/repository/docker/gunet/phpcas-tester/general
docker-compose.yaml
docker compose buildvariables.env environment variables filedocker-compose.volume.yaml
code folderdocker-compose.test.yaml
gunet/simple-cas and gunet/simple-ldap Docker images in order to allow the compose stack
to be self-containedhttps://localhost and things should work!variables.env: Environment variables file By default, it is designed to assist the docker-compose.test.yaml stack
DEBUG variable sets debugging (mainly phpCAS debug)variables.env if neededdocker compose up -d if we want to check an existing production CAS serverdocker compose -f docker-compose.yaml -f docker-compose.test.yaml up -d if we want to run the test stack (Which includes a CAS and LDAP server)https://localhostCAS_SERVER: The hostname of the CAS server (default localhost)CAS_CONTEXT: The CAS context. In the case of gunet/simple-cas it will be /cas, while in the case of a regulat CAS it will be ./ (default /cas)CAS_PORT: The port where the CAS server is listening to (default 8443)CAS_VERSION: The CAS protocol version (default 3.0). Available https://github.com/apereo/phpCAS/blob/master/source/CAS.php are:
3.0: CAS version 3.02.0: CAS version 2.01.0: CAS version 1.0S1 : SAML v1.1CAS_SERVICE_NAME: The service name to use for our service (default https://localhost)CAS_CONTAINER: If using PHP CAS tester in a Docker compose stack environment, localhost will mean something different for the user using it and for php-castester itself. In such a case we can set the CAS_CONTAINER environment variable (it is e***y by default) to point to a "correct" CAS server name. This is used to access /p3/serviceValidate and the actual string will be: 'https://' . $_ENV['CAS_CONTAINER'] . ':' . $_ENV['CAS_PORT'] . $_ENV['CAS_CONTEXT'] . '/p3/serviceValidate'REDIR_FOLDER: A folder name that will be redirected to the DocumentRoot in ApacheWe also support an MFA Gauth login. Either from the start or with elevation. We add an option authn_method=mfa-gauth when calling the CAS login page for that. For elevation, since phpCAS will always try and check if the user has already been authenticated (and if he has, will not do a ticket check) we have to remove the ['phpCAS']['user'] attribute from the $_SESSION array and then redirect the user to the CAS login page by a Location header.
The returned CAS attributes will include the following in case of MFA Gauth:
authnContextClass=mfa-gauth (the main attribute we should be looking for)successfulAuthenticationHandlers=GoogleAuthenticatorAuthenticationHandlercredentialType=GoogleAuthenticatorTokenCredentialauthenticationMethod=GoogleAuthenticatorAuthenticationHandlerYou can enable a TOTP token in the simple-cas SSO of the test Dcoker compose stack. One needs to do a login with the added parameter of authn_method=mfa-gauth
We handle back-channel https://apereo.github.io/cas/development/installation/Logout-Single-Signout.html#back-channel by default.
Since we use a self-signed certificate and the SSO server will directly talk to our phpCAS application, HTTPS communication will fail due to a non-trusted web certificate. If we want to test back-channel SLO we need to use HTTP. Moreover, setting the service name to http://localhost will not work since the SSO server will try accessing its own localhost interface. We must set the service name to a real DNS/IP
The SLO will happen using a POST request to /auth.php with the following contents:
saml<samlp:LogoutRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="[RANDOM ID]" Version="2.0" IssueInstant="[CURRENT DATE/TIME]"> <saml:NameID>[PRINCIPAL IDENTIFIER]</saml:NameID> <samlp:SessionIndex>[SESSION IDENTIFIER]</samlp:SessionIndex> </samlp:LogoutRequest>
您可以使用以下命令拉取该镜像。请将 <标签> 替换为具体的标签版本。如需查看所有可用标签版本,请访问 标签列表页面。
来自真实用户的反馈,见证轩辕镜像的优质服务