auth:cas
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
auth:cas [2011-01-15 13:07] – [Discussion] 213.41.177.142 | auth:cas [Unknown date] (current) – removed - external edit (Unknown date) 127.0.0.1 | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== CAS Authentication Backend ====== | ||
- | This module allows authentication against a CAS server. It is designed as an extension of the LDAP backend so CAS can be used for authentication and LDAP for ACL management. | ||
- | |||
- | It requires a small modification of two core DokuWiki files. | ||
- | |||
- | ===== Alternatives ===== | ||
- | |||
- | ==== ggauth and plain ==== | ||
- | |||
- | I created a similar auth backend in June. Mine uses plain authentication as its source and also ggauth so that I can manage groups locally while only doing the authentication through CAS. The code is pretty similar to what is below. | ||
- | |||
- | Here is a link: http:// | ||
- | |||
- | **Note for Cornempire: | ||
- | |||
- | <code php> | ||
- | if ($ACT == ' | ||
- | phpCAS:: | ||
- | phpCAS:: | ||
- | phpCAS:: | ||
- | } | ||
- | </ | ||
- | |||
- | ==== Just plain ==== | ||
- | |||
- | In order to simplify my installation of DokuWiki, I have written a new [[plugin: | ||
- | |||
- | ===== Installation ===== | ||
- | |||
- | < | ||
- | It contains the [[http:// | ||
- | ==== Files to install ==== | ||
- | |||
- | I cannot upload the file, so here is the content of the cas.class.php file (inspired from [[http:// | ||
- | <code php> | ||
- | <?php | ||
- | /** | ||
- | * Inspired from | ||
- | * http:// | ||
- | */ | ||
- | |||
- | require_once(DOKU_INC.' | ||
- | include_once(' | ||
- | |||
- | global $conf; | ||
- | |||
- | class auth_cas extends auth_ldap { | ||
- | public $cnfcas = null; | ||
- | |||
- | function __construct() { | ||
- | global $conf; | ||
- | | ||
- | parent:: | ||
- | $this-> | ||
- | $this-> | ||
- | $this-> | ||
- | $this-> | ||
- | | ||
- | // curl extension is needed | ||
- | if(!function_exists(' | ||
- | if ($this-> | ||
- | msg(" | ||
- | $this-> | ||
- | return; | ||
- | } | ||
- | | ||
- | phpCAS:: | ||
- | $this-> | ||
- | | ||
- | // automatically log the user when there is a cas session opened | ||
- | if($this-> | ||
- | phpCAS:: | ||
- | } | ||
- | else { | ||
- | phpCAS:: | ||
- | } | ||
- | |||
- | if($this-> | ||
- | phpCAS:: | ||
- | } | ||
- | elseif($this-> | ||
- | phpCAS:: | ||
- | } | ||
- | else { | ||
- | phpCAS:: | ||
- | } | ||
- | | ||
- | if($this-> | ||
- | phpCAS:: | ||
- | } | ||
- | else { | ||
- | phpCAS:: | ||
- | } | ||
- | } | ||
- | |||
- | public function trustExternal($user, | ||
- | global $USERINFO; | ||
- | global $conf; | ||
- | |||
- | $sticky ? $sticky = true : $sticky = false; //sanity check | ||
- | |||
- | $session = $_SESSION[$conf[' | ||
- | |||
- | if(phpCAS:: | ||
- | $user = phpCAS:: | ||
- | | ||
- | if(isset($session)) { | ||
- | $_SERVER[' | ||
- | $USERINFO = $session[' | ||
- | $_SESSION[$conf[' | ||
- | $_SESSION[$conf[' | ||
- | $_SESSION[$conf[' | ||
- | $_SESSION[$conf[' | ||
- | } | ||
- | else { | ||
- | $USERINFO = $this-> | ||
- | $_SERVER[' | ||
- | $_SESSION[$conf[' | ||
- | $_SESSION[$conf[' | ||
- | $_SESSION[$conf[' | ||
- | $_SESSION[$conf[' | ||
- | } | ||
- | |||
- | return true; | ||
- | } | ||
- | |||
- | return false; | ||
- | } | ||
- | | ||
- | public function logIn() { | ||
- | global $QUERY; | ||
- | | ||
- | phpCAS:: | ||
- | phpCAS:: | ||
- | } | ||
- | | ||
- | public function logOff() { | ||
- | global $QUERY; | ||
- | | ||
- | if($this-> | ||
- | @session_start(); | ||
- | session_destroy(); | ||
- | phpCAS:: | ||
- | } | ||
- | else { // dokuwiki logout only | ||
- | @session_start(); | ||
- | session_destroy(); | ||
- | } | ||
- | } | ||
- | } | ||
- | //Setup VIM: ex: et ts=4 enc=utf-8 : | ||
- | </ | ||
- | |||
- | The phpCas library can be downloaded [[http:// | ||
- | |||
- | ==== Requirements ==== | ||
- | |||
- | The phpCas library needs | ||
- | * CURL 7.5+ | ||
- | * PHP 4.3.1+, PEAR DB | ||
- | * Apache 2.0.44+ | ||
- | CURL libs must be present on your system, and they must have been compiled with SSL support. | ||
- | [[http:// | ||
- | |||
- | |||
- | ==== Files to modify ==== | ||
- | |||
- | Edit the file inc/ | ||
- | <code php> | ||
- | ' | ||
- | </ | ||
- | by | ||
- | <code php> | ||
- | ' | ||
- | ' | ||
- | </ | ||
- | |||
- | Edit the file inc/ | ||
- | <code php> | ||
- | function act_auth($act){ | ||
- | global $ID; | ||
- | global $INFO; | ||
- | </ | ||
- | by : | ||
- | <code php> | ||
- | function act_auth($act){ | ||
- | global $ID; | ||
- | global $INFO; | ||
- | global $auth; | ||
- | |||
- | if($auth-> | ||
- | $auth-> | ||
- | } | ||
- | </ | ||
- | |||
- | ===== Configuration ===== | ||
- | This is an example configuration to set in your conf/ | ||
- | <code php> | ||
- | $conf[' | ||
- | |||
- | /* CAS specific configuration */ | ||
- | $conf[' | ||
- | $conf[' | ||
- | // CAS server root parameter | ||
- | $conf[' | ||
- | // automatically log the user when there is already a CAS session opened | ||
- | $conf[' | ||
- | // log out from the CAS server when loggin out from dokuwiki | ||
- | $conf[' | ||
- | // log out from dokuwiki when loggin out from the CAS server (should work with CASv3, experimental) | ||
- | $conf[' | ||
- | |||
- | /* LDAP usual configuration */ | ||
- | $conf[' | ||
- | $conf[' | ||
- | $conf[' | ||
- | $conf[' | ||
- | $conf[' | ||
- | |||
- | </ | ||
- | |||
- | |||
- | ===== Discussion ===== | ||
- | |||
- | * Edit inc/ | ||
- | If you don't add this in basic auth, then | ||
- | <code php> | ||
- | if($auth-> | ||
- | $auth-> | ||
- | } | ||
- | </ | ||
- | can look for an undefined index. | ||
- | |||
- | * in cas.class.php : to have automatic redirection to cas server if not already logged : | ||
- | < | ||
- | public function trustExternal($user, | ||
- | global $USERINFO; | ||
- | global $conf; | ||
- | | ||
- | $sticky ? $sticky = true : $sticky = false; //sanity check | ||
- | | ||
- | $session = $_SESSION[$conf[' | ||
- | | ||
- | if(phpCAS:: | ||
- | $user = phpCAS:: | ||
- | | ||
- | if(isset($session)) { | ||
- | $_SERVER[' | ||
- | $USERINFO = $session[' | ||
- | $_SESSION[$conf[' | ||
- | $_SESSION[$conf[' | ||
- | $_SESSION[$conf[' | ||
- | $_SESSION[$conf[' | ||
- | } | ||
- | else { | ||
- | $USERINFO = $this-> | ||
- | $_SERVER[' | ||
- | $_SESSION[$conf[' | ||
- | $_SESSION[$conf[' | ||
- | $_SESSION[$conf[' | ||
- | $_SESSION[$conf[' | ||
- | } | ||
- | | ||
- | return true; | ||
- | } | ||
- | else { | ||
- | | ||
- | } | ||
- | | ||
- | return false; | ||
- | } | ||
- | </ | ||
- | |||
- | I just added the part : | ||
- | < | ||
- | else { | ||
- | phpCAS:: | ||
- | } | ||
- | </ | ||
- | |||
- | * Problem with upgrade of phpcas 1.1.3 : | ||
- | |||
- | Hello, I've upgraded phpcas : | ||
- | < | ||
- | # pear upgrade http:// | ||
- | </ | ||
- | |||
- | when I go to my wiki, I've got the following error page :-( : | ||
- | |||
- | < | ||
- | phpCAS error: phpCAS:: | ||
- | </ | ||
- | |||
- | If I downgrade phpcas, it's ok as before. //Frantz 2010/ | ||
- | |||
- | // by Evaldas, 2011/01/15 | ||
- | To solve phpCAS session error (for phpCAS v1.1.3+) insert ", | ||
- | < | ||
- | $this-> | ||
- | </ | ||
auth/cas.1295093276.txt.gz · Last modified: 2011-01-15 13:07 by 213.41.177.142