Fullscreen
[Show/Hide Right Column]

Print
Tags cas authentication login

CAS Authentication tab

Related Topics

Overview
Central Authentication Service (http://www.ja-sig.org/products/cas/) is a Web Initial Sign-on (WebISO) system designed by Yale ITS.

To Access
From the Login Admin page, click the CAS tab.

Note
CAS Authentication was introduced in Tiki5

5.x
SCREEN SHOT, thumbnail at 300px

Intro

Central Authentication Service (http://www.ja-sig.org/products/cas/) is a Web Initial Sign-on (WebISO) system designed by Yale ITS. CAS facilitates single sign-on across multiple web applications and provides these web services with the ability to authenticate users without having access to their passwords. From an end-user point of view, all protected pages show a standardized CAS challenge page where the user types in their NetID (a unique username of sorts assigned to everyone affiliated with Yale) and password.

Much to our delight, we were able to make Tiki interface with CAS without any customization. Yale ITS provides mod_cas, an Apache modules that protect webpages through CAS. Since mod_cas is an Apache module, it behaves like standard HTTP authentication. Tikiwiki supports HTTP authentication. When a user is logged in through HTTP authentication, and the username matches one of the usernames in the Tikiwiki database, Tikiwiki automatically logs the user in. That way, when a user logs in through CAS, Tikiwiki matches the NetID (username) of the user with a pre-created account in its database, and logs the user in.

(Taken from the YaleUniversityITS Case Study.)


Mod phpcas

phpCAS documentation can be found at http://www.ja-sig.org/wiki/display/CASC/phpCAS

general info about CAS: http://www.jasig.org/cas


This is a stub. In Tiki5, it will become a native feature of Tiki. But for now, this mods is currently difficult to install.
See bug report:
http://dev.tikiwiki.org/tiki-view_tracker_item.php?itemId=1229&trackerId=5
and installation notes below.


Notes from successful install (with Tikiwiki 2.0RC4)

Make the following modifications to install CAS support successfully on 2.0RC4.
(Note: These are rough notes--they need confirmation and cleaning up into proper documentation.)

File tikiwiki/mods/Packages/features-phpcas.info.txt
Change to remove the line:
features/phpcas/source/CAS/PGTStorage lib/phpcas/source/CAS/PGTStorage

(This will allow the install to complete successfully--otherwise you get an error.)

File tikiwiki/lib/userslib.php
Comment out lines 290-292 to remove min password length check.
(On advice from the comments on the bug linked above.)


If you want to get a log of what phpCAS is doing, in the same file, change line 716 from:
phpCAS::setDebug('');

to:
phpCAS::setDebug('phpcas_debug.log');

The logfile will be created in your top-level tikiwiki directory.
(Can be helpful if CAS isn't working right--lets you see more of what's happening.)

File tikiwiki/tiki-setup_base.php
Change line 229 from:
$vartype['user'] = '+string'; // remind password page

to
$vartype['user'] = 'string'; // remind password page

(This will remove the requirement that the "user" variable be defined--for CAS logins, it's not defined until after the authentication takes place.)


Install

See Mods Admin for instructions on how to install a Mod.












Related pages


Alias


Contributors to this page: Rick22953 points  , Marc Laporte9123 points  , mrjcleaver1923 points  , icrew7 points  , Xavi67835 points  and system .
Page last modified on Tuesday 15 March, 2011 12:56:14 UTC by Rick22953 points .
The content on this page is licensed under the terms of the Creative Commons Attribution-ShareAlike License.

SourceHistorySlideshow

Site Language

Reference Guide

Keywords

These keywords serve as "hubs" for navigation within the Tiki documentation. They correspond to development keywords (bug reports and feature requests):



Tiki Newsletter

Delivered fresh to your email inbox!
Newsletter subscribe icon
Don't miss major announcements and other news!
Contribute to Tiki