Intro

Central Authentication Service (http://www.ja-sig.org/products/cas/) is a Web Initial Sign-on (WebISO) system designed by Yale ITS. CAS facilitates single sign-on across multiple web applications and provides these web services with the ability to authenticate users without having access to their passwords. From an end-user point of view, all protected pages show a standized CAS challenge page where the user types in their NetID (a unique username of sorts assigned to everyone affiliated with Yale) and password.

Much to our delight, we were able to make Tikiwiki interface with CAS without any customization. Yale ITS provides mod_cas, an Apache modules that protect webpages through CAS. Since mod_cas is an Apache module, it behaves like standard HTTP authentication. Tikiwiki supports HTTP authentication. When a user is logged in through HTTP authentication, and the username matches one of the usernames in the Tikiwiki database, Tikiwiki automatically logs the user in. That way, when a user logs in through CAS, Tikiwiki matches the NetID (username) of the user with a pre-created account in its database, and logs the user in.

(Taken from the YaleUniversityITS Case Study.)

Mod phpcas

phpCAS documentation can be found at http://www.ja-sig.org/wiki/display/CASC/phpCAS

Notes from successful install (with Tikiwiki 2.0RC4)

Make the following modifications to install CAS support successfully on 2.0RC4.
(Note: These are rough notes--they need confirmation and cleaning up into proper documentation.)

File tikiwiki/mods/Packages/features-phpcas.info.txt
Change to remove the line:

features/phpcas/source/CAS/PGTStorage lib/phpcas/source/CAS/PGTStorage

(This will allow the install to complete successfully--otherwise you get an error.)

File tikiwiki/lib/userslib.php
Comment out lines 290-292 to remove min password length check.
(On advice from the comments on the bug linked above.)


If you want to get a log of what phpCAS is doing, in the same file, change line 716 from:

phpCAS::setDebug('');

to:

phpCAS::setDebug('phpcas_debug.log');

The logfile will be created in your top-level tikiwiki directory.
(Can be helpful if CAS isn't working right--lets you see more of what's happening.)

File tikiwiki/tiki-setup_base.php
Change line 229 from:

$vartype['user'] = '+string'; // remind password page

to

$vartype['user'] = 'string'; // remind password page

(This will remove the requirement that the "user" variable be defined--for CAS logins, it's not defined until after the authentication takes place.)

Install

See Mods Admin for instructions on how to install a Mod.

• Mods
• Mods User
• Mods Admin
• Mods Details
• Mods List

• http://esup-phpcas.sourceforge.net

• CAS Authentication
• CAS
• phpCAS
• Central Authentication Service
• Mod phpcas

---