[Show/Hide Right Column]

Print
Tags: future
TOC Previous page Parent page Next page
Starting in Tiki5, this is a native feature of Tiki, like LDAP authentication.

Intro

Central Authentication Service (http://www.ja-sig.org/products/cas/) is a Web Initial Sign-on (WebISO) system designed by Yale ITS. CAS facilitates single sign-on across multiple web applications and provides these web services with the ability to authenticate users without having access to their passwords. From an end-user point of view, all protected pages show a standized CAS challenge page where the user types in their NetID (a unique username of sorts assigned to everyone affiliated with Yale) and password.

Much to our delight, we were able to make Tikiwiki interface with CAS without any customization. Yale ITS provides mod_cas, an Apache modules that protect webpages through CAS. Since mod_cas is an Apache module, it behaves like standard HTTP authentication. Tikiwiki supports HTTP authentication. When a user is logged in through HTTP authentication, and the username matches one of the usernames in the Tikiwiki database, Tikiwiki automatically logs the user in. That way, when a user logs in through CAS, Tikiwiki matches the NetID (username) of the user with a pre-created account in its database, and logs the user in.

(Taken from the YaleUniversityITS Case Study.)

Mod phpcas

phpCAS documentation can be found at http://www.ja-sig.org/wiki/display/CASC/phpCAS

general info about CAS: http://www.jasig.org/cas

This is a stub. In Tiki5, it will become a native feature of Tiki. But for now, this mods is currently difficult to install.

See bug report: http://dev.tikiwiki.org/tiki-view_tracker_item.php?itemId=1229&trackerId=5 and installation notes below.

Notes from successful install (with Tikiwiki 2.0RC4)

Make the following modifications to install CAS support successfully on 2.0RC4. (Note: These are rough notes--they need confirmation and cleaning up into proper documentation.)

File tikiwiki/mods/Packages/features-phpcas.info.txt Change to remove the line: 

features/phpcas/source/CAS/PGTStorage lib/phpcas/source/CAS/PGTStorage
(This will allow the install to complete successfully--otherwise you get an error.)

File tikiwiki/lib/userslib.php Comment out lines 290-292 to remove min password length check. (On advice from the comments on the bug linked above.)

If you want to get a log of what phpCAS is doing, in the same file, change line 716 from: 

phpCAS::setDebug('');
to: 
phpCAS::setDebug('phpcas_debug.log');
The logfile will be created in your top-level tikiwiki directory. (Can be helpful if CAS isn't working right--lets you see more of what's happening.)

File tikiwiki/tiki-setup_base.php Change line 229 from: 

$vartype['user'] = '+string'; // remind password page
to 
$vartype['user'] = 'string'; // remind password page
(This will remove the requirement that the "user" variable be defined--for CAS logins, it's not defined until after the authentication takes place.)

Install

See Mods Admin for instructions on how to install a Mod.

Related pages
Alias

Contributors to this page: Marc Laporte5511 points  , Xavi36278 points  , system , mrjcleaver1463 points  and icrew7 points  .
Page last modified on Tuesday 27 July, 2010 16:44:05 UTC by Marc Laporte5511 points .

SourceHistorySlides

Find by Page Name

Exact match

Keywords

The following is a list of keywords that should serve as hubs for navigation within the Tiki documentation and should correspond to development keywords (bug reports and feature requests):