[pmwiki-users] CAS (central authentication server)
Geoffrey Brown
geobrown at cs.indiana.edu
Thu Dec 22 14:04:59 CST 2005
My university, like many, implements a central authentication service
to provide a single
authority for user authentication. This eliminates the need to store
passwords locally.
I found it relatively easy to integrate the phpCAS module that allows
access to this
service into PmWIki. The following is offered as a starting point
for others, my experience
with php is pretty limited so I doubt this is the cleanest solution.
The phpCAS module is in /CAS.
I created a file scripts/casAuth.php with the following contents:
include_once('CAS/CAS.php');
if ($AuthUser['cas'])
{
phpCAS::client(CAS_VERSION_2_0,$AuthUser['cas'],443,'/cas');
SDV($AuthPromptFmt, 'function:casAuthPrompt');
phpCAS::setDebug('');
}
function casAuthPrompt($pagename)
{
if (isset($GLOBALS['AuthId']))
{
global $AuthDeniedFmt;
SDV($AuthDeniedFmt,"Access attempted to unauthorized feature.");
header("Status: 401 Unauthorized");
header("HTTP-Status: 401 Unauthorized");
PrintFmt($pagename,$AuthDeniedFmt);
exit;
}
phpCAS::forceAuthentication();
$_SESSION['authid'] = phpCAS::getUser();
header('Location: http://'. $_SERVER['SERVER_NAME'] .
$ScriptUrl . $_SERVER['REQUEST_URI']);
exit;
}
I added the following to config.php
$AuthUser['cas'] = 'cas.iu.edu';
include_once('scripts/casAuth.php');
Passwords are declared as with authuser
$DefaultPasswords['attr'] = 'id:geobrown';
Other than dealing with some peculiarities of the local cas
implementation and deciphering pmwiki, things pretty
much just worked as expected.
More information about the pmwiki-users
mailing list