Learn how easy it is to sync an existing GitHub or Google Code repo to a SourceForge project! See Demo

Close

#158 Real - CAS Authentication/Session Managment

open
nobody
None
5
2014-11-18
2010-07-09
Patrick McMorran
No

Hey There, I built a phpCAS authentication and session scheme for MRBS. It is set up how you guys do it, so all you need to do is copy it into the web directory and of course make sure that phpCAS is installed on your webserver. Because of how CAS works, I created both an auth and session file which will allow you to effectively use CAS. Sorry about the duplicate postings, this is the real one, my VM was acting up during the first post.

Discussion

  • Chad Healey
    Chad Healey
    2011-06-14

    I am trying to use this authentication scheme with my universities CAS. I include this cas_set.php into config.inc.php and fill in all the correct parameters for our CAS. Once all this is done when I visit my MRBS page all I get is a blank screen with no errors or indication what is wrong.

    Any ideas?

     

    • Anonymous
      2013-01-07

      Sorry for the late reply, but this is usually caused by not having php_cas installed on your local webserver, which is a requirement to get CAS authentication to work. Please see the post below by Farzan if you require help setting it up.

       

  • Anonymous
    2013-01-06

    I THANK YOU REAL AUTHOR "PATRICK" FOR CREATING THIS PLUGIN. I HAVE DOCUMENTED THE STEPS FOR MY REFERENCE BUT IT MIGHT BE HELPFUL FOR OTHERS THUS I AM POSTING IT HERE...

    Download phpCAS from JASIG CAS website or click on this [url=https://wiki.jasig.org/display/CASC/phpCAS]link[/url]

    You can directly download the latest version on to your linux machine:

    wget http://downloads.jasig.org/cas-clients/php/current/CAS-1.3.2.tgz

    Now browse to the directory

    cd /usr/share/php FOR CENTOS or
    cd /usr/share/php5 for UBUNTU

    Now run the above command to download the phpCAS

    wget http://downloads.jasig.org/cas-clients/php/current/CAS-1.3.2.tgz

    Extract the zip folder

    tar -zxvf CAS-1.3.2.tgz

    It will create a folder CAS-1.3.2

    Now we have to include the folder path into our php.ini
    FOR UBUNTU the location is

    nano /etc/php5/apache2/php.ini

    FOR CENTOS it is

    nano /etc/php.ini

    It will open the file for you to edit
    Look for the line include_path
    This what I have done in mine

    include_path = "/usr/share/php"
    This will read all the contents of this location and this is how you install phpCAS.

    Now get the CAS client for MRBS from
    http://sourceforge.net/p/mrbs/feature-requests/158/

    Copy the contents of zip file in to your web diretory
    For me it is /var/www/bookings/

    Now edit the file cas_set.php with all the parameters specific to your organization:
    Lines which should be changed:

    $auth["admin"][] = "admin1"; // THIS IS THE ID FOR ADMIN ACCOUNTS REPLACE IT WITH > YOUR DESIRED USER IDs
    $auth["admin"][] = "admin2";

    Change the following line too

    phpCAS::client(CAS_VERSION_2_0,'myschool.school.nz',443,'/sso');

    Thats it. Now open the config file of MRBS

    nano config.inc.php

    Add the following line to include cas auth:

    require_once "cas_set.php";

    RESTART YOUR APACHE SERVER

    service apache2 restart

    All Done!

    Hope this will help others.
    Thanks to real author again.

    Farzan
    fqureshi@rosmini.school.nz

     
  • Farzan Qureshi
    Farzan Qureshi
    2013-01-06

    I THANK YOU REAL AUTHOR "PATRICK" FOR CREATING THIS PLUGIN. I HAVE DOCUMENTED THE STEPS FOR MY REFERENCE BUT IT MIGHT BE HELPFUL FOR OTHERS THUS I AM POSTING IT HERE...

    Download phpCAS from JASIG CAS website or click on this [url=https://wiki.jasig.org/display/CASC/phpCAS]link[/url]

    You can directly download the latest version on to your linux machine:

    wget http://downloads.jasig.org/cas-clients/php/current/CAS-1.3.2.tgz

    Now browse to the directory

    cd /usr/share/php FOR CENTOS or
    cd /usr/share/php5 for UBUNTU

    Now run the above command to download the phpCAS

    wget http://downloads.jasig.org/cas-clients/php/current/CAS-1.3.2.tgz

    Extract the zip folder

    tar -zxvf CAS-1.3.2.tgz

    It will create a folder CAS-1.3.2

    Now we have to include the folder path into our php.ini
    FOR UBUNTU the location is

    nano /etc/php5/apache2/php.ini

    FOR CENTOS it is

    nano /etc/php.ini

    It will open the file for you to edit
    Look for the line include_path
    This what I have done in mine

    include_path = "/usr/share/php"
    This will read all the contents of this location and this is how you install phpCAS.

    Now get the CAS client for MRBS from
    http://sourceforge.net/p/mrbs/feature-requests/158/

    Copy the contents of zip file in to your web diretory
    For me it is /var/www/bookings/

    Now edit the file cas_set.php with all the parameters specific to your organization:
    Lines which should be changed:

    $auth["admin"][] = "admin1"; // THIS IS THE ID FOR ADMIN ACCOUNTS REPLACE IT WITH > YOUR DESIRED USER IDs
    $auth["admin"][] = "admin2";

    Change the following line too

    phpCAS::client(CAS_VERSION_2_0,'myschool.school.nz',443,'/sso');

    Thats it. Now open the config file of MRBS

    nano config.inc.php

    Add the following line to include cas auth:

    require_once "cas_set.php";

    RESTART YOUR APACHE SERVER

    service apache2 restart

    All Done!

    Hope this will help others.
    Thanks to real author again.

    Farzan
    fqureshi@rosmini.school.nz

     

  • Anonymous
    2013-08-07

    Do i need to copy the inc files in the maps where the other inc files are from mrbs ?

     
  • You should just be able to drop them into the root MRBS directory alongside the other session and authentication handlers and they will become available. Then in the config file you just define cas. Note that you need to have PHPCAS installed on the web server for the plugin I made to work.

     

  • Anonymous
    2013-08-08

    Ok (ty for the fast response) it seems to work, i putted the files in place and included cas_set.php in the config file.

    Does i need to set also ?
    //login systeem
    $auth["type"]="cas";
    Because it seems to work without it also ?

    Now i got another problem , in my layout now there is on top of it login/log out and username? This is not in de menu bar of mrbs can you point me to the right direction in the code, i'm searching like nuts :D now

     
  • Hebus
    Hebus
    2013-08-22

    Hey Patrick,
    I need to check if the person who check in is from the correct department.
    The person can only login if the CAS attribute department = comwet .
    How can i do this ?

     

  • Anonymous
    2013-09-03

    It looks like it's on line 36,if (phpCAS::isAuthenticated() ..., i added
    **and (phpCAS::getAttribute('department')=='*' and i still can log in even it is the wrong department ?

     

  • Anonymous
    2013-09-03

    Com on, this is not a hard question i think :(
    I altered line 36 from the cas-auth file

    if (phpCAS::isAuthenticated() and (phpCAS::getAttribute('department')=='xxx' ...
    When i, change xxx in a wrong value, i still can log in?
    What i'm i missing here ?

     
    • Sorry, I haven't had time to write a more robust version to include departments, however the issue is you would instead want to create an if statement that redirects people to the login page if their department does not match. The isAuthenticated() function redirects users to the CAS server. Thus if phpCAS::getAttribute('department')!='xxx' then redirect to an error page of sorts. When I find time I will try and write some logic into the auth file I made.

       
      • Hebus
        Hebus
        2013-09-04

        i have done it like this for the moment on line 59: (in the aut_cas.inc file.)
        * global $auth;
        * $admins = $auth['admin'];
        * // User not logged in, user level '0'
        59 if (!isset($user) or phpCAS::getAttribute('department')!='XXX')
        * {
        * return 0;
        * }

        Users can login but can't add/edit bookings this way, not really elegant but it works, in anticipation of Patrick's edit.
        btw. ty for clearing it out Patrick.

         
  • Hebus
    Hebus
    2014-11-18

    I'm trying to expand the login filter but i'm stuck, my code line seems to work in a separate test page. But when i added it in mrbs i'm running into a problem .

    i'm trying to expand my login code from above post.
    I made an array in the config file for special users who are not in our department but may login. Logins need to be employee.

    $special_user[]="A";
    $special_user[]="B";

    Then i changed the code on line 59 in auth_cas.inc into this.

    global $auth;
    $admins = $auth['admin'];
    // User not logged in, user level '0'
    
    if (!isset($user) 
    or (phpCAS::getAttribute('department')!='PS01' and !in_array($user,$special_user) )
    or (!in_array('ugentEmployee', (phpCAS::getAttribute('objectClass')) ) ) )
    
    {
    return 0;
    }
    

    So when the user "A" is not from department ps01 and he is an employee normally he should be able to login.
    But it does not work.
    "A" can login when he is from deparment "ps01" but when he is not, the special_user part does not seem to work.
    Does somebody sees what i'm doing wrong ?

     


Anonymous


Cancel   Add attachments