Real - CAS Authentication/Session Managment
Brought to you by:
jberanek
Hey There, I built a phpCAS authentication and session scheme for MRBS. It is set up how you guys do it, so all you need to do is copy it into the web directory and of course make sure that phpCAS is installed on your webserver. Because of how CAS works, I created both an auth and session file which will allow you to effectively use CAS. Sorry about the duplicate postings, this is the real one, my VM was acting up during the first post.
Zip containting auth_cas.inc, session_cas.inc, and cas_set.php
I am trying to use this authentication scheme with my universities CAS. I include this cas_set.php into config.inc.php and fill in all the correct parameters for our CAS. Once all this is done when I visit my MRBS page all I get is a blank screen with no errors or indication what is wrong.
Any ideas?
View and moderate all "feature-requests Discussion" comments posted by this user
Mark all as spam, and block user from posting to "Feature Requests"
Sorry for the late reply, but this is usually caused by not having php_cas installed on your local webserver, which is a requirement to get CAS authentication to work. Please see the post below by Farzan if you require help setting it up.
View and moderate all "feature-requests Discussion" comments posted by this user
Mark all as spam, and block user from posting to "Feature Requests"
I THANK YOU REAL AUTHOR "PATRICK" FOR CREATING THIS PLUGIN. I HAVE DOCUMENTED THE STEPS FOR MY REFERENCE BUT IT MIGHT BE HELPFUL FOR OTHERS THUS I AM POSTING IT HERE...
Download phpCAS from JASIG CAS website or click on this [url=https://wiki.jasig.org/display/CASC/phpCAS]link[/url]
You can directly download the latest version on to your linux machine:
Now browse to the directory
Now run the above command to download the phpCAS
Extract the zip folder
It will create a folder CAS-1.3.2
Now we have to include the folder path into our php.ini
FOR UBUNTU the location is
FOR CENTOS it is
It will open the file for you to edit
Look for the line include_path
This what I have done in mine
Now get the CAS client for MRBS from
http://sourceforge.net/p/mrbs/feature-requests/158/
Copy the contents of zip file in to your web diretory
For me it is /var/www/bookings/
Now edit the file cas_set.php with all the parameters specific to your organization:
Lines which should be changed:
Change the following line too
Thats it. Now open the config file of MRBS
Add the following line to include cas auth:
RESTART YOUR APACHE SERVER
All Done!
Hope this will help others.
Thanks to real author again.
Farzan
fqureshi@rosmini.school.nz
I THANK YOU REAL AUTHOR "PATRICK" FOR CREATING THIS PLUGIN. I HAVE DOCUMENTED THE STEPS FOR MY REFERENCE BUT IT MIGHT BE HELPFUL FOR OTHERS THUS I AM POSTING IT HERE...
Download phpCAS from JASIG CAS website or click on this [url=https://wiki.jasig.org/display/CASC/phpCAS]link[/url]
You can directly download the latest version on to your linux machine:
Now browse to the directory
Now run the above command to download the phpCAS
Extract the zip folder
It will create a folder CAS-1.3.2
Now we have to include the folder path into our php.ini
FOR UBUNTU the location is
FOR CENTOS it is
It will open the file for you to edit
Look for the line include_path
This what I have done in mine
Now get the CAS client for MRBS from
http://sourceforge.net/p/mrbs/feature-requests/158/
Copy the contents of zip file in to your web diretory
For me it is /var/www/bookings/
Now edit the file cas_set.php with all the parameters specific to your organization:
Lines which should be changed:
Change the following line too
Thats it. Now open the config file of MRBS
Add the following line to include cas auth:
RESTART YOUR APACHE SERVER
All Done!
Hope this will help others.
Thanks to real author again.
Farzan
fqureshi@rosmini.school.nz
View and moderate all "feature-requests Discussion" comments posted by this user
Mark all as spam, and block user from posting to "Feature Requests"
Do i need to copy the inc files in the maps where the other inc files are from mrbs ?
You should just be able to drop them into the root MRBS directory alongside the other session and authentication handlers and they will become available. Then in the config file you just define cas. Note that you need to have PHPCAS installed on the web server for the plugin I made to work.
View and moderate all "feature-requests Discussion" comments posted by this user
Mark all as spam, and block user from posting to "Feature Requests"
Ok (ty for the fast response) it seems to work, i putted the files in place and included cas_set.php in the config file.
Does i need to set also ?
//login systeem
$auth["type"]="cas";
Because it seems to work without it also ?
Now i got another problem , in my layout now there is on top of it login/log out and username? This is not in de menu bar of mrbs can you point me to the right direction in the code, i'm searching like nuts :D now
View and moderate all "feature-requests Discussion" comments posted by this user
Mark all as spam, and block user from posting to "Feature Requests"
Found layout problem :)
Hey Patrick,
I need to check if the person who check in is from the correct department.
The person can only login if the CAS attribute department = comwet .
How can i do this ?
View and moderate all "feature-requests Discussion" comments posted by this user
Mark all as spam, and block user from posting to "Feature Requests"
It looks like it's on line 36,if (phpCAS::isAuthenticated() ..., i added
**and (phpCAS::getAttribute('department')=='*' and i still can log in even it is the wrong department ?
View and moderate all "feature-requests Discussion" comments posted by this user
Mark all as spam, and block user from posting to "Feature Requests"
Com on, this is not a hard question i think :(
I altered line 36 from the cas-auth file
if (phpCAS::isAuthenticated() and (phpCAS::getAttribute('department')=='xxx' ...
When i, change xxx in a wrong value, i still can log in?
What i'm i missing here ?
Sorry, I haven't had time to write a more robust version to include departments, however the issue is you would instead want to create an if statement that redirects people to the login page if their department does not match. The isAuthenticated() function redirects users to the CAS server. Thus if phpCAS::getAttribute('department')!='xxx' then redirect to an error page of sorts. When I find time I will try and write some logic into the auth file I made.
i have done it like this for the moment on line 59: (in the aut_cas.inc file.)
* global $auth;
* $admins = $auth['admin'];
* // User not logged in, user level '0'
59 if (!isset($user) or phpCAS::getAttribute('department')!='XXX')
* {
* return 0;
* }
Users can login but can't add/edit bookings this way, not really elegant but it works, in anticipation of Patrick's edit.
btw. ty for clearing it out Patrick.
View and moderate all "feature-requests Discussion" comments posted by this user
Mark all as spam, and block user from posting to "Feature Requests"
.
Last edit: Anonymous 2013-09-03
I'm trying to expand the login filter but i'm stuck, my code line seems to work in a separate test page. But when i added it in mrbs i'm running into a problem .
i'm trying to expand my login code from above post.
I made an array in the config file for special users who are not in our department but may login. Logins need to be employee.
$special_user[]="A";
$special_user[]="B";
Then i changed the code on line 59 in auth_cas.inc into this.
So when the user "A" is not from department ps01 and he is an employee normally he should be able to login.
But it does not work.
"A" can login when he is from deparment "ps01" but when he is not, the special_user part does not seem to work.
Does somebody sees what i'm doing wrong ?
Does this stil work for the 1.5 version .
I coppied the needed extra lines from my still working version into the new version and when i activate
require_once 'auth_cas/cas_set.php'; i get an error 500.
View and moderate all "feature-requests Discussion" comments posted by this user
Mark all as spam, and block user from posting to "Feature Requests"
Hello..Please Help me with this error " Error: Internal script failure" ...I used phpCAS::forceAuthentication();
CAS authentication has now been integrated into standard MRBS and will appear in the next release (whatever comes after MRBS 1.7.1). In the meantime you can download the latest snapshot of code from the default branch.
Hi!
I downloaded the latest snapshot of code and wanted to use CAS authentication. I edit the config.inc.php
but the CAS login page does not come up. The browser goes directly to mrb's page.
My old mrbs with CAS work well.
When I look at settings in cas_set.php in the old mrbs I see:
The question is if they are missing in the new one?
mvh
Jolt
Last edit: Campbell Morrison 2018-08-02
No,
$auth['cas']['login_link']
and$ auth['cas']['logout_link']
aren't necessary in the new code. Did you download and install the complete snapshot, ie all the MRBS files?Try turning on CAS debug:
Last edit: Campbell Morrison 2018-08-02
Thanks for the reply
I downloaded the complete snapshot. The debug is true but it does not report any errors, neither apache error.
if I have:
$auth['cas']['no_server_validation'] = false;
then debug displays the error message:
phpCAS error: phpCAS::setCasServerCACert(): CAS_InvalidArgumentException: Certificate file does not exist CAS_Request_CurlRequest in /var/www/html/mrbs-cas/auth/auth_cas.inc on line 25
Thanks again
jolt
Try adding the following, temporarily, to the bottom of internalconfig.inc.php to see if you get any clues in the browser:
It did not give much information. it complained about the language setting only.
E_USER_NOTICE in /var/www/html/mrbs-cas/language.inc at line 824
Server failed to set locale to utf8-
It seems that CAS authentication settings does not affect at all.
I don't know what can be happening. If your CAS server is accessible over the internet and you are happy to let me access it then if you send me a PM with the details of
$auth['cas']['host']
and$auth['cas']['context']
then I can see if I can work out what's going wrong. (I don't need a login - just need to be able to get as far as the login page). If that's a problem then I quite understand.