#158 Real - CAS Authentication/Session Managment

open
nobody
None
5
2017-01-16
2010-07-09
No

Hey There, I built a phpCAS authentication and session scheme for MRBS. It is set up how you guys do it, so all you need to do is copy it into the web directory and of course make sure that phpCAS is installed on your webserver. Because of how CAS works, I created both an auth and session file which will allow you to effectively use CAS. Sorry about the duplicate postings, this is the real one, my VM was acting up during the first post.

Discussion

  • Patrick McMorran

    Zip containting auth_cas.inc, session_cas.inc, and cas_set.php

     
  • Chad Healey

    Chad Healey - 2011-06-14

    I am trying to use this authentication scheme with my universities CAS. I include this cas_set.php into config.inc.php and fill in all the correct parameters for our CAS. Once all this is done when I visit my MRBS page all I get is a blank screen with no errors or indication what is wrong.

    Any ideas?

     
    • Comment has been marked as spam. 
      Undo

      You can see all pending comments posted by this user  here

      Anonymous - 2013-01-07

      Sorry for the late reply, but this is usually caused by not having php_cas installed on your local webserver, which is a requirement to get CAS authentication to work. Please see the post below by Farzan if you require help setting it up.

       
  • Comment has been marked as spam. 
    Undo

    You can see all pending comments posted by this user  here

    Anonymous - 2013-01-06

    I THANK YOU REAL AUTHOR "PATRICK" FOR CREATING THIS PLUGIN. I HAVE DOCUMENTED THE STEPS FOR MY REFERENCE BUT IT MIGHT BE HELPFUL FOR OTHERS THUS I AM POSTING IT HERE...

    Download phpCAS from JASIG CAS website or click on this [url=https://wiki.jasig.org/display/CASC/phpCAS]link[/url]

    You can directly download the latest version on to your linux machine:

    wget http://downloads.jasig.org/cas-clients/php/current/CAS-1.3.2.tgz

    Now browse to the directory

    cd /usr/share/php FOR CENTOS or
    cd /usr/share/php5 for UBUNTU

    Now run the above command to download the phpCAS

    wget http://downloads.jasig.org/cas-clients/php/current/CAS-1.3.2.tgz

    Extract the zip folder

    tar -zxvf CAS-1.3.2.tgz

    It will create a folder CAS-1.3.2

    Now we have to include the folder path into our php.ini
    FOR UBUNTU the location is

    nano /etc/php5/apache2/php.ini

    FOR CENTOS it is

    nano /etc/php.ini

    It will open the file for you to edit
    Look for the line include_path
    This what I have done in mine

    include_path = "/usr/share/php"
    This will read all the contents of this location and this is how you install phpCAS.

    Now get the CAS client for MRBS from
    http://sourceforge.net/p/mrbs/feature-requests/158/

    Copy the contents of zip file in to your web diretory
    For me it is /var/www/bookings/

    Now edit the file cas_set.php with all the parameters specific to your organization:
    Lines which should be changed:

    $auth["admin"][] = "admin1"; // THIS IS THE ID FOR ADMIN ACCOUNTS REPLACE IT WITH > YOUR DESIRED USER IDs
    $auth["admin"][] = "admin2";

    Change the following line too

    phpCAS::client(CAS_VERSION_2_0,'myschool.school.nz',443,'/sso');

    Thats it. Now open the config file of MRBS

    nano config.inc.php

    Add the following line to include cas auth:

    require_once "cas_set.php";

    RESTART YOUR APACHE SERVER

    service apache2 restart

    All Done!

    Hope this will help others.
    Thanks to real author again.

    Farzan
    fqureshi@rosmini.school.nz

     
  • Farzan Qureshi

    Farzan Qureshi - 2013-01-06

    I THANK YOU REAL AUTHOR "PATRICK" FOR CREATING THIS PLUGIN. I HAVE DOCUMENTED THE STEPS FOR MY REFERENCE BUT IT MIGHT BE HELPFUL FOR OTHERS THUS I AM POSTING IT HERE...

    Download phpCAS from JASIG CAS website or click on this [url=https://wiki.jasig.org/display/CASC/phpCAS]link[/url]

    You can directly download the latest version on to your linux machine:

    wget http://downloads.jasig.org/cas-clients/php/current/CAS-1.3.2.tgz

    Now browse to the directory

    cd /usr/share/php FOR CENTOS or
    cd /usr/share/php5 for UBUNTU

    Now run the above command to download the phpCAS

    wget http://downloads.jasig.org/cas-clients/php/current/CAS-1.3.2.tgz

    Extract the zip folder

    tar -zxvf CAS-1.3.2.tgz

    It will create a folder CAS-1.3.2

    Now we have to include the folder path into our php.ini
    FOR UBUNTU the location is

    nano /etc/php5/apache2/php.ini

    FOR CENTOS it is

    nano /etc/php.ini

    It will open the file for you to edit
    Look for the line include_path
    This what I have done in mine

    include_path = "/usr/share/php"
    This will read all the contents of this location and this is how you install phpCAS.

    Now get the CAS client for MRBS from
    http://sourceforge.net/p/mrbs/feature-requests/158/

    Copy the contents of zip file in to your web diretory
    For me it is /var/www/bookings/

    Now edit the file cas_set.php with all the parameters specific to your organization:
    Lines which should be changed:

    $auth["admin"][] = "admin1"; // THIS IS THE ID FOR ADMIN ACCOUNTS REPLACE IT WITH > YOUR DESIRED USER IDs
    $auth["admin"][] = "admin2";

    Change the following line too

    phpCAS::client(CAS_VERSION_2_0,'myschool.school.nz',443,'/sso');

    Thats it. Now open the config file of MRBS

    nano config.inc.php

    Add the following line to include cas auth:

    require_once "cas_set.php";

    RESTART YOUR APACHE SERVER

    service apache2 restart

    All Done!

    Hope this will help others.
    Thanks to real author again.

    Farzan
    fqureshi@rosmini.school.nz

     
  • Comment has been marked as spam. 
    Undo

    You can see all pending comments posted by this user  here

    Anonymous - 2013-08-07

    Do i need to copy the inc files in the maps where the other inc files are from mrbs ?

     
  • Patrick McMorran

    You should just be able to drop them into the root MRBS directory alongside the other session and authentication handlers and they will become available. Then in the config file you just define cas. Note that you need to have PHPCAS installed on the web server for the plugin I made to work.

     
  • Comment has been marked as spam. 
    Undo

    You can see all pending comments posted by this user  here

    Anonymous - 2013-08-08

    Ok (ty for the fast response) it seems to work, i putted the files in place and included cas_set.php in the config file.

    Does i need to set also ?
    //login systeem
    $auth["type"]="cas";
    Because it seems to work without it also ?

    Now i got another problem , in my layout now there is on top of it login/log out and username? This is not in de menu bar of mrbs can you point me to the right direction in the code, i'm searching like nuts :D now

     
  • Comment has been marked as spam. 
    Undo

    You can see all pending comments posted by this user  here

    Anonymous - 2013-08-08

    Found layout problem :)

     
  • Hebus

    Hebus - 2013-08-22

    Hey Patrick,
    I need to check if the person who check in is from the correct department.
    The person can only login if the CAS attribute department = comwet .
    How can i do this ?

     
  • Comment has been marked as spam. 
    Undo

    You can see all pending comments posted by this user  here

    Anonymous - 2013-09-03

    It looks like it's on line 36,if (phpCAS::isAuthenticated() ..., i added
    **and (phpCAS::getAttribute('department')=='*' and i still can log in even it is the wrong department ?

     
  • Comment has been marked as spam. 
    Undo

    You can see all pending comments posted by this user  here

    Anonymous - 2013-09-03

    Com on, this is not a hard question i think :(
    I altered line 36 from the cas-auth file

    if (phpCAS::isAuthenticated() and (phpCAS::getAttribute('department')=='xxx' ...
    When i, change xxx in a wrong value, i still can log in?
    What i'm i missing here ?

     
    • Patrick McMorran

      Sorry, I haven't had time to write a more robust version to include departments, however the issue is you would instead want to create an if statement that redirects people to the login page if their department does not match. The isAuthenticated() function redirects users to the CAS server. Thus if phpCAS::getAttribute('department')!='xxx' then redirect to an error page of sorts. When I find time I will try and write some logic into the auth file I made.

       
      • Hebus

        Hebus - 2013-09-04

        i have done it like this for the moment on line 59: (in the aut_cas.inc file.)
        * global $auth;
        * $admins = $auth['admin'];
        * // User not logged in, user level '0'
        59 if (!isset($user) or phpCAS::getAttribute('department')!='XXX')
        * {
        * return 0;
        * }

        Users can login but can't add/edit bookings this way, not really elegant but it works, in anticipation of Patrick's edit.
        btw. ty for clearing it out Patrick.

         
  • Comment has been marked as spam. 
    Undo

    You can see all pending comments posted by this user  here

    Anonymous - 2013-09-03

    .

     
    Last edit: Anonymous 2013-09-03
  • Hebus

    Hebus - 2014-11-18

    I'm trying to expand the login filter but i'm stuck, my code line seems to work in a separate test page. But when i added it in mrbs i'm running into a problem .

    i'm trying to expand my login code from above post.
    I made an array in the config file for special users who are not in our department but may login. Logins need to be employee.

    $special_user[]="A";
    $special_user[]="B";

    Then i changed the code on line 59 in auth_cas.inc into this.

    global $auth;
    $admins = $auth['admin'];
    // User not logged in, user level '0'
    
    if (!isset($user) 
    or (phpCAS::getAttribute('department')!='PS01' and !in_array($user,$special_user) )
    or (!in_array('ugentEmployee', (phpCAS::getAttribute('objectClass')) ) ) )
    
    {
    return 0;
    }
    

    So when the user "A" is not from department ps01 and he is an employee normally he should be able to login.
    But it does not work.
    "A" can login when he is from deparment "ps01" but when he is not, the special_user part does not seem to work.
    Does somebody sees what i'm doing wrong ?

     
  • Hebus

    Hebus - 2017-01-16

    Does this stil work for the 1.5 version .
    I coppied the needed extra lines from my still working version into the new version and when i activate
    require_once 'auth_cas/cas_set.php'; i get an error 500.

     


Anonymous

Cancel  Add attachments





Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

JavaScript is required for this form.





No, thanks