AuthCAS - CAS authentication

Testing the TWiki CasLogin Contrib module

CharlieReitsma has written a Contrib module for TWiki in order to add CAS authentication (further package by OlivierBerger). You'll find more details about its implementation at CasLogin.

Please help test it to validate its integration into TWiki's official Contrib modules.

Perl libraries for CAS clients

Should you wish to implement an alternative authentication system for CAS, there are already some basic libraries to build upon.

There are (at least) two CPAN perl modules available to make TWiki interact with Yale's Central Authentication System (CAS): AuthCAS and Apache(2)::AuthCAS

• Search CPAN: http://search.cpan.org/search?query=authcas&mode=all

AuthCAS perl library

AuthCAS is a perl client library for CAS 2.0 authentication server. It aims at providing a Perl API to Yale's Central Authentication System. Only a basic Perl library is provided with CAS whereas AuthCAS is a full object-oriented library.

• Module: CPAN:AuthCAS

It will interface TWiki to the CAS server withouth the need of anything configured in the underlying web server (Apache for instance).

Apache(2)::AuthCAS mod_perl module

Apache::AuthCAS is a configurable Apache authentication module that enables you to protect content on an Apache + ModPerl server using an existing Yale CAS authentication server.

• for Apache : CPAN:Apache-AuthCAS
• for Apache2 : CPAN:Apache2-AuthCAS

See also : Apache2::AuthCASSimple : http://search.cpan.org/~yvesago/Apache2-AuthCASSimple/ for another implementation.

-- Contributors: PeterThoeny - 10 Jan 2007, OlivierBerger - 26 Aug 2008

Discussion

I've written a CAS login manager using AuthCAS that works for me. I'll attach it here as an example. It needs a TWiki developer to pick it up to turn it into something for the whole community. > Moved to CasLogin -- OlivierBerger - 14 Aug 2008
-- CharlieReitsma - 22 Apr 2008

I'm not sure I understand why there would be some need of a dedicated auth code in perl. Looking at TransparentAuthentication , I tend to believe that using mod-auth-cas, it would be possible to use the returned REMOTE_USER, which could then be consumed with the ApacheLogin...

Could anyone correct me ?

Maybe the problem of logouts ?

-- OlivierBerger - 11 Aug 2008

Btwn see also : http://www.ja-sig.org/wiki/display/CAS/CASifying+TWiki

-- OlivierBerger - 11 Aug 2008

Well : responding to myself : TWiki involves lots of redirects (from login to viewauth, from view to viewauth, etc.), which each time may require mod-auth-cas to involve transactions with the CAS server... so that may seriously slow down TWiki (unless cache's use is optimized maybe). Thus, I guess an internal TWiki auth mechanism which authenticates once for the whole TWiki session is probably more interesting... and allows proper logout when necessary.

-- OlivierBerger - 12 Aug 2008

At CasLogin you'll find the package prepared by CharlieReitsma for TWiki 4.2. You'll find a TWiki Contrib package for a version adapted from his, to run on TWiki 4.1.2 at CasLoginContrib

-- OlivierBerger - 14 Aug 2008

Coupling CasLoginContrib with LdapContrib it should be possible to use the same LDAP backend for the CAS server login+password verification, and the groups source for TWiki.

The LoginManager/Client is managed with CasLogin and the UserMapping and Groups are managed with LdapContrib

-- OlivierBerger - 14 Aug 2008