CasLoginContribDev Discussion: Page for developer collaboration, enhancement requests, patches and improved versions on CasLoginContrib contributed by the TWikiCommunity.
• Please let us know what you think of this extension.
• For support, check the existing questions, or ask a new support question in the Support web!
• Please file bug reports in the CasLoginContrib bug database.

Feedback on CasLoginContrib

-- OlivierBerger - 14 Aug 2008

Thank you Charlie and Oliver for contributing to the TWiki project!

Please fill in the detail in the package form. Help also tag (and tag vote) the contrib page. It would be helpful to have a short description of CAS, and/or a link to a documentation page, such as Wikipedia:Central_Authentication_Service

-- PeterThoeny - 17 Aug 2008

PeterThoeny : note that I applied in OlivierBergerWouldLikeToCheckIn to be able to maintain the Contrib development in SVN.

-- OlivierBerger - 18 Aug 2008

I am trying to get this to work but I am running Apache2. This seems designed to use the AuthCAS instead of Apache2::AuthCAS. Am I correct that this will not work for me on an Apache2 server?

-- DougCampbell - 23 Aug 2008

It relies on the perl AuthCAS module found here http://search.cpan.org/~osalaun/AuthCAS/ (or http://sourcesup.cru.fr/projects/perlcas/), not http://search.cpan.org/~jhitt/Apache2-AuthCAS/ . I'm not really familiar with CPAN policy for those kinds of duplicate modules coexistence ... still, I tested it on Apache 2.2 on Debian lenny, so I suppose it should be OK for you.

Hope this helps (sorry, the link in the dependencies needs to be fixed).

-- OlivierBerger - 25 Aug 2008

FYI, the Contrib has entered the TWiki SVN, so contents of CasLoginContrib should now be managed the "standard" way (see TWikibug:Item5959).

Also note that I'm trying to push this package for Debian. More details : http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495428

-- OlivierBerger - 26 Aug 2008

Just issued a new version, in SVN (rev. 17456), now that I'm committer ;-), improving small bits (see changelog).

Any comments welcome

-- OlivierBerger - 26 Aug 2008

I changed the modification policy of this extension from ContactAuthorFirst to PleaseFeelFreeToModify because the authors are no longer active with the community for over 2 years. Anyone interested in maintaining this extension?

-- PeterThoeny - 2011-05-04

I have been trying out the CasLoginContrib module, but cannot get past this message when I try to log in: Insecure dependency in printf while running with -T switch

If I knew perl I'm sure this is simple to figure out, but I'm stumped.

-- Ian Richmond - 2014-01-22

This extensions seems to have an issue with a tainted variable that is not cleanup up properly. For testing you could remove the -T flag from the TWiki scripts in the twiki/bin directory, e.g. change #!/usr/bin/perl -wT to #!/usr/bin/perl -w.

-- Peter Thoeny - 2014-01-24

Sorry; I got taken off this - yes! that lets me now be redirected to the CAS server, log in, and return with a https://<twiki>/do/view?ticket=<ST-xxx&#62; in the url. I come back to the main screen I left, but I'm still not logged in. I have added 4 lines in the LocalSite.cfg file: $TWiki::cfg{LoginManager} = 'TWiki::LoginManager::CasLogin'; $TWiki::cfg{CAS}{casUrl} = 'https://login.drexel.edu/cas'; $TWiki::cfg{CAS}{CAFile} = '/etc/ssl/certs/login.drexel.edu.crt'; ##Should you wish to trace execution of Client/LoginManager, you may set also : $TWiki::cfg{Trace}{Client} = 1; as per the instructions. Do I need something else? Like a CasValidate url? Clearly it seems to be coming back okay with the ticket, but then nothing.

-- Ian Richmond - 2014-02-23

Okay, I took the ticket from the url after I logged in, and manually pasted it into a url to validate it:

https://login.drexel.edu/cas/serviceValidate?ticket=ST-408224-bfwaHd4IK5MJ00rWnfSb-pilchard.irt.drexel.edu&service=https://129.25.131.22/do/view

I got back my username on a white page, so I think the ssl versions and ciphers are all working. I just don't know what is missing from the CasLoginContrib software...

-- Ian Richmond - 2014-02-24

CasLoginContrib doesn't work out of the box. Neither of us are Perl people, nor have we ever met CAS or TWiki before, so we have no broader knowledge of all the issues involved. But the changes below look to us like simple bugs that can be fixed easily, so Peter, I hope this is helpful enough for you to fix the code.

Here is what we did to make it work for us:

1) Installed the CPAN:IO-Socket-SSL Perl module and dependencies. The CasLogin.pm was written to fail silently on this, so it was not obvious to me that I was missing something.

2) Made the following edits in /var/www/html/twiki/lib/TWiki/LoginManager/CasLogin.pm:

In sub forceAuthentication(), change

my $query = $twiki->{cgiQuery};
to:
my $query = $twiki->{request};

In sub login(), change

my $loginName = $cas->validateST($app_url.$origurl, $ticket);
to:
my $loginName = $cas->validateST($app_url.'/do/login', $ticket);

and change

my $login_url = $cas->getServerLoginURL($app_url.$origurl);
to:
my $login_url = $cas->getServerLoginURL($app_url."/do/login");

Hope This Helps

-- Ian Richmond - 2014-03-02

Thank you Ian! What TWiki version does this apply to?

On another note, I do not recommend installing TWiki into an apache html directory. The world can potentially read all files unless carefully locked down. Better to install TWiki in /var/www/twiki and use an apache config file generated by ApacheConfigGenerator.

-- Peter Thoeny - 2014-03-03

The "/do/login" is hard-coded and will work not for other directory structures and script expensions. There should be a platform independent way.

-- Peter Thoeny - 2014-03-03

My twiki tarball that I installed from is: TWiki-6.0.0.tgz Yes, you are quite right on both counts. If I remember correctly, the $origurl kept moving around, meaning I had to get a new url accepted from CAS, which took a day or two each time, so we just gave up and hard-coded it..

-- Ian Richmond - 2014-03-06