You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@vcl.apache.org by Josh Thompson <jo...@ncsu.edu> on 2019/06/12 18:30:59 UTC

Re: [jira] [Commented] (VCL-1087) VCL CAS SSO

Hi Junaid,

Did you see this comment on the JIRA issue about CAS support in VCL?  It's one 
of the last things that I'd like to see incorporated into the 2.5.1 release.

Thanks,
Josh

On Wednesday, May 29, 2019 11:32:00 AM EDT Josh Thompson (JIRA) wrote:
>     [
> https://issues.apache.org/jira/browse/VCL-1087?page=com.atlassian.jira.plug
> in.system.issuetabpanels:comment-tabpanel&focusedCommentId=16850972#comment-
> 16850972 ]
> 
> Josh Thompson commented on VCL-1087:
> ------------------------------------
> 
> Hi Junaid,
> 
> I've partly implemented VCL-1086 (improve modularization of
> authentication).  I've updated things for local, ldap, and Shibboleth
> authentication.  At this point, each authentication method needs to add an
> entry in a global array named $authFuncs.  Can you have a look to update
> CAS?  I've merged the develop branch in to VCL-1087_VCL_CAS_SSO. 
> shibauth.php would probably be the best file to use as an example.  The
> entry in $authFuncs looks something like this:
> 
> {{$authFuncs['shibboleth'] = array(}}
> {{   'test' => 'testShibAuth',}}
> {{   'auth' => 'processShibAuth',}}
> {{   'unauth' => 'unauthShib'}}
> 
> {{);}}
> 
> 'test' and 'auth' are called from initGlobals in utils.php after
> determining that the current user is not authenticated.  One thing to note
> is that if the VCLAUTH cookie exists and is valid, these functions are not
> used as the user is already considered to be authenticated.
> 
> 'test' references a function that checks to see if information exists to
> validate a user with this authentication method. For Shibboleth, it checks
> for the existence of $_SERVER['SHIB_EPPN'] - a global variable provided by
> the web server if the user has been authenticated by Shibboleth. The
> function should return 1 if required information is available or 0 if not.
> 
> 'auth' references a function that handles authenticating the user. It should
> return the authenticated user in 'userid@affiliation' form or NULL if
> authentication failed. If authentication is successful, it should include a
> call to addLoginLog. It should probably set the VCLAUTH cookie to handle
> authentication in further interactions with the VCL site (Shibboleth does
> this).  If it does not set VCLAUTH, the functioned referenced by 'auth'
> will be called for each page load by the user, which can be okay, but it
> should be written to be pretty quick and not do things like calling
> addLoginLog every time.
> 
> 'unauth' references a function that handles destroying the users
> authentication. It takes one argument because unauthenticating the user
> needs to happen in two parts. The value of the argument is either 'headers'
> or 'content'.  If called with 'headers', it should set any headers that
> need to be sent to the user before page content (most methods simply return
> and do nothing in this case). If called with 'content', any page content
> that should be displayed to the user should be printed out. This function
> is called from sendHeaders in utils.php when $mode is logout. After the
> function unauth references has been called, the user should have to log in
> again.
> 
> The idea of all of this is to that creating new authentication methods
> should only require creating a new file under authmethods and including the
> file from conf.php without requiring any other files to be modified.
> 
> Josh
> 
> > VCL CAS SSO
> > -----------
> > 
> >                 Key: VCL-1087
> >                 URL: https://issues.apache.org/jira/browse/VCL-1087
> >             
> >             Project: VCL
> >          
> >          Issue Type: New Feature
> >          Components: web gui (frontend)
> >    
> >    Affects Versions: 2.5
> >    
> >            Reporter: Junaid Ali
> >            Priority: Major
> >         
> >         Attachments: 0001-CAS-Authentication-Module.patch, Design document
> >         for adding CAS support to VCL.pdf> 
> > This new feature will add [CAS|https://www.apereo.org/projects/cas] single
> > sign on support to the VCL Website.
> --
> This message was sent by Atlassian JIRA
> (v7.6.3#76005)
-- 
-------------------------------
Josh Thompson
Systems Programmer
Platform Computing | VCL Developer
North Carolina State University

Josh_Thompson@ncsu.edu
919-515-5323

my GPG/PGP key can be found at pgp.mit.edu

All electronic mail messages in connection with State business which
are sent to or received by this account are subject to the NC Public
Records Law and may be disclosed to third parties.