Difference between revisions of "CAS"
(remove lines correction) |
(→Eprints::Session edit) |
||
Line 101: | Line 101: | ||
# in doing it again. | # in doing it again. | ||
unless( defined $self->{currentuser} ) | unless( defined $self->{currentuser} ) | ||
− | { | + | { |
− | + | my $username =""; | |
my $user_ticket=""; | my $user_ticket=""; | ||
− | if( defined $ENV{HTTP_CAS_FILTER_USER})#cookie | + | if( defined $ENV{HTTP_CAS_FILTER_USER})#just connected with cas, no cookie set |
{ | { | ||
$username = $ENV{HTTP_CAS_FILTER_USER}; | $username = $ENV{HTTP_CAS_FILTER_USER}; | ||
} | } | ||
− | + | elsif ( defined $self->{archive}->get_conf("cassessioncookiename") )#cas auth seems configured... | |
{ | { | ||
− | $user_ticket=raw_cookie( | + | $user_ticket=raw_cookie($self->{archive}->get_conf("cassessioncookiename")); |
− | if( defined $user_ticket) | + | if( defined $user_ticket)#Indeed we've get a cookie :) |
{ | { | ||
− | my $sql = "SELECT uid FROM cas_sessions | + | my $sql = "SELECT uid FROM cas_sessions where id='$user_ticket'"; |
− | |||
my $sth = $self->{database}->prepare( $sql ); | my $sth = $self->{database}->prepare( $sql ); | ||
$self->{database}->execute( $sth, $sql ); | $self->{database}->execute( $sth, $sql ); | ||
− | |||
while( my @info = $sth->fetchrow_array ) { | while( my @info = $sth->fetchrow_array ) { | ||
my @list = split(":",$info[0]); | my @list = split(":",$info[0]); | ||
− | foreach( @list ) {$ | + | foreach( @list ) {$username=$_;} |
} | } | ||
$sth->finish; | $sth->finish; | ||
− | |||
} | } | ||
− | |||
− | |||
− | |||
− | |||
} | } | ||
+ | else#using default eprints authentication | ||
+ | { | ||
+ | $username = $ENV{'REMOTE_USER'}; | ||
+ | } | ||
+ | |||
if( defined $username && $username ne "" ) | if( defined $username && $username ne "" ) | ||
{ | { | ||
Line 142: | Line 140: | ||
} | } | ||
</pre> | </pre> | ||
− | This code | + | This code assumes CASAuth SQL tables are stored with the rest of the Eprints server. It won't work if you use a Postgres database or even if you stored your CASauth tables on an other MySQL database. If you have any good reason to use a seperated database, you will have to change some lines in order to make it work. |
Revision as of 14:02, 12 April 2006
This page explains how to use a CAS server to authenticate user in eprints.
Contents
Install a secure host
The first thing you'll have to do is to install a secure host. This page explains how to do that.
Apache::AuthCAS
This perl library allows you to easily communicate with a CAS sever.
Install the lib
This can be done with the command: perl -MCPAN -e 'install Apache::AuthCAS'
More infomartion are available on CPAN
Make few changes to AuthCAS.pm (if using mysql)
The Apache::AuthCAS module use a database to store cookies. You can use Postgres or MySQL, as you wish.
Most probably, you will use mysql, as eprints use it. Unfortunately AuthCAS.pm is coded with the "Pg" driver in hard, even if a variable ($DB_DRIVER) exists, it is not used. So you will have to edit your AuthCAS.pm file and change each "Pg" with "mysql".
Create the database to store cookies
You should find this mysql schema in /root/.cpan/build/Apache-AuthCAS-0.4/schema.sql
-- schema that has been used with PostgreSQL and may need to be altered for -- another DBMS CREATE TABLE cas_sessions ( id varchar(32) not null primary key, last_accessed int8 not null, uid varchar(32) not null, pgtiou varchar(64) not null ); CREATE TABLE cas_pgtiou_to_pgt ( pgtiou varchar(64) not null primary key, pgt varchar(64) not null, created int8 not null ); --example PostgreSQL indeces --CREATE INDEX cas_sessions_id_index ON cas_sessions(id); --CREATE INDEX cas_pgtiou_to_pgt_pgtiou_index ON cas_pgtiou_to_pgt(pgtiou); --CREATE INDEX cas_sessions_last_accessed_index ON cas_sessions(last_accessed);
Configure your secure host
You must provide some information like the CAS host. You can provide it in your virtual host, or in AuthCAS.pm. Read the module page on CPAN to know more about it.
Also edit $EPRINTS_ROOT/archives/$ARCHIVE_ID/cfg/auto-secure.conf and make the following changes:
Remove lines:
AuthType "Basic" PerlAuthenHandler EPrints::Auth::authen
and add:
AuthType Apache::AuthCAS AuthName "CAS" PerlAuthenHandler Apache::AuthCAS->authenticate PerlSetVar CASProduction "1"
Load the module
Finally, don't forget to load Apache::AuthCAS!
Eprints::Session edit
Now edit the $EPRINTS_PATH/perl_lib/EPrints/Session.pm. First add this line:
use CGI qw(:standard -nph);
Which enables you to use the raw_cookie fuction which returns variables stored in http cookie. Then go to the current_user function definition where you have to put the uid provided by AuthCAS module in $username. To do it, you just have to make a sql query which looks like that:
$sql="SELECT uid FROM cas_sessions WHERE id='$user_ticket'";
Where $user_ticket is the variable stored in the AuthCAS http cookie.
my $user_ticket=raw_cookie('APACHECAS');
Note that 'APACHECAS' is the default name for the AuthCAS cookie but you may have change it.
Here is a code that should work if you have installed your Apache::AuthCAS sql tables in the same database where you store your eprints tables:
sub current_user { my( $self ) = @_; my $user = undef; # If we've already done this once, no point # in doing it again. unless( defined $self->{currentuser} ) { my $username =""; my $user_ticket=""; if( defined $ENV{HTTP_CAS_FILTER_USER})#just connected with cas, no cookie set { $username = $ENV{HTTP_CAS_FILTER_USER}; } elsif ( defined $self->{archive}->get_conf("cassessioncookiename") )#cas auth seems configured... { $user_ticket=raw_cookie($self->{archive}->get_conf("cassessioncookiename")); if( defined $user_ticket)#Indeed we've get a cookie :) { my $sql = "SELECT uid FROM cas_sessions where id='$user_ticket'"; my $sth = $self->{database}->prepare( $sql ); $self->{database}->execute( $sth, $sql ); while( my @info = $sth->fetchrow_array ) { my @list = split(":",$info[0]); foreach( @list ) {$username=$_;} } $sth->finish; } } else#using default eprints authentication { $username = $ENV{'REMOTE_USER'}; } if( defined $username && $username ne "" ) { $self->{currentuser} = EPrints::User::user_with_username( $self, $username ); } } return $self->{currentuser}; }
This code assumes CASAuth SQL tables are stored with the rest of the Eprints server. It won't work if you use a Postgres database or even if you stored your CASauth tables on an other MySQL database. If you have any good reason to use a seperated database, you will have to change some lines in order to make it work.