CAS

From EPrints Documentation
Revision as of 14:54, 7 April 2006 by Mstumpf (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

This page explains how to use a CAS server to authenticate user in eprints.

Install a secure host

The first thing you'll have to do is to install a secure host. [This page] explains how to do that.

Apache::AuthCAS

This perl library allows you to easily communicate with a CAS sever.

Install the lib

This can be done with the command: perl -MCPAN -e 'install Apache::AuthCAS'

More infomartion are available on [CPAN]

Make few changes to AuthCAS.pm (if using mysql)

The Apache::AuthCAS module use a database to store cookies. You can use Postgres or MySQL, as you wish.

Most probably, you will use mysql, as eprints use it. Unfortunately AuthCAS.pm is coded with the "Pg" driver in hard, even if a variable ($DB_DRIVER) exists, it is not used. So you will have to edit your AuthCAS.pm file and change each "Pg" with "mysql".

Create the database to store cookies

You should find this mysql schema in /root/.cpan/build/Apache-AuthCAS-0.4/schema.sql

-- schema that has been used with PostgreSQL and may need to be altered for
-- another DBMS

CREATE TABLE cas_sessions (
        id                              varchar(32) not null primary key,
        last_accessed   int8 not null,
        uid                             varchar(32) not null,
        pgtiou                  varchar(64) not null
);

CREATE TABLE cas_pgtiou_to_pgt (
        pgtiou          varchar(64) not null primary key,
        pgt                     varchar(64) not null,
        created         int8 not null
);

--example PostgreSQL indeces
--CREATE INDEX cas_sessions_id_index ON cas_sessions(id);
--CREATE INDEX cas_pgtiou_to_pgt_pgtiou_index ON cas_pgtiou_to_pgt(pgtiou);
--CREATE INDEX cas_sessions_last_accessed_index ON cas_sessions(last_accessed);

Configure your secure host

You must provide some information like the CAS host. You can provide it in your virtual host, or in AuthCAS.pm. Read the [module page on CPAN] to know more about it.

Also edit $EPRINTS_ROOT/archives/$ARCHIVE_ID/cfg/auto-secure.conf and make the following changes:

Remove lines:

   AuthType "Basic"
   PerlAuthenHandler EPrints::Auth::authen
   PerlAuthzHandler EPrints::Auth::authz
   PerlSetVar EPrints_Security_Area User
   require valid-user


and add:


   AuthType Apache::AuthCAS
   AuthName "CAS"
   PerlAuthenHandler Apache::AuthCAS->authenticate
   PerlSetVar CASProduction "1"
   require valid-user


Load the module

Finally, don't forget to load Apache::AuthCAS!

Eprints::Session edit

(coming soon)