CasLoginContrib
CAS SSO Login for foswiki
Usage
Uses JA-SIG
CAS Single Sign On infrastructure for foswiki authentication.
If the user has already authenticated at the SSO, the user will not need to enter their password again.
This Authentication infrastructure can be coupled together with an external
User mapper such as
Foswiki:Extensions.LdapContrib, allowing foswiki to 'outsource' its user details.
To activate it, you will specify
Foswiki::LoginManager::CasLogin
in the
security setup section of
configure, and set the
{CAS}
specific settings.
Notes
Don't forget to get get the CAS server's
https
ssl
certificate, and add its path into
configure
: in the
{CAS}{CAFile}
setting.
(the
cipher RC4-SHA
can be removed if you're not getting the problem described below)
openssl s_client -cipher RC4-SHA -connect jasig.home.org.au:8443 2>&1 | sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/ p' > ../foswiki/core/jasig.crt
If you get the following error, add
--sslv3
to the command line, and to the expert setting below
sven@quiet:~/src/AuthCAS$ curl -I --insecure https://jasig.home.org.au:8443/login
curl: (35) error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error
If you successfully log into the CAS server, and then get returned to the foswiki with a url containing a
?ticket
parameter but are not logged in to foswiki, you may be hitting an
OpenSSL issue due to your CAS server's cipher fallbacks. You bay be able to solve this by using the
EXPERT setting found in
configure
:
{CAS}{SSL_version}
. Set the value to
SSLv3
.
Installation Instructions
You do not need to install anything in the browser to use this extension. The following instructions are for the administrator who installs the extension on the server.
Open configure, and open the "Extensions" section. Use "Find More Extensions" to get a list of available extensions. Select "Install".
If you have any problems, or if the extension isn't available in
configure
, then you can still install manually from the command-line. See
http://foswiki.org/Support/ManuallyInstallingExtensions for more help.
Info
This is a re-write of the TWiki CASLogin work done by Greg Abbas, Charlie Reitsma and Olivier Berger, and uses Olivier Salaun's
AuthCAS
cpan module.