CasLoginContrib

CAS SSO Login for foswiki

Usage

Uses JA-SIG CAS Single Sign On infrastructure for foswiki authentication.

If the user has already authenticated at the SSO, the user will not need to enter their password again.

This Authentication infrastructure can be coupled together with an external User mapper such as Foswiki:Extensions.LdapContrib, allowing foswiki to 'outsource' its user details.

To activate it, you will specify Foswiki::LoginManager::CasLogin in the security setup section of configure, and set the {CAS} specific settings.

Notes

Don't forget to get get the CAS server's https ssl certificate, and add its path into configure : in the {CAS}{CAFile} setting.

(the cipher RC4-SHA can be removed if you're not getting the problem described below)

openssl  s_client -cipher RC4-SHA   -connect jasig.home.org.au:8443 2>&1 | sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/ p' > ../foswiki/core/jasig.crt

OpenSSL issue

If you get the following error, add --sslv3 to the command line, and to the expert setting below

sven@quiet:~/src/AuthCAS$ curl -I --insecure https://jasig.home.org.au:8443/login
curl: (35) error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error

If you successfully log into the CAS server, and then get returned to the foswiki with a url containing a ?ticket parameter but are not logged in to foswiki, you may be hitting an OpenSSL issue due to your CAS server's cipher fallbacks. You bay be able to solve this by using the EXPERT setting found in configure : {CAS}{SSL_version}. Set the value to SSLv3.

Installation Instructions

You do not need to install anything in the browser to use this extension. The following instructions are for the administrator who installs the extension on the server.

Open configure, and open the "Extensions" section. Use "Find More Extensions" to get a list of available extensions. Select "Install".

If you have any problems, or if the extension isn't available in configure, then you can still install manually from the command-line. See http://foswiki.org/Support/ManuallyInstallingExtensions for more help.

Info

This is a re-write of the TWiki CASLogin work done by Greg Abbas, Charlie Reitsma and Olivier Berger, and uses Olivier Salaun's AuthCAS cpan module.

Author(s):	Foswiki:Main.SvenDowideit
Copyright:	© SvenDowideit@fosiki.com
License:	GPL 3 (Gnu General Public License)
Jan 2016	1.6.4 - Item13919: fix default user to be used as determined by engine (Foswiki:Main.JanKrueger)
Sep 2012	fix up {CAS}{LogoutFromCAS} - sadly, the browser is directed to the CAS logout page, and there's no info for the user to return
Aug 2012	1.6.2 - Item12056: CasLogin shows template auth screen if a logged in user navigates to it
Aug 2012	1.6.1 - quick fix for Foswiki::Tasks.Item12054: recursion in CasLogin if access is denied to the user that has just logged in
Aug 2012	initial release of the third re-implementation
Release:	1.6.4
Version:	1.6.4
Dependencies:	Name Version Description AuthCAS >=1.5 Required.
Home page:	http://foswiki.org/bin/view/Extensions/CasLoginContrib
Support:	http://foswiki.org/bin/view/Support/CasLoginContrib