Announcement

Collapse
No announcement yet.

Intergrating a project with PHPCAS for authentication with CAS

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Intergrating a project with PHPCAS for authentication with CAS

    I would like to add the PHPCAS library to a Scriptcase project. This library has 40+ files to add with 1 file in a folder and then folders underneath that with the 40+ files.

    Is it possible to do this? I assume I can't in the interface exactly, but would be happy to do it in the file system if that would work, I would just need to know where to put them and then how to get it to work in Scriptcase.
    (I thought if I could put the whole thing where it needs to be in the file system and added the main CAS.php file via the Scriptcase interface to add library it might work, but would like some confirmation from some scriptcase experts before trying it.)

    Layout:

    Main PHP CAS FOLDER
    > CAS.php
    > CAS (folder)
    >6 more folders containing a bunch of .php files
    >11 php files


  • #2
    Re: Intergrating a project with PHPCAS for authentication with CAS

    Unless otherwise directed, I will try to do it the same way as mentioned in this thread for PHPEXCEL: http://www.scriptcase.net/forum_en_u...p?topic=5875.0

    Comment


    • #3
      Re: Intergrating a project with PHPCAS for authentication with CAS

      What I had to do to get started is to add the include into the ApplicationInit.

      in ApplicationInit:
      Code:
      $cas_file = '../../scriptcase_cas1.php';
      require($cas_file);
      phpCAS::forceAuthentication();
      The scriptcase_cas1.php is the file that I wrote to load the cas.php files and to load the variables. Now that I look at it I could probably put all of it's code into the applicaitoninit if it was a single project that it would ever be used for.

      However I have run into a different problem:

      It appears that the PHPCAS session ID is overwriting the Scriptcase Session ID which leaves us with a dsyfunctional application.

      ie I get this error:
      window.location = "control_fim.php?script_case_init=41&script_case_s ession=ST-287234-Z4IaYT62acBtsichFiMz-cas3"

      Note the script_case_session has been replaced by the PHPCAS session in the URL

      Any ideas on how I can fix it?

      Comment


      • #4
        Re: Intergrating a project with PHPCAS for authentication with CAS

        I need to turn off session management in phpcas....duh.

        Now it seems after the last Scriptcase update, I can't include any php file in ApplicationInit without an Internal Error, so I am stuck....but looking for solution.

        Comment


        • #5
          Re: Intergrating a project with PHPCAS for authentication with CAS

          OK. Here are the initial instructions for integrating a Scriptcase Project with CAS. Note: For this example, only the Control application is connected to CAS. All of the other applications are set to use security and are turned on for the Scriptcase session in the control app. The big problem with this is if someone wants to Bookmark the Menu application and return, they get the "Unathorised" message displayed on their screen. I set the Security URL to be '../control/control.php' but that didn't do anything and it still just displayed the Unauthorized box. I'll leave that for a later day.

          The attached files need to be modified as follows:
          cas_defines.php <- Need to insert your CAS server specifics here such as URI of your cas server. ie Replace 'CAS_SERVER' with your server like 'cas.yourdomain.com'
          scriptcase_cas.php <- Need to put your own CAS server IP addresses in the handle logout. Note that could be set in the cas_defines.php to make the scriptcase_cas.php more generic

          The other files should work as is without modification

          This was tested with phpCAS 1.3.0. (Download it and unpack it, then rename its folder as "cas" and place in the project folder on the deployed server and in the app folder on the Scriptcase development server for testing)

          Other Caveats - Since Scriptcase is managing the Sessions I found that it was necessary to have each Scriptcase project to be installed to it's own unique URL especially if there was another phpCAS enabled php app on the same server. This should be able to be sorted using a database for session variables.

          Folder Structure on deployed server and in the apps folder under scriptcase on the development server.

          Project
          Project/control
          Project/mainmenu
          Project/formapp1
          Project/cas
          cas_defines.php
          scriptcase_cas.php
          cas_sessions.php
          sessions.php

          In the control app the following needs to be added to the 'onApplicationInit' event:
          Code:
          $sc_cas_file = '../scriptcase_cas.php';
          include($sc_cas_file);
          At this point anything after will only run if the person is Authenticated by CAS. ie If you only wanted Authentication to your CAS server then you can run the SC macros:
          Code:
          sc_apl_status ('mainmenu', 'on');
          sc_apl_status ('formapp1','on');
          Caveat: Using the "Use Security" set to yes in the Scriptcase Application will prevent URL's being bookmarked deeper into your site from working - at the moment that is the price for this solution.

          If you want your app to Authorize the person then I suggest something like this in your control app's onScriptInit event

          I have a table in the database of the default connection called User_Profiles which contains a list of the authorised users. The same approach could be taken with comparing attributes or other ways. (Note 2: My approach below could be improved to make sure that more than 1 is not in the database in case of an attack on the DB/site.)

          Code:
          $casuser = phpCAS::phpCAS::getUser();
          sc_lookup(my_data, "SELECT ID FROM User_Profiles WHERE USERNAME='" . $casuser . "'");
          if ({my_data} === false)
          {
             echo "Access error. Message=". {my_data_erro} ;
          	 sc_apl_status ('mainmenu', 'off');
          }
          elseif (empty({my_data}))
          {
            echo "You are not authorised to use this application. Please contact the administrator of this site to request authorisation.";
          	sc_apl_status ('MainMenu', 'off');
          }
          else
          {
           echo "Authenticated"; 
          	sc_apl_status ('mainmenu', 'on');
          	sc_apl_status ('formapp1','on');
          
          	sc_redir(MainMenu);
          
          }


          Anyway I hope this helps anyone else that is wanting to integrate CAS with scriptcase.

          Now on to try and accomplish phpCAS proxy mode integrated into Scriptcase for querying a SOAP service for 3 different applications in 2 projects.
          Attached Files

          Comment


          • #6
            Re: Intergrating a project with PHPCAS for authentication with CAS

            sample cas_defines.php
            Attached Files

            Comment


            • #7
              Re: Intergrating a project with PHPCAS for authentication with CAS

              sample sessions.php
              Attached Files

              Comment


              • #8
                Re: Intergrating a project with PHPCAS for authentication with CAS

                sample cas_sessions.php
                Attached Files

                Comment


                • #9
                  Re: Intergrating a project with PHPCAS for authentication with CAS

                  To fix the security to not show the Unauthorized message but instead redirect back to the control app for login see this thread:
                  http://www.scriptcase.net/forum_en_u...sg4373#msg4373

                  Comment

                  Working...
                  X