[support] Drupal CAS Configuration

Scott Matthews smatthews at optaros.com
Thu Feb 7 18:29:11 UTC 2008 

Yes.  We're making a customized version based on the cas module.

We basically do not want the user to have to forward to the login page.

So David, I tried your suggestion and what I'm seeing is:

I go to to the admin page not being authenticated and attempt to login  
as my admin
when I submit, the resulting page is not the admin page with the  
options available to me but rather my site's home page with the url as  
' http://[domain_name]/?destination=admin '

any Ideas?

On Feb 7, 2008, at 1:24 PM, Hainsworth, Shawn wrote:

> I want to jump in here.  The Drupal user might not always exist.   
> There are cases where CAS will authenticate a user that Drupal does  
> not yet have in its User table.  I know the module allows for  
> creating new users with a configurable set of default roles, and we  
> will need to use this functionality.
>
> Also, the security model for this application is different than  
> Drupal's typical security model.  Typically, Drupal protects  
> resources based on roles.  So, i f you attempt to access a specific  
> resource, Drupal will check if that resource is protected, and then  
> check if the user is authenticated, and what their role is.  The  
> Drupal-CAS module also allows a set of URL patterns to be defined  
> which will require authentication.
>
> We are not requiring authentication based on resource or URL path.   
> Rather, any page on the site may be accessed anonymously.  However,  
> there are additional features that are available if you are logged in.
>
> Therefore, we are modifying the module to perform a CAS gateway  
> check at the beginning of the user's session.  So, Drupal  
> authentication will only be used for administrators and content  
> creators.  Users of the site will not use Drupal authentication.   
> Rather, they will use the CAS gateway check at the beginning of  
> their session.
>
> s.
>
> From: Scott Matthews [mailto:smatthews at optaros.com]
> Sent: Thu 2/7/2008 1:00 PM
> To: support at drupal.org
> Cc: Hainsworth, Shawn; Ron Trevarrow
> Subject: Re: [support] Drupal CAS Configuration
>
> Yes, I already have the accounts stored in Drupal for the people in
> question.  As for CAS, since I'm still in development I'm using the
> basic functionality of the server for now where you can use any user
> and the password is the username.
>
> Yes, to some degree I do want both to work (i.e. allowing the admin
> for Drupal to login without CAS authentication while other arbitrary
> users are validated from CAS.
>
>
>
> Scott Matthews
> Senior Developer
> Optaros, Inc.
> smatthews at optaros.com
>
>
>
>
>
> On Feb 7, 2008, at 12:52 PM, Metzler, David wrote:
>
> > I'm the module maintainer, and can certainly help out here.
> >
> > If you're using a module where just a few should be authenticated by
> > cas, there's a couple of options here, but a couple of questions
> > will be useful:
> >
> > 1.) have you precreated the drupal accounts for these people? You
> > don't have to, but it'll be helpful for me to give advice.
> >
> > 2.) Are you looking for both drupal auth and cas auth to work?
> >
> > Dave
> >
> >
> > -----Original Message-----
> > From: support-bounces at drupal.org on behalf of Scott Matthews
> > Sent: Thu 2/7/2008 09:15
> > To: support at drupal.org
> > Cc: Shawn Hainsworth
> > Subject: [support] Drupal CAS Configuration
> >
> >
> >
> >       Has anyone had much experience with the Drupal CAS module?   
> I'm
> > attempting to use it for an SSO implementation by integrating it  
> into
> > a site that I am developing where there is a central CAS server that
> > will manage the users for all other sites we have.  This Central CAS
> > server will have access to a central repository of user login
> > informaiton.
> >
> >
> >       The issue that I'm seeing is that there are a few specific  
> users that
> > I have that will be maintained by Drupal and when I attempt to Login
> > as those users, it does not seem to authenticate me.  Is this  
> possible
> > to have it set up this way?  Am I barking up the wrong tree?
> > --
> > [ Drupal support list | http://lists.drupal.org/ ]
> >
> > <winmail.dat>--
> > [ Drupal support list | http://lists.drupal.org/ ]
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/support/attachments/20080207/51f83f83/attachment.htm

More information about the support mailing list