[support] Drupal CAS Configuration

Scott Matthews smatthews at optaros.com
Thu Feb 7 18:41:49 UTC 2008 

As a follow up, I tried to add that this should apply to all pages  
except for '/admin/*' but that was to no avail.


On Feb 7, 2008, at 1:29 PM, Scott Matthews wrote:

> Yes.  We're making a customized version based on the cas module.
>
> We basically do not want the user to have to forward to the login  
> page.
>
> So David, I tried your suggestion and what I'm seeing is:
>
> I go to to the admin page not being authenticated and attempt to  
> login as my admin
> when I submit, the resulting page is not the admin page with the  
> options available to me but rather my site's home page with the url  
> as ' http://[domain_name]/?destination=admin '
>
> any Ideas?
>
> On Feb 7, 2008, at 1:24 PM, Hainsworth, Shawn wrote:
>
>> I want to jump in here.  The Drupal user might not always exist.   
>> There are cases where CAS will authenticate a user that Drupal does  
>> not yet have in its User table.  I know the module allows for  
>> creating new users with a configurable set of default roles, and we  
>> will need to use this functionality.
>>
>> Also, the security model for this application is different than  
>> Drupal's typical security model.  Typically, Drupal protects  
>> resources based on roles.  So, i f you attempt to access a specific  
>> resource, Drupal will check if that resource is protected, and then  
>> check if the user is authenticated, and what their role is.  The  
>> Drupal-CAS module also allows a set of URL patterns to be defined  
>> which will require authentication.
>>
>> We are not requiring authentication based on resource or URL path.   
>> Rather, any page on the site may be accessed anonymously.  However,  
>> there are additional features that are available if you are logged  
>> in.
>>
>> Therefore, we are modifying the module to perform a CAS gateway  
>> check at the beginning of the user's session.  So, Drupal  
>> authentication will only be used for administrators and content  
>> creators.  Users of the site will not use Drupal authentication.   
>> Rather, they will use the CAS gateway check at the beginning of  
>> their session.
>>
>> s.
>>
>> From: Scott Matthews [mailto:smatthews at optaros.com]
>> Sent: Thu 2/7/2008 1:00 PM
>> To: support at drupal.org
>> Cc: Hainsworth, Shawn; Ron Trevarrow
>> Subject: Re: [support] Drupal CAS Configuration
>>
>> Yes, I already have the accounts stored in Drupal for the people in
>> question.  As for CAS, since I'm still in development I'm using the
>> basic functionality of the server for now where you can use any user
>> and the password is the username.
>>
>> Yes, to some degree I do want both to work (i.e. allowing the admin
>> for Drupal to login without CAS authentication while other arbitrary
>> users are validated from CAS.
>>
>>
>>
>> Scott Matthews
>> Senior Developer
>> Optaros, Inc.
>> smatthews at optaros.com
>>
>>
>>
>>
>>
>> On Feb 7, 2008, at 12:52 PM, Metzler, David wrote:
>>
>> > I'm the module maintainer, and can certainly help out here.
>> >
>> > If you're using a module where just a few should be authenticated  
>> by
>> > cas, there's a couple of options here, but a couple of questions
>> > will be useful:
>> >
>> > 1.) have you precreated the drupal accounts for these people? You
>> > don't have to, but it'll be helpful for me to give advice.
>> >
>> > 2.) Are you looking for both drupal auth and cas auth to work?
>> >
>> > Dave
>> >
>> >
>> > -----Original Message-----
>> > From: support-bounces at drupal.org on behalf of Scott Matthews
>> > Sent: Thu 2/7/2008 09:15
>> > To: support at drupal.org
>> > Cc: Shawn Hainsworth
>> > Subject: [support] Drupal CAS Configuration
>> >
>> >
>> >
>> >       Has anyone had much experience with the Drupal CAS module?   
>> I'm
>> > attempting to use it for an SSO implementation by integrating it  
>> into
>> > a site that I am developing where there is a central CAS server  
>> that
>> > will manage the users for all other sites we have.  This Central  
>> CAS
>> > server will have access to a central repository of user login
>> > informaiton.
>> >
>> >
>> >       The issue that I'm seeing is that there are a few specific  
>> users that
>> > I have that will be maintained by Drupal and when I attempt to  
>> Login
>> > as those users, it does not seem to authenticate me.  Is this  
>> possible
>> > to have it set up this way?  Am I barking up the wrong tree?
>> > --
>> > [ Drupal support list | http://lists.drupal.org/ ]
>> >
>> > <winmail.dat>--
>> > [ Drupal support list | http://lists.drupal.org/ ]
>>
>>
>
> -- 
> [ Drupal support list | http://lists.drupal.org/ ]

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/support/attachments/20080207/bfa9101f/attachment.htm

More information about the support mailing list