[support] Drupal CAS Configuration
Scott Matthews
smatthews at optaros.com
Thu Feb 7 18:41:49 UTC 2008
As a follow up, I tried to add that this should apply to all pages
except for '/admin/*' but that was to no avail.
On Feb 7, 2008, at 1:29 PM, Scott Matthews wrote:
> Yes. We're making a customized version based on the cas module.
>
> We basically do not want the user to have to forward to the login
> page.
>
> So David, I tried your suggestion and what I'm seeing is:
>
> I go to to the admin page not being authenticated and attempt to
> login as my admin
> when I submit, the resulting page is not the admin page with the
> options available to me but rather my site's home page with the url
> as ' http://[domain_name]/?destination=admin '
>
> any Ideas?
>
> On Feb 7, 2008, at 1:24 PM, Hainsworth, Shawn wrote:
>
>> I want to jump in here. The Drupal user might not always exist.
>> There are cases where CAS will authenticate a user that Drupal does
>> not yet have in its User table. I know the module allows for
>> creating new users with a configurable set of default roles, and we
>> will need to use this functionality.
>>
>> Also, the security model for this application is different than
>> Drupal's typical security model. Typically, Drupal protects
>> resources based on roles. So, i f you attempt to access a specific
>> resource, Drupal will check if that resource is protected, and then
>> check if the user is authenticated, and what their role is. The
>> Drupal-CAS module also allows a set of URL patterns to be defined
>> which will require authentication.
>>
>> We are not requiring authentication based on resource or URL path.
>> Rather, any page on the site may be accessed anonymously. However,
>> there are additional features that are available if you are logged
>> in.
>>
>> Therefore, we are modifying the module to perform a CAS gateway
>> check at the beginning of the user's session. So, Drupal
>> authentication will only be used for administrators and content
>> creators. Users of the site will not use Drupal authentication.
>> Rather, they will use the CAS gateway check at the beginning of
>> their session.
>>
>> s.
>>
>> From: Scott Matthews [mailto:smatthews at optaros.com]
>> Sent: Thu 2/7/2008 1:00 PM
>> To: support at drupal.org
>> Cc: Hainsworth, Shawn; Ron Trevarrow
>> Subject: Re: [support] Drupal CAS Configuration
>>
>> Yes, I already have the accounts stored in Drupal for the people in
>> question. As for CAS, since I'm still in development I'm using the
>> basic functionality of the server for now where you can use any user
>> and the password is the username.
>>
>> Yes, to some degree I do want both to work (i.e. allowing the admin
>> for Drupal to login without CAS authentication while other arbitrary
>> users are validated from CAS.
>>
>>
>>
>> Scott Matthews
>> Senior Developer
>> Optaros, Inc.
>> smatthews at optaros.com
>>
>>
>>
>>
>>
>> On Feb 7, 2008, at 12:52 PM, Metzler, David wrote:
>>
>> > I'm the module maintainer, and can certainly help out here.
>> >
>> > If you're using a module where just a few should be authenticated
>> by
>> > cas, there's a couple of options here, but a couple of questions
>> > will be useful:
>> >
>> > 1.) have you precreated the drupal accounts for these people? You
>> > don't have to, but it'll be helpful for me to give advice.
>> >
>> > 2.) Are you looking for both drupal auth and cas auth to work?
>> >
>> > Dave
>> >
>> >
>> > -----Original Message-----
>> > From: support-bounces at drupal.org on behalf of Scott Matthews
>> > Sent: Thu 2/7/2008 09:15
>> > To: support at drupal.org
>> > Cc: Shawn Hainsworth
>> > Subject: [support] Drupal CAS Configuration
>> >
>> >
>> >
>> > Has anyone had much experience with the Drupal CAS module?
>> I'm
>> > attempting to use it for an SSO implementation by integrating it
>> into
>> > a site that I am developing where there is a central CAS server
>> that
>> > will manage the users for all other sites we have. This Central
>> CAS
>> > server will have access to a central repository of user login
>> > informaiton.
>> >
>> >
>> > The issue that I'm seeing is that there are a few specific
>> users that
>> > I have that will be maintained by Drupal and when I attempt to
>> Login
>> > as those users, it does not seem to authenticate me. Is this
>> possible
>> > to have it set up this way? Am I barking up the wrong tree?
>> > --
>> > [ Drupal support list | http://lists.drupal.org/ ]
>> >
>> > <winmail.dat>--
>> > [ Drupal support list | http://lists.drupal.org/ ]
>>
>>
>
> --
> [ Drupal support list | http://lists.drupal.org/ ]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/support/attachments/20080207/bfa9101f/attachment.htm
More information about the support
mailing list