[support] Drupal CAS Configuration

Metzler, David metzlerd at evergreen.edu
Thu Feb 7 19:12:54 UTC 2008 

Regarding what Shawn wrote: 

 

Is this worth a long distance phone call or chat session?   I'm at my
office now and would be happy to talk you through the configuration I'm
talking about if you'd like. 

I've been trying to figure out a way to make the login test happen as
you suggest, but there are trade-offs for content creators. Any chance
you'd be willing to collaborate.  I'd be extremely interested in folding
the mod you're talking about into the cas module if we can hammer out
the details. Basically the rub for me is how to implement it in such a
way that the drupal log out button still works.   My content creators
need this to be able to see what an anonymous user sees. (and they log
in via cas) 

 

Contact me directly (off list) if you'd like to do this. 

 

metzlerd at metzlerd.com

 

Regarding your site you should be configured in the following manner: 

 

  Use drupal as cas repository - unchecked. 

  Hijack users - checked. 

 

Go into block administration and enable the login block or enable the
cas login menu. 

 

Then you should be able to do either cas or drupal logins. 


Dave

 

 

 

 

 

________________________________

From: support-bounces at drupal.org [mailto:support-bounces at drupal.org] On
Behalf Of Scott Matthews
Sent: Thursday, February 07, 2008 10:29 AM
To: Hainsworth, Shawn
Cc: support at drupal.org; Ron Trevarrow
Subject: Re: [support] Drupal CAS Configuration

 

Yes.  We're making a customized version based on the cas module.

 

We basically do not want the user to have to forward to the login page.


 

So David, I tried your suggestion and what I'm seeing is:

 

I go to to the admin page not being authenticated and attempt to login
as my admin

when I submit, the resulting page is not the admin page with the options
available to me but rather my site's home page with the url as '
http://[domain_name]/?destination=admin '

 

any Ideas?

 

On Feb 7, 2008, at 1:24 PM, Hainsworth, Shawn wrote:





I want to jump in here.  The Drupal user might not always exist.  There
are cases where CAS will authenticate a user that Drupal does not yet
have in its User table.  I know the module allows for creating new users
with a configurable set of default roles, and we will need to use this
functionality.

 

Also, the security model for this application is different than Drupal's
typical security model.  Typically, Drupal protects resources based on
roles.  So, i f you attempt to access a specific resource, Drupal will
check if that resource is protected, and then check if the user is
authenticated, and what their role is.  The Drupal-CAS module also
allows a set of URL patterns to be defined which will require
authentication.

 

We are not requiring authentication based on resource or URL path.
Rather, any page on the site may be accessed anonymously.  However,
there are additional features that are available if you are logged in.

 

Therefore, we are modifying the module to perform a CAS gateway check at
the beginning of the user's session.  So, Drupal authentication will
only be used for administrators and content creators.  Users of the site
will not use Drupal authentication.  Rather, they will use the CAS
gateway check at the beginning of their session.

 

s.

 

________________________________

From: Scott Matthews [mailto:smatthews at optaros.com]
Sent: Thu 2/7/2008 1:00 PM
To: support at drupal.org
Cc: Hainsworth, Shawn; Ron Trevarrow
Subject: Re: [support] Drupal CAS Configuration

Yes, I already have the accounts stored in Drupal for the people in 
question.  As for CAS, since I'm still in development I'm using the 
basic functionality of the server for now where you can use any user 
and the password is the username.

Yes, to some degree I do want both to work (i.e. allowing the admin 
for Drupal to login without CAS authentication while other arbitrary 
users are validated from CAS.



Scott Matthews
Senior Developer
Optaros, Inc.
smatthews at optaros.com





On Feb 7, 2008, at 12:52 PM, Metzler, David wrote:

> I'm the module maintainer, and can certainly help out here.
>
> If you're using a module where just a few should be authenticated by 
> cas, there's a couple of options here, but a couple of questions 
> will be useful:
>
> 1.) have you precreated the drupal accounts for these people? You 
> don't have to, but it'll be helpful for me to give advice.
>
> 2.) Are you looking for both drupal auth and cas auth to work?
>
> Dave
>
>
> -----Original Message-----
> From: support-bounces at drupal.org on behalf of Scott Matthews
> Sent: Thu 2/7/2008 09:15
> To: support at drupal.org
> Cc: Shawn Hainsworth
> Subject: [support] Drupal CAS Configuration
>
>
>      
>       Has anyone had much experience with the Drupal CAS module?  I'm
> attempting to use it for an SSO implementation by integrating it into
> a site that I am developing where there is a central CAS server that
> will manage the users for all other sites we have.  This Central CAS
> server will have access to a central repository of user login
> informaiton.
>
>
>       The issue that I'm seeing is that there are a few specific users
that
> I have that will be maintained by Drupal and when I attempt to Login
> as those users, it does not seem to authenticate me.  Is this possible
> to have it set up this way?  Am I barking up the wrong tree?
> --
> [ Drupal support list | http://lists.drupal.org/ ]
>
> <winmail.dat>--
> [ Drupal support list | http://lists.drupal.org/ ]

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/support/attachments/20080207/9e1d335a/attachment-0001.htm

More information about the support mailing list