Regarding what Shawn wrote:

 

Is this worth a long distance phone call or chat session?   I’m at my office now and would be happy to talk you through the configuration I’m talking about if you’d like.

I’ve been trying to figure out a way to make the login test happen as you suggest, but there are trade-offs for content creators. Any chance you’d be willing to collaborate.  I’d be extremely interested in folding the mod you’re talking about into the cas module if we can hammer out the details. Basically the rub for me is how to implement it in such a way that the drupal log out button still works.   My content creators need this to be able to see what an anonymous user sees. (and they log in via cas)

 

Contact me directly (off list) if you’d like to do this.

 

metzlerd@metzlerd.com

 

Regarding your site you should be configured in the following manner:

 

  Use drupal as cas repository – unchecked.

  Hijack users – checked.

 

Go into block administration and enable the login block or enable the cas login menu.

 

Then you should be able to do either cas or drupal logins.


Dave

 

 

 

 

 

From: support-bounces@drupal.org [mailto:support-bounces@drupal.org] On Behalf Of Scott Matthews
Sent: Thursday, February 07, 2008 10:29 AM
To: Hainsworth, Shawn
Cc: support@drupal.org; Ron Trevarrow
Subject: Re: [support] Drupal CAS Configuration

 

Yes.  We're making a customized version based on the cas module.

 

We basically do not want the user to have to forward to the login page.  

 

So David, I tried your suggestion and what I'm seeing is:

 

I go to to the admin page not being authenticated and attempt to login as my admin

when I submit, the resulting page is not the admin page with the options available to me but rather my site's home page with the url as ' http://[domain_name]/?destination=admin '

 

any Ideas?

 

On Feb 7, 2008, at 1:24 PM, Hainsworth, Shawn wrote:



I want to jump in here.  The Drupal user might not always exist.  There are cases where CAS will authenticate a user that Drupal does not yet have in its User table.  I know the module allows for creating new users with a configurable set of default roles, and we will need to use this functionality.

 

Also, the security model for this application is different than Drupal's typical security model.  Typically, Drupal protects resources based on roles.  So, i f you attempt to access a specific resource, Drupal will check if that resource is protected, and then check if the user is authenticated, and what their role is.  The Drupal-CAS module also allows a set of URL patterns to be defined which will require authentication.

 

We are not requiring authentication based on resource or URL path.  Rather, any page on the site may be accessed anonymously.  However, there are additional features that are available if you are logged in.

 

Therefore, we are modifying the module to perform a CAS gateway check at the beginning of the user's session.  So, Drupal authentication will only be used for administrators and content creators.  Users of the site will not use Drupal authentication.  Rather, they will use the CAS gateway check at the beginning of their session.

 

s.

 

From: Scott Matthews [mailto:smatthews@optaros.com]
Sent: Thu 2/7/2008 1:00 PM
To: support@drupal.org
Cc: Hainsworth, Shawn; Ron Trevarrow
Subject: Re: [support] Drupal CAS Configuration

Yes, I already have the accounts stored in Drupal for the people in 
question.  As for CAS, since I'm still in development I'm using the 
basic functionality of the server for now where you can use any user 
and the password is the username.

Yes, to some degree I do want both to work (i.e. allowing the admin 
for Drupal to login without CAS authentication while other arbitrary 
users are validated from CAS.



Scott Matthews
Senior Developer
Optaros, Inc.
smatthews@optaros.com





On Feb 7, 2008, at 12:52 PM, Metzler, David wrote:

> I'm the module maintainer, and can certainly help out here.
>
> If you're using a module where just a few should be authenticated by 
> cas, there's a couple of options here, but a couple of questions 
> will be useful:
>
> 1.) have you precreated the drupal accounts for these people? You 
> don't have to, but it'll be helpful for me to give advice.
>
> 2.) Are you looking for both drupal auth and cas auth to work?
>
> Dave
>
>
> -----Original Message-----
> From: support-bounces@drupal.org on behalf of Scott Matthews
> Sent: Thu 2/7/2008 09:15
> To: support@drupal.org
> Cc: Shawn Hainsworth
> Subject: [support] Drupal CAS Configuration
>
>
>      
>       Has anyone had much experience with the Drupal CAS module?  I'm
> attempting to use it for an SSO implementation by integrating it into
> a site that I am developing where there is a central CAS server that
> will manage the users for all other sites we have.  This Central CAS
> server will have access to a central repository of user login
> informaiton.
>
>
>       The issue that I'm seeing is that there are a few specific users that
> I have that will be maintained by Drupal and when I attempt to Login
> as those users, it does not seem to authenticate me.  Is this possible
> to have it set up this way?  Am I barking up the wrong tree?
> --
> [ Drupal support list | http://lists.drupal.org/ ]
>
> <winmail.dat>--
> [ Drupal support list | http://lists.drupal.org/ ]