phpCAS latest release v2.1.2-1
last update 31-August-2007 11:53AM

High-level configuration of CAS GH authentication

This method is the most simple method to configure user authentication. It is available with the esup-cas-server and esup-cas-quick-start packages (not within the esup-casgeneric package).

This configuration is based on templates. If your authentication is simple, you can choose an existing template; otherwise, configure "by hand" or, better, make your own template and use it.

Use an existing template

Authentication templates are folders, located in the /custom/esup-casgeneric-auth/ folder. They may use properties, that should be set in the /properties/build.properties file.

For example, if you plan to authenticate your users on an LDAP directory, you can use the ldap template. To use it, set the ${esup-casgeneric.auth} property to ldap, and set the ${esup-casgeneric.auth.ldap.*} properties to fit to your configuration. Your /properties/build.properties file may look like:

# authentication mode 
             
esup-casgeneric.auth=ldap
           
# LDAP authentication
           
esup-casgeneric.auth.ldap.host=ldap.esup-portail.org
esup-casgeneric.auth.ldap.port=389
esup-casgeneric.auth.ldap.filter=uid=%u,ou=people,dc=esup-portail,dc=org

Existing templates are:

  • ldap (see above);
  • ldap-rep (binding to one LDAP directory and its replica, since release 1.0.3);
  • ldap-search (searching in one LDAP directory) and ldap-search-rep (with a replica);
  • ad (binding to one Active Directory) and ad-rep (binding to one Active Directory and its replica, since release 2.0.7);
  • ad-search (searching in one AD) and ad-search-rep (with a replica);
  • nis (authenticate users on a NIS domain);
  • database-bind (binding to a database);
  • database-search (simple search in a database);
  • database-query (complex querying of a database);
  • empty-password (authenticate users if they give an empty password, for test purposes only).

Configure CAS GH "by hand"

If you do not find a template satisfying your needs, you can use the local template, and simply modify /custom/esup-casgeneric-auth/local/webpages/WEB-INF/genericHandler.xml to fit to your local configuration (use the low-level configuration method, as if you were using CAS GH alone).

In the /properties/build.properties file, indicate you use the local auth template, and set any other property you used in /custom/esup-casgeneric-auth/local/webpages/WEB-INF/genericHandler.xml. Your /properties/build.properties file may look like:

# authentication mode 
             
esup-casgeneric.auth=local
           
# LDAP authentication
           
esup-casgeneric.auth.local.xxx=yyy

Create your own template

To create your own template, add a new folder to the /custom/esup-casgeneric-auth/ folder. The name of your folder you created will be the name of the template. You can then create the files you want in this new folder; these files will be copied to the source hierarchy of the CAS server. You should at least add a /webpages/WEB-INF/genericHandler.xml file reflecting your authentication.

You can alternatively copy the whole /custom/esup-casgeneric-auth/local/ folder under a new name.

If you think your template can be interesting for other users, please share it on the casgeneric-users@esup-portail.org mailing list.

 
SourceForge.net Logo

Copyright © 2002-2004 - ESUP-Portail consortium