phpCAS latest release v2.1.2-1
last update 31-August-2007 11:53AM

Low-level configuration of CAS GH authentication

Low-level configuration should be used only when using the basic esup-casgeneric package. Users of esup-cas-server and esup-cas-quick-start packages should consider the high-level configuration instead.

Multiple authentication is the first and main feature of CAS GH. It is achieved by editing the webpages/WEB-INF/genericHandler.xml (this file is copied as web/WEB-INF/genericHandler.xml when deployed in the source hierarchy of a CAS server), which should fit the CAS GH DTD. One or many authentication methods are specified in this file. Methods are intended to be tested one after the other until one succeeds.

The configuration for CAS GH always looks like:

<authentication>
  list of handlers (authentication methods)
</authentication> 

In case of trouble with CAS GH, always try to validate your CAS GH installation by using a very simple configuration such as:

<authentication empty_password_accepted="on" debug="on">
<handler>
<classname>org.esupportail.cas.server.handlers.test.EmptyPasswordHandler</classname>
</handler>
<handler>
<classname>org.esupportail.cas.server.handlers.test.PasswordEqualsUsername</classname>
</handler>
</authentication>

With this configuration, authentication attempts will succeed if users give their username as password, or simply give an empty password.

Authentication methods

The possible authentication methods are (click on the links below to get specific help):

Some test handlers are provided to begin with CASGenericHandler.

There is also a way to prevent specific users from authenticating.

Some other authentication methods may be introduced in next releases if needed:

CASGEnericHandler and empty passwords

CASGenericHandler can be configured to accept (or reject) empty passwords. For instance,

<authentication empty_password_accepted="on">
  list of handlers (authentication methods)
</authentication>

will allow users to give empty passwords to authenticate (only if they have no password in the user referential used by one of the authentication methods specified). By default, empty passwords are rejected.

 

 
SourceForge.net Logo

Copyright © 2002-2004 - ESUP-Portail consortium