RPI phpCAS Authentication Tutorial

After much tinkering with RPI’s CAS (Central Authentication System) in PHP, I thought I would put together a guide to make it easy for anyone to put together a site that uses it. This would work for anyone at another location with a CAS server, but this example is for RPI.

  1. Get the CAS Library
  2. Download the tar file under “Current Version”
  3. Extract the contents, using a program such as 7-Zip, and put it in the root of whatever web folder you want
  4. Download the latest CA bundle for SSL
  5. Create a index.php, login.php, logout.php
  6. The index has to load the library, check if the user is logged in, then print out text.
    • <?PHP

      include_once(“./CAS-1.3.2/CAS.php”);
      phpCAS::client(CAS_VERSION_2_0,’cas-auth.rpi.edu’,443,’/cas/’);
      // SSL!
      phpCAS::setCasServerCACert(“./CACert.pem”);//this is relative to the cas client.php file

      if (phpCAS::isAuthenticated())
      {
      echo “User:” . phpCAS::getUser();
      echo “<a href=’./logout.php’>Logout</a>”;
      }else{
      echo “<a href=’./login.php’>Login</a>”;
      }

      ?>

       

    • First we load the library for CAS from the subfolder
    • Then we select which will be our central server
    • We have to select our ca bundle, setCasServerCert does this
    • Now we have fully loaded and configured the library
    • Finally, I can ask CAS if a user has logged in, if so writeout some options, if not others
  7. This is the login page
    • <?PHP

      include_once(“./CAS-1.3.2/CAS.php”);
      phpCAS::client(CAS_VERSION_2_0,’cas-auth.rpi.edu’,443,’/cas/’);
      // SSL!
      phpCAS::setCasServerCACert(“./CACert.pem”);//this is relative to the cas client.php file

      if (!phpCAS::isAuthenticated())
      {
      phpCAS::forceAuthentication();
      }else{
      header(‘location: ./index.php’);
      }

      ?>

       

    • Similar setup of authentication as before
    • Now we check if the user is NOT authenticated, if the user is not authenticated we force login
    • If the user already is logged in, then we redirect to the index
  8. The logout page:
    • <?PHP

      include_once(“./CAS-1.3.2/CAS.php”);
      phpCAS::client(CAS_VERSION_2_0,’cas-auth.rpi.edu’,443,’/cas/’);
      // SSL!
      phpCAS::setCasServerCACert(“./CACert.pem”);//this is relative to the cas client.php file

      if (phpCAS::isAuthenticated())
      {
      phpCAS::logout();
      }else{
      header(‘location: ./index.php’);
      }

      ?>

       

    • Same configuration (this can be done by including a core file that everything else calls, but for this example I wanted to keep it simple)
    • If they are not logged in, then we push the user back to login

That is the basic configuration, the example is available for download below. If there are any questions feel free to post a comment.

Download: http://programs.buildingtents.com/CASExample.zip

Extra Notes:

  • If you want to save server space, the docs folder under the CAS folder can be removed
  • I have ran into problems with CAS on a Windows Apache server, and CAS on a Linux Apache server reference the CACert.pem file differently
Advertisements

6 comments

  1. Hii . I followed ur steps but still i couldnt make it.. Ticket gets generated properly but there is some problem in cas authentication. It throwing error as CAS Authentication failed!! . Could you pls help me?

    1. Are you running on Windows or Linux? I get that a lot if the cert isn’t properly configured or Curl is not on the server. PHPcas relies on it.

    2. I found this problem with lot of ppl but no answer on this. Thanks God i get the solution so posting: This is the problem which generally comes with the development servers when we use no SSL: setNoCasServerValidation(); However even after using setNoCasServerValidation() internally CAS Client call the Curl using https, which is the main cause of this error. So to fix it just go to CAS Library file “../CAS/CAS/Client.php” Reach the function private function _readURL($url, &$headers, &$body, &$err_msg){} and add this line ” $url = str_replace(“https”, “http”, $url); ” as the first line of function “_readURL(…” I am sure this will work, however Please don’t do this in production environment as CAS recommends to use SSL on production. Thanks…

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s