CAS is a centralized authentication service, and the cas_auth filter can
be installed to automatically make your web application authenticate
against a CAS server. The SVN path to the plugin is http://svn.ki.se/rails/plugins/cas_auth
and a homepage with some information can be found at http://opensource.ki.se/casauth.html
For use, just install the plugin in your application and set these
attributes in your environment.rb
CAS::Filter.login_url
CAS::Filter.validate_url
CAS::Filter.server_name
This is very nice. We’ve been using our own drop-in controller for this
but
I like what you’ve done. We’ll try your plugin on a couple of our
systems
and report back to you if there are errors.
To use this plugin, would I need to setup a CAS server for my company?
-Larry
Yes, this is only the client part of such a system. There are many
available implementations, though. (But I’m sorry to say that most are
in Java, so you’ll have to have at least one Java server in your
enterprise. But OTOH, are there any enterprises without Java at this
stage?)
Yes, it’s only CAS 1.0, the most rudimentary parts needed to actually
get the authentication bits working correctly. And as you say, I know
it’s very simple and could probably be done in a Good ™ language in
one or two days. But it’s still a question of time as DM so succinctly
sang 20 years ago.
To use this plugin, would I need to setup a CAS server for my company?
-Larry
Yes, this is only the client part of such a system. There are many
available implementations, though. (But I’m sorry to say that most are
in Java, so you’ll have to have at least one Java server in your
enterprise. But OTOH, are there any enterprises without Java at this stage?)
If you just implement CAS 1.0 it’s pretty straight forward. We did
our own implementation in mod perl in a couple of days.
Does the CAS filter work with any of the RBAC plugins/engines?
I whipped up my own additions to ActiveRBAC to have CAS (1.0) work with it.
Jason E.
No, not as of now. I would really like to decouple authentication and
authorization as completely as possible. I’m going around planning for
an authorization plugin that will work with SpocP, though. (SpocP is a
centralized generic authorization server, where you can specify rules in
almost any way you want to. Somewhat like XACML actually. http://www.spocp.org for more info)