CAS – Central Authentication Service

CAS is an authentication system originally created by Yale University to provide a trusted way for an application to authenticate a user.

Chapters

  1. HTTPS

To provide seamless integration of CAS with Gentics CMS and Gentics Portal.Node Java the Gentics SSO CAS Open Source project was created.

To enable integration for Gentics CMS make sure that the PHP module “php-imap” is installed and add the following code to your node.conf:

/Node/etc/node.conf

/**
 * mapCasGroups receives all user attributes and
 * has to return the ID of the user group in which
 * newly created users should reside
 *
 * @param $attributes array of user attributes
 * @retun array of groups for the user
 */
function mapCasGroups($attributes) {
	return array(9);
}

// CAS configuration
$CAS_SSO = array(
	'protocol' => 'https',
	'host' => 'cas-server.mydomain.com',
	'port' => 8443,
	'path' => 'cas-server',
	'groupMapper' => 'mapCasGroups'
);

1 HTTPS

If your CAS is accessed via HTTPS, php-curl maybe doesn’t know the certificate authority of the certificate of your CAS service. There are two ways to solve this problem:

Recommended solution: Setting an authority certificate

/Node/etc/node.conf

$CAS_SSO['curlOptions'] = array(
	CURLOPT_SSL_VERIFYPEER => true,
    CURLOPT_CAINFO => 'pathto/cacert.pem'
);

However you can also disable certificate verification complete. Be in mind that this can make you vulnerable to man-in-the-middle attacks.

/Node/etc/node.conf

$CAS_SSO['curlOptions'] = array(
    CURLOPT_SSL_VERIFYHOST => false,
    CURLOPT_SSL_VERIFYPEER => false
);

More information on the PHP CURL options available can be found here: http://php.net/manual/en/function.curl-setopt.php