new appliance and web site!
Massimo Di Pierro
here is something cool.
It is both a web site
https://mdp.cti.depaul.edu/cas
and an appliance
https://mdp.cti.depaul.edu/appliances/default/show/22
together they provide single sign on Central Authentication Service
(CAS) at multiple levels.
- You can run CAS as Consumer (i.e. provide authentication for your
application without running authentication/registration/etc/etc
yourself) In this case you do not need to download and run the
appliance. Just follow the instructions on the web site. My web site
will be the Provider.
- You can run CAS as Provider (i.e. you want to allow Consumers to
authenticate users via your service) In this case download the
appliance, configure it and run it.
- You want both. Again download the appliance and tweak the
parameters as in the instructions.
Both the Consumer (in controllers/default.py) and the Provider (in
controller/cas.py) should work with third party CAS applications.
This may need more testing so please play with it and let me know. I
cannot guarantee my current will stay up but it ok for testing.
BSD License.
At this point the identity appliance is deprecated.
Massimo
voltron
1. Does CAS keep track of the IP address of the client and the domain
against which the client want to authenticate against?
2. Can one extend it with authorization features?
3. Tickets are mentioned in the CAS code, whereas one uses "token" in
the client code, should they not be the same?
4. Why are the login and logout implemented as lambda functions, just
out of curiosity, is this a web2py a best practice?
Thanks
Massimo Di Pierro
On Mar 1, 2008, at 11:54 AM, voltron wrote:
>
> Cool! I have a few questions
>
> 1. Does CAS keep track of the IP address of the client and the domain
> against which the client want to authenticate against?
CAS remembers it but does not use it. Users logged in are tracked by
cookies so they can browse multiple domains and applications
requiring the same CAS authentication without being prompted over and
over.
> 2. Can one extend it with authorization features?
the token contains an ID. You can use the ID to do authorization
within the app. CAS' role is only to do authentication.
> 3. Tickets are mentioned in the CAS code, whereas one uses "token" in
> the client code, should they not be the same?
Not quite the same.
> 4. Why are the login and logout implemented as lambda functions, just
> out of curiosity, is this a web2py a best practice?
Jet because it was the most compact way.
Michael Wills
Labmda functions and list comprehensions are both pretty new to me. It took a while to even figure out the terminology "list comprehensions" so I could Google more about it. :-) In addition to often being more compact, it seems to bring in some aspects of "functional programming". That's another new field. But these styles reduce "side effects", i.e. while using variables as you process and iterate through data, sometimes the variables have the wrong data causing errors in the processing. Still learning on this one. Web2py seems to use these a bit and using these styles helps to reduce programming error.
But as I mentioned, I'm still learning. Always! :-)
Massimo Di Pierro
Michael Wills
I'll have to take a look at the CAS code soon. If it hasn't been asked yet, part of what some of the developers are looking for is the ability to have multiple auth backends. CAS would be a good place to start seeing how that would work. :-)
Thanks,
Michael