here is something cool.
It is both a web site
https://mdp.cti.depaul.edu/cas
and an appliance
https://mdp.cti.depaul.edu/appliances/default/show/22
together they provide single sign on Central Authentication Service
(CAS) at multiple levels.
- You can run CAS as Consumer (i.e. provide authentication for your
application without running authentication/registration/etc/etc
yourself) In this case you do not need to download and run the
appliance. Just follow the instructions on the web site. My web site
will be the Provider.
- You can run CAS as Provider (i.e. you want to allow Consumers to
authenticate users via your service) In this case download the
appliance, configure it and run it.
- You want both. Again download the appliance and tweak the
parameters as in the instructions.
Both the Consumer (in controllers/default.py) and the Provider (in
controller/cas.py) should work with third party CAS applications.
This may need more testing so please play with it and let me know. I
cannot guarantee my current will stay up but it ok for testing.
BSD License.
At this point the identity appliance is deprecated.
Massimo
>
> Cool! I have a few questions
>
> 1. Does CAS keep track of the IP address of the client and the domain
> against which the client want to authenticate against?
CAS remembers it but does not use it. Users logged in are tracked by
cookies so they can browse multiple domains and applications
requiring the same CAS authentication without being prompted over and
over.
> 2. Can one extend it with authorization features?
the token contains an ID. You can use the ID to do authorization
within the app. CAS' role is only to do authentication.
> 3. Tickets are mentioned in the CAS code, whereas one uses "token" in
> the client code, should they not be the same?
Not quite the same.
> 4. Why are the login and logout implemented as lambda functions, just
> out of curiosity, is this a web2py a best practice?
Jet because it was the most compact way.