CAS authentication AtoM 2.10
24 views
Skip to first unread message
David Tauriainen
May 18, 2026, 5:07:34 PM (2 days ago) May 18
to AtoM Users
Hello, I'm trying to enable CAS authentication with AtoM 2.10.1
Most parts seem to be working:
the login button redirects to our organization's CAS (2.0) server's login page, and it returns a ticket, but I don't get logged in to AtoM with a preexisting user in the AtoM database.
I've enabled "debug: true" in "plugins/arCasPlugin/config/app.yml" but I don't see any logs in the filesystem or debug statements via the web interface.
The only result is landing back at the home page where I can click the "login with CAS" button again.
First step: is there another setting I need to change in order to enable the debugging? (see below, I have found /var/www/atom/log/phpcas.log )
contents of plugins/arCasPlugin/config/app.yml
all:
cas:
cas_version: '2.0'
cas:
cas_version: '2.0'
debug: true
server_name: 'idp.login.server'
server_port: 443
server_path: '/idp/profile/cas'
server_path: '/idp/profile/cas'
server_cert: false
set_groups_from_attributes: false
#attribute section irrelevant since above is false
service_url: https://atom.server/atom
note: if I use
service_url: https://atom.server/atom/cas/login
as suggested in the comments in the file, I get a 404 error. whereas
service_url: https://atom.server/atom/index.php/cas/login
produces an infinite loop between the servers, and leaving service blank results in a type mismatch where $name can not be NULL
I've just found /var/www/atom/log/phpcas.log It looks like when I use https://atom.server/atom I get "no user found [Client.php:1841]"
but when I use the looping https://atom.server/atom/index.php/cas/login I get
<cas:serviceResponse xmlns:cas="http://www.yale.edu/tp/cas">
<cas:authenticationSuccess>
<cas:user>myusername</cas:user>
</cas:authenticationSuccess>
</cas:serviceResponse>
<cas:authenticationSuccess>
<cas:user>myusername</cas:user>
</cas:authenticationSuccess>
</cas:serviceResponse>
So I feel like I'm very close, but there's just not a link up between the success for "myusername" from our CAS server and the "myusername" user pre-created in the AtoM user database.
David Tauriainen
May 19, 2026, 12:49:55 PM (2 days ago) May 19
to AtoM Users
The end of this section of the documentation
seems to indicate that "service_url:" is optional, but whether left blank or commented out, it results in the type mismatch error
phpCAS error: phpCAS::client():
CAS_TypeMismatchException: type mismatched for parameter $name (should
be 'array, string, or CAS_ServiceBaseUrl_Interface object '), NULL
given. in /var/www/atom-2.10.1/plugins/arCasPlugin/lib/arCAS.class.php on line 50
I've also now tried
service_url: ""
which resulted in
phpCAS error: phpCAS::client(): CAS_InvalidArgumentException: Configured base URL should include the protocol string: in /var/www/atom-2.10.1/plugins/arCasPlugin/lib/arCAS.class.php on line 50
so it looks like it's a mandatory parameter.
Reply all
Reply to author
Forward
0 new messages