CAS authentication in simpleSAMLphp

426 views
Skip to first unread message

Dominika Tkaczyk

unread,
Feb 12, 2010, 9:11:20 AM2/12/10
to simple...@googlegroups.com
Hello,

I would like to configure simpleSAMLphp IdP to authenticate users in CAS
server and retrieve attributes from LDAP.

I can see there is cas authentication module in svn trunk (modules/cas),
unfortunately it is not present in the latest stable release.

Finally I managed to use the script www/auth/login-cas-ldap.php:

- in IdP metadata I set 'auth' to 'auth/login-cas-ldap.php'
- in getAuthority function in lib/SimpleSAML/Utilities.php I had to change
the line

'auth/login-cas-ldap' => 'login-cas-ldap',

to

'auth/login-cas-ldap.php' => 'login-cas-ldap',

This looks like a bug.
- I configured CAS and LDAP in config/cas-ldap.php

It seems to work now. I would like to ask if this solution is correct. Maybe
there's a better way to enable CAS+LDAP in version 1.5.1?


Regards,
Dominika

Olav Morken

unread,
Feb 12, 2010, 9:51:54 AM2/12/10
to simple...@googlegroups.com
On Fri, Feb 12, 2010 at 15:11:20 +0100, Dominika Tkaczyk wrote:
> Hello,
>
> I would like to configure simpleSAMLphp IdP to authenticate users in
> CAS server and retrieve attributes from LDAP.
>
> I can see there is cas authentication module in svn trunk
> (modules/cas), unfortunately it is not present in the latest stable
> release.

No, it will be included with 1.6, which is due in late February / early
March.

> Finally I managed to use the script www/auth/login-cas-ldap.php:
>
> - in IdP metadata I set 'auth' to 'auth/login-cas-ldap.php'
> - in getAuthority function in lib/SimpleSAML/Utilities.php I had to
> change the line
>
> 'auth/login-cas-ldap' => 'login-cas-ldap',
>
> to
>
> 'auth/login-cas-ldap.php' => 'login-cas-ldap',
>
> This looks like a bug.

Yes, it was. Thanks for letting us know - I have committed a fix for it.

> - I configured CAS and LDAP in config/cas-ldap.php
>
> It seems to work now. I would like to ask if this solution is
> correct. Maybe there's a better way to enable CAS+LDAP in version
> 1.5.1?

No, there isn't a better way with stock 1.5.1. You can download the cas
module from subversion, and use it, but I cannot guarantee that it will
work with 1.5.1.

--
Olav Morken
UNINETT / Feide

Dominika Tkaczyk

unread,
Feb 13, 2010, 5:41:27 AM2/13/10
to simple...@googlegroups.com
Olav Morken napisał(a):

Thank you for the answer, I think the old method is enough now. I will wait
patiently for the next release and the cas module.

Regards,
Dominika

Reply all
Reply to author
Forward
0 new messages