CAS auto login for all apps

[Cahya Dewanta]

This is my 7th day using web2py. I have my CAS working properly. But I
have to manually login with same username to each app. Is this normal?
How to make it automatically once login for all? All apps are on the
same domain. Actually I haven't set anything or change any code. The
new web2py did it for me. What setting I have to append? Thank you.

[pepper_bg]

>I have my CAS working properly.

First, what do you mean by that?

CAS works out of the box. Here is how to test the scenario *I think*
you are describing:

1. From the web interface create three applications app1, app2, app3
(app1 and app2 will be consumers, app3 the CAS provider).

2. In app1 and app2 in db.py replace:

auth = Auth(db, hmac_key=Auth.get_or_create_key())

with this:

auth = Auth(db,cas_provider = 'http://127.0.0.1:8000/app3/default/user/
cas')

3. Go to http://localhost:8000/app3/appadmin/insert/db/auth_user and
create a new user (do first, last, email, password).

4. Go to http://localhost:8000/app1/default/index and hit 'login', (it
should send you to http://127.0.0.1:8000/app3/default/user/cas/login?service=http://localhost:8000/app1/default/user/login)
and login with the credentials from step 3.

5. Go to http://localhost:8000/app2/default/index and hit 'login' - it
should AUTOMATICALLY log you in without asking for email/password

Works for me. If your consumers are not running from the same server
you may have to do extra stuff but first see if the above works.

[Cahya Dewanta]

Thank you :)

'CAS is working properly' by my little understanding is I'm able to
login to each app with one single id, though I have to manually
provide credentials data once again to each app.

I've followed your sample and it works. Then I change the adapter to
MySQL. Setting up all DAL to refer to one single database.

I go to http://127.0.0.1:8000/app1/default/index and I get
InternalError: (1050, u"Table 'auth_user' already exists").
So I set auth.define_tables(migrate=False) of the consumers and am
able to enter app1/default/index. I click login then I get
InternalError: (1054, u"Unknown column 'auth_user.username' in 'field
list'").

What do I miss here? Thank you again.

[Anthony]

On Wednesday, November 9, 2011 8:44:39 AM UTC-5, Cahya Dewanta wrote:

I've followed your sample and it works. Then I change the adapter to
MySQL. Setting up all DAL to refer to one single database.

With CAS each app should have its own db with its own Auth tables. The auth_user data from the provider app will be copied to the consumer app. See the documentation: http://web2py.com/book/default/chapter/08#Central-Authentication-Service.

Anthony 

[pepper_bg]

Yes, the fact that your applications are sharing a DB connection
already means that you don't need CAS. Can you describe what you are
trying to do?

[Cahya Dewanta]

Hello Anthony. I begin to think that I do the wrong approach for my
system. In my understanding, 3 different databases would make 3
different user registrations. Is it?

[Cahya Dewanta]

pepper_bg, my project is exactly the same with your samples above
except I'm using MySQL. I have 3 apps and one registration should be
enough to access those all apps. I try to avoid different
registrations and different logins. One login, one username for all.
What approach should I do then?

[Cahya Dewanta]

And that's why I'm sharing the database connection. In my
understanding, one registration is one database. I prefix the tables
to know what tables belongs to what apps.

[pepper_bg]

> One login, one username for all.
> What approach should I do then?

You seem to be already on the right track:

1. Make your applications share a DB. You are already doing this
auth.define_tables(migrate=False). Debug that error you are getting or
post here the complete trace.

2. Make them share sessions via the DB, read around this line

session.connect(request, response, db, masterapp=None)

here http://web2py.com/book/default/chapter/04#session

Read just to have an idea what you are doing -
http://web2py.com/book/default/chapter/08#Customizing-Auth

[Cahya Dewanta]

Thank you. I'll get your directions and will post the result to inform.

[Anthony]

If you're using CAS, the registrations (and logins) would all happen in the provider app, but the consumer apps would also have auth_user tables -- any common fields would simply get copied over from provider to consumer.

 

[Cahya Dewanta]

pepper_bg. I just realize like you mentioned before that I don't need
CAS since I'm sharing the database. Once I set
session.connect(request, response, db, masterapp='app3') it works! It
even autologin to all apps once I login. No clicking login button.
Once logout will logout all apps too. Something that I was looking
for.

Thank you for your assistant, really appreciate it :)

[Cahya Dewanta]

Anthony. Just tried and indeed it works. Can I combine it with
pepper_bg's tips so I get the same behaviour? Once login will
autologin all apps if we visit them. I still need to click login
button right now.

[Anthony]

I'm not sure. When using CAS, you might still have to explicitly click login to be logged in via CAS.

Another thing to keep in mind -- when you store sessions in the DB, sessions are no longer locked during each request as they are when stored on the filesystem. This means if the same users sends two nearly simultaneous requests that use the session (which may happen with Ajax components on the page), you could get a race condition with the session.

Anthony

[pepper_bg]

>I still need to click login
> button right now.

Just add
@auth.login_required
on top of the controller functions you want to auto login from in the
consumers and if you are logged in at the CAS provider you will get
logged in here as well (I believe this what you are describing you
want to do now but not 100% sure).

[Cahya Dewanta]

pepper_bg. You mean @auth.requires_login() ? Cos it works and you are
100% right about what I'm trying to describe :) Thanks!

Anthony. Thanks again. It seems separating databases and using CAS is
the most suitable for my system.