[cvs] [Wiki] changed: CASAuthHowTo

Wiki Guest wikiguest at horde.org
Tue Jul 4 08:37:22 PDT 2006 

guest [134.58.253.114]  Tue, 04 Jul 2006 08:37:22 -0700

Modified page: http://wiki.horde.org/CASAuthHowTo
New Revision:  2.0
Change log:  phpCAS 0.4.22-RC

@@ -43,8 +43,9 @@
 Connection problems when using horde from CVS [framework_3 20051220]
 Tested succesfully using standard horde release packages [20060620]
 * Horde 3.1.1
 * IMP 4.1.2
+* phpCAS 0.4.22-RC with patches (see below)
 
 
 First, install a basic horde system
 Configure it to use IMAP auth for horde-auth
@@ -57,44 +58,47 @@
 (if you didn't check your "normal" system at this point you will most likely curse if you need to debug, you have been warned...)
 
 
 1) configure Apache
-Apache HAS to be configured to use SSL for horde. It should also trust the certificateS that will be offered by your CAS-server for mutual auth. So you need to feed the certificate of the (root CA of the) CAS server to Apache in its trust directive.
+Apache HAS to be configured to use SSL for horde when using CAS. CAS relies on SSL to make sure it's talking to right server, that and encryption of course.
+PHP (curl) should trust the certificateS that will be offered by your CAS-server. This means you need to feed the certificate of the (root CA of the) CAS server to Apache in its trust directive.
 -----------httpd.conf------------
 SSLCertificateFile /etc/pki/myHORDEserver.pem
 SSLCertificateChainFile /etc/pki/ca_cert.pem
 #added for the trust mechanism----
 SSLCACertificateFile /etc/pki/ca_cert.pem
 #----added
 ---------------------------------
-If you see an error in CAS logs about a missing PGTIou then you did this wrong in this step.
+If you see an error in CAS logs about a missing PGTIou then you did this step wrong.
+
+
+[You may also consider downloading the Horde-CAS package from the ESUP consortium that does every one of the next steps automatically. It is located at http://www.esup-portail.org/consortium/espace/download/horde/]
 
 
 2) install phpCAS library in horde
-NOTE:
-* phpCAS uses domxml for php4.3, php5 means phpCAS will use a conversion class automatically BUT the CAS driver for Horde has be patched: just commenting the check for domxml does the trick ;)
-It is easier to copy the CAS files from the esup-horde package. It contains some horde-specific glue code that you will need in the next step (http://www.esup-portail.org/consortium/espace/download/horde/).
+phpCAS uses domxml for php4.3, php5 means phpCAS will use a conversion class automatically. The Auth driver for Horde checks whether all necessary components are installed.
+K.U.Leuven's Horde-CAS authentication driver is patched to use PHP5. This means the check for domxml is commented out.
+
+download the phpCAS library from http://esup-phpcas.sourceforge.net/
+we used v 0.4.22-RC and fixed these two bugs:
+https://sourceforge.net/tracker/index.php?func=detail&aid=1514416&group_id=88445&atid=586706
+https://sourceforge.net/tracker/index.php?func=detail&aid=1514402&group_id=88445&atid=586706
+(extract the package and)
 [change the path to your horde/php lib dir accordingly]
 mkdir $HORDE_DIR/lib/CAS/ 
--when using the esup-horde package: cp -r source/phpCAS/* $HORDE_DIR/lib/CAS/
--when using a separate phpCAS (http://esup-phpcas.sourceforge.net/): cp -r source/CAS/* $HORDE_DIR/lib/CAS/
+cp -r source/CAS/* $HORDE_DIR/lib/CAS/
 
 
 3) install horde driver and proxyticketReceptor script for phpCAS
-If you do not have it yet, the code can be found in the esup-horde-cas package. It is easier to extract that package and copy it from there.
+K.U.Leuven made these two files public available with some modifications.
+You can download them from http://shib.kuleuven.be/docs/horde3-cas/horde_cas_auth_driver/
 [the CAS auth driver for horde]
 cp $CAS_DIR/cas.php $HORDE_DIR/lib/Horde/Auth/
 [the callback url for the PGT=proxyticketReceptor]
 cp $CAS_DIR/casProxy.php $HORDE_DIR/
 //--
-IMPORTANT NOTES:
-
-If you use the latest phpCAS library (0.4.20+) and you are using the gluecode from the ESUP package, then you need to edit the cas.php:
-every call to isAuthenticated() needs to be replaced by a call to checkAuthentication()
-
-on PHP5: comment the DOM checking in cas.php
-
-on CAS3: change regex matches for "PT" (also) to "ST"
+IMPORTANT NOTE:
+for CAS3: the regex matches to "PT" AND to "ST"
 CAS2: ST, PGT, PT
 CAS3: ST, TGT (PT's are now regular STs and PGTs are now TGTs)
 //--
 
@@ -377,8 +381,4 @@
 * at horde server: logfile of CAS that you specified (needs to be writable by user that runs PHP/horde), possibly apache on SSL errors
 * you might want to check imapproxy logs (also see "pimpstat")
 * at IMAP: /var/log/auth.log and /var/log/syslog
 </code>
-
-
-note:
-we also try to keep some files and documentation about this available at http://shib.kuleuven.be/docs/horde3-cas/

More information about the cvs mailing list