[horde] Horde Imp CAS Authentication

Xavier Montagutelli xavier.montagutelli at unilim.fr
Wed Nov 2 17:37:07 UTC 2011


Hi Laura,

On Thursday 27 October 2011 19:54:07 Laura McCord wrote:
> Xavier,
> 
> I have a question about the conf.php file. I am stuck on the SSL CA
> Cert. Do I put the path of my horde server .crt file or do I put in the
> path to my CAS server certificates?  And if it's the cas server does
> that mean the path to cacerts?
> 
> I received the following error:
> 
> "could not open URL .... (CURL error #77: Problem with the SSL CA cert
> (path? access rights?)) [Client.php:2595]"

(I was on vacation the past days)

$conf['auth']['params']['cas_cacert'] indicates the path, local to your horde 
server, to a file containing the certificate of the CA having issued the 
certificate of the CAS server. Or the certificate of the root authority if 
intermediate CA are in the chain.

i.e. if the certificate of your CAS server is ultimately signed by "GTE 
CyberTrust Global root", you should be able to indicate 
"/etc/ssl/certs/GTE_CyberTrust_Global_Root.pem" if you are under Debian. 

This parameter is directly passed to the phpCAS library 
(phpCAS::setCasServerCACert). I suppose the file can be a bundle of known 
certificates. 

In practice, you can also try to put the complete chain (AC 1 -> AC 2 -> root 
AC) in the file, if intermediate authorities are involved.

If you have problems with it, in a step by step approach, you can also leave 
it blank : no verification of the CAS server certificate will be made. 

HTH,

> 
> Thanks,
>   Laura
> 
> On 10/26/11 6:50 AM, Xavier Montagutelli wrote:
> > On Tuesday 25 October 2011 12:03:58 Maciej Uhlig wrote:
> >> W dniu 2011-10-25 10:48, Jan Schneider pisze:
> >>> Zitat von Laura McCord<mccordl at southwestern.edu>:
> >>>> Hi,
> >>>> 
> >>>> I am trying to perform Horde WebMail authentication using CAS. I was
> >>>> wondering if this documentation is still relevant  that is found here
> >>>> (Horde 3):
> >>>> http://wiki.horde.org/CASAuthHowTo
> >>>> http://www.esup-portail.org/display/PROJHORDE/Installation+de+Horde-we
> >>>> bm ail
> >>> 
> >>> Not for Horde 4.
> >> 
> >> As far as I can see the second link above points to installation with
> >> Horde 4 information too.
> >> 
> >> MU
> > 
> > We have developed a new driver to authenticate users against a CAS
> > server. The driver is still in a "rough" shape, but it is useable. I am
> > afraid I can't afford spending more time on this project right now, I
> > hope it will be enough for you.
> > 
> > The documentation is in english if you retrieve the whole SVN project
> > http://subversion.cru.fr/esup-horde/trunk
> > 
> > Feel free to post on this list or directly to me if you need help.
> > 
> > HTH,

-- 
Xavier Montagutelli
http://twitter.com/#!/XMontagutelli
Service Commun Informatique - Universite de Limoges
123, avenue Albert Thomas - 87060 Limoges cedex
Tel : +33 (0)5 55 45 77 20 /   Fax : +33 (0)5 55 45 75 95


More information about the horde mailing list