Connect middleware for node CAS client
JavaScript
Clone or download
Jason Templeton
Jason Templeton 1.8.1
Latest commit 1d87a5e Jan 24, 2018
Permalink
Failed to load latest commit information.
example Example app with CAS-authenticated login, display of the CAS username… May 18, 2014
lib
test
.gitignore
.travis.yml Added travis.yml Oct 7, 2015
LICENSE Update LICENSE Aug 7, 2013
README.md Merge pull request #29 from boutell/master Feb 11, 2016
index.js fixing tests, forgot req.session.name -> req.session.user is a breaki… Feb 4, 2014
package.json

README.md

Build Status

Connect CAS

Connect cas is a connect-based middleware that allows you to authenticate through a CAS 2.0+ server. It supports the gateway auth, single sign-out, and proxying other CAS clients.

Adapted from https://github.com/jmarca/cas_validate

Installation

npm install connect-cas

Options

Many of these options are borrowed from node's url documentation. You may set global options through the .configure() method or override them with any of the exposed middleware.

  • procotol The protocol to communicate with the CAS Server. Defaults to 'https'.
  • host CAS server hostname
  • port CAS server port number. Defaults to 443.
  • gateway Send all validation requests through the CAS gateway feature. Defaults to false.
  • paths
    • serviceValidate Path to validate TGT
    • proxyValidate Path to validate PGT (not implemented)
    • proxy Path to obtain a proxy ticket
    • login Path to the CAS login

Usage

var cas = require('connect-cas');
var connect = require('connect');

connect()
  .use(connect.cookieParser('hello world'))
  .use(connect.cookieSession()) // or whatever session store
  .use(cas.serviceValidate())
  .use(cas.authenticate())

Complete Example

A more complete example of a simple Express app that uses CAS for login, displays the CAS username, and offers a logout link can be found in the example folder. You'll need to copy example/app.js to your own folder and install its dependencies:

npm install express
npm install connect-cas

Express is required only for the example app. It is not required for connect-cas.

Proxy Tickets

To proxy services, you can configure the serviceValidate middleware like below:

connect()
  ...
  .use(cas.serviceValidate({pgtUrl: '/pgtCallback'}))
  .use(cas.proxyTicket({targetService: 'https://service-to-proxy/blah'});
  ...

The proxy granting ticket value will be available in req.session.pgt and a hash of proxy tickets are available in req.pt. You may then append that proxy ticket manually to the services you wish to proxy. To reuse the proxy tickets, see #25.

You may also pass in an absolute url if you wish for the pgtCallback to be in a separate app. If so, pass in an additional pgtFn:

connect()
.use(cas.serviceValidate({pgtUrl: 'https://some-server.com/pgtCallback', pgtFn:function(pgtIou, cb){
  // given the pgtIou, retrieve the pgtId however you can.  Then call ...
  cb(err, 'PGT-thepgtid');
}));

Notes

  • If you are behind an https proxy, be sure to set X-Forwarded-Proto headers. Connect-cas uses it to infer its own location for redirection.

License

MIT

NPM