Provides authentication to a cas_server. Cas authentication works as a filter
on each HTTP request. If ticket
parameter is provided, CAS request must be
created and validated.
If you use cas_server and CasClient on same app, it will not create an HTTP request and directly proxy the request through Rack.
Here is some example code that you must add into your service provider
ApplicationController
for checking` cas request. You have to implement some
simple local authentication if you don't want to query CasServer at every
request (= Cas in Gateway mode). Usually you need local User table to store
application business logic that is not supposed to be sharable between apps.
class ApplicationController < ActionController::Base
before_filter :check_cas_request
helper_method :login_url
def login_url(params = {})
cas_request.login_url(params).to_s
end
private
def authenticate!(profile)
# find or create from response profile and sets the user's id into
# session.
end
def check_cas_request
return unless CasClient::Request.validable?(params)
self.current_user = nil
response = cas_request.validate
if response.is_a?(CasClient::Response::Success)
authenticate!(response.profile)
redirect_to(cas_request.service_url.to_s) # we redirect for removing ticket parameter
else
redirect_to(login_url(:renew => true))
end
end
def cas_request
@cas_request ||= CasClient::Request.new(cas_service_url, params, cas_service_provider)
end
# The service provider is an instance for cas_server URL mapping.
def cas_service_provider
@cas_service_provider ||= CasClient::ServiceProvider::Base.new('http://my_cas_server.example.com/')
end
def cas_service_url
request.get? && !request.xhr? ? request.url : root_url
end
end
If you want to use SSL, add following line to your production.rb
:
CasClient::ServiceProvider::Base.ssl = true
If you need to use static URLs for some services (for example if your have
firewall issues), you can specify it into your production.rb
:
CasClient::ServiceProvider::Base.use_static_url_for(:validate, 'http://localhost:3042')
Here we use a static URL for :validate
action. Note that you can't yet change
URL path. Here is all actions to cas_server that you can configure:
:edit_profile
(/identities/:id/edit
) : URL for editing user's profile (not in cas API reference).:login
(/cas/login
) : Signin URL.:logout
(/cas/logout
) : Logout URL.:signup
(/identities/new
) : Signup URL (not in cas API reference).:validate
(/cas/serviceValidate
) : URL for validating ticket (internal request).
Then you have access from a CasClient::Request
instance to this methods:
edit_profile_url
, login_url
, logout_url
, signup_url
.
All methods above can take extra parameters. Example:
cas_request.login_url(:auth => 'facebook')
=> http://example.com/cas/login?auth=facebook
Copyright (c) 2009 Alexis Toulotte, Dimelo Licenced under MIT