Add CAS authentication to Caveman Web Application.
Use CL-CAS system (https://github.com/fferrere/cl-cas)
Provide :
- Authentication by default for the entire application
- Access to CAS user name and attribtues
- CAS Logout
- git clone https://github.com/fferrere/cl-cas
- git clone https://github.com/fferrere/cas-middleware
- Add cas-middleware system to your Caveman project (asd file)
:depends-on ("cas-middleware" ...)
- Add config data to /src/config.lisp
- Add middleware to /app.lisp
- lack.middleware.auth.cas : mandatory for caveman
- cm : to use cas-logout and cas-authenticated-user functions
By default all routes requires authenticated session, but you can exclude some routes, like a Welcome page.
- [Required] :cas-server-url, URL of the CAS server
- [Required] :app-url, URL of your app. Used when your app is behind a proxy
- [Optional] :app-logout-url, URL sent to the CAS server during logout. The cas server may then redirect to this URL.
- [Optional] :app-disable-sso, if t disable single sign-on (SSO). Default is nil = SSO on.
- [Optional] :app-excludes, Excludes path URI from CAS authentication (public pages)
Example (SSO : On - No excludes routes) :
(defconfig |development|
`(:cas (:cas-server-url "https://casserver.herokuapp.com/cas"
:app-url "http://localhost:5000")))
Example (SSO : On - Excludes routes) :
(defconfig |development|
`(:cas (:cas-server-url "https://casserver.herokuapp.com/cas"
:app-url "http://localhost:5000"
:app-excludes ("/"))))
Example (SSO Off, force authentication - No excludes routes) :
(defconfig |development|
`(:cas (:cas-server-url "https://casserver.herokuapp.com/cas"
:app-disable-sso t))))
- CAS_URL : The cas server URL, default to "https://casserver.herokuapp.com/cas"
- APP_URL : The CAS-DEMO web app URL. Default to "http://localhost:5000"
- APP_LOGOUT_URL : The CAS-DEMO logout URL. Default to "http://localhost/demo/logout"
- APP_EXCLUDES : List of paths of the web app excluded from CAS authentication (public pages). Default "/ /logout"
Example into Caveman config.lisp file :
(defconfig |production|
`(:cas (:cas-server-url ,(uiop:getenv "CAS_URL")
:app-url ,(uiop:getenv "APP_URL")
:app-logout-url ,(uiop:getenv "APP_LOGOUT_URL")
:app-excludes ,(uiop:split-string (uiop:getenv "APP_EXCLUDES")))))
Exemple :
(builder
(:static
:path (lambda (path)
(if (ppcre:scan "^(?:/images/|/css/|/js/|/robot\\.txt$|/favicon\\.ico$)" path)
path
nil))
:root *static-directory*)
(if (productionp)
nil
:accesslog)
(if (getf (config) :error-log)
`(:backtrace
:output ,(getf (config) :error-log))
nil)
:session
(if (productionp)
nil
(lambda (app)
(lambda (env)
(let ((datafly:*trace-sql* t))
(funcall app env)))))
(:auth-cas :config (getf (config) :cas))
*web*)
CAS-Middleware stores user name and attributes into Caveman session. To get this data, use :
(multiple-value-bind (username attributes) (cas-authenticated-user *session*)
<body>
)
(cas-logout *session*)
If redirect-url is supported bye the server
(cas-logout *session* redirect-url)
See https://github.com/fferrere/cas-demo
- Frédéric FERRERE (frederic.ferrere@gmail.com)
Apache-2.0 (https://www.apache.org/licenses/LICENSE-2.0)