As of the current version, Casrack the Authenticator only supports the most basic of CAS scenarios: it requires CAS authentication if it receives a 401 Unauthorized response from lower-down in the Rack stack, and it stores the authentication token in the session (so logout happens when users close their browers). Casrack the Authenticator is a very open-minded beast, though, so please contribute (well-tested) additions to do proxy-authentication and single-sign-out, or for anything else you desire.
[sudo] gem install casrack_the_authenticator
2: set up the middleware:
# in your rackup: use CasrackTheAuthenticator::Simple, :cas_server => "http://cas.mycompany.com/cas" # or "config.middleware.use" if you're on Rails
See CasrackTheAuthenticator::Configuration for specifics on that Hash argument.
3: optionally install CasrackTheAuthenticator::RequireCAS if you want every request to require CAS authentication:
# in your rackup: use CasrackTheAuthenticator::Simple, :cas_server => ... use CasrackTheAuthenticator::RequireCAS # or "config.middleware.use" if you're on Rails
4: pull the authenticated CAS username out of the Rack session:
# in a Rack app: def call(env) user = cas_user(env) ... end def cas_user(env) username = Rack::Request.new(env).session[CasrackTheAuthenticator::USERNAME_PARAM] User.find_by_username(username) end # or, in a Rails controller: def cas_user username = Rack::Request.new(request.env).session[CasrackTheAuthenticator::USERNAME_PARAM] User.find_by_username(username) end
Disconnected (Fake) Mode
I've often found myself working on a CAS-ified project while away from the office and unable to access the CAS server. To support this type of disconnected development, just substitute in the CasrackTheAuthenticator::Fake middleware. It acts like CasrackTheAuthenticator::Simple, but it uses HTTP Basic authentication against a preset list of usernames.
A common pattern for Rails apps is to create a disconnected environment:
1: set up [rails_root]/config/database.yml
development: &DEV adapter: sqlite3 database: db/development.sqlite3 pool: 5 timeout: 5000 # development mode when disconnected from MITRE disconnected: <<: *DEV
2: set up [rails_root]/config/disconnected.rb:
load './development.rb' config.middleware.swap 'CasrackTheAuthenticator::Simple', CasrackTheAuthenticator::Fake, 'jimbob', 'sueann'
3: run in disconnected mode:
script/server -e disconnected
4: login as 'jimbob' or 'sueann'
Passwords are ignored.