Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
branch: master
Fetching contributors…

Cannot retrieve contributors at this time

87 lines (60 sloc) 2.823 kb

Casrack the Authenticator is a Rack middleware that provides CAS support.

As of the current version, Casrack the Authenticator only supports the most basic of CAS scenarios: it requires CAS authentication if it receives a 401 Unauthorized response from lower-down in the Rack stack, and it stores the authentication token in the session (so logout happens when users close their browers). Casrack the Authenticator is a very open-minded beast, though, so please contribute (well-tested) additions to do proxy-authentication and single-sign-out, or for anything else you desire.

How-To

1: install

[sudo] gem install casrack_the_authenticator

2: set up the middleware:

# in your rackup:
use CasrackTheAuthenticator::Simple, :cas_server => "http://cas.mycompany.com/cas"
# or "config.middleware.use" if you're on Rails

See CasrackTheAuthenticator::Configuration for specifics on that Hash argument.

3: optionally install CasrackTheAuthenticator::RequireCAS if you want every request to require CAS authentication:

# in your rackup:
use CasrackTheAuthenticator::Simple, :cas_server => ...
use CasrackTheAuthenticator::RequireCAS
# or "config.middleware.use" if you're on Rails

4: pull the authenticated CAS username out of the Rack session:

# in a Rack app:
def call(env)
  user = cas_user(env)
  ...
end

def cas_user(env)
  username = Rack::Request.new(env).session[CasrackTheAuthenticator::USERNAME_PARAM]
  User.find_by_username(username)
end

# or, in a Rails controller:

def cas_user
  username = Rack::Request.new(request.env).session[CasrackTheAuthenticator::USERNAME_PARAM]
  User.find_by_username(username)
end

Disconnected (Fake) Mode

I've often found myself working on a CAS-ified project while away from the office and unable to access the CAS server. To support this type of disconnected development, just substitute in the CasrackTheAuthenticator::Fake middleware. It acts like CasrackTheAuthenticator::Simple, but it uses HTTP Basic authentication against a preset list of usernames.

A common pattern for Rails apps is to create a disconnected environment:

1: set up [rails_root]/config/database.yml

development: &DEV
  adapter: sqlite3
  database: db/development.sqlite3
  pool: 5
  timeout: 5000

# development mode when disconnected from MITRE
disconnected:
  <<: *DEV

2: set up [rails_root]/config/disconnected.rb:

load './development.rb'
config.middleware.swap 'CasrackTheAuthenticator::Simple', CasrackTheAuthenticator::Fake, 'jimbob', 'sueann'

3: run in disconnected mode:

script/server -e disconnected

4: login as 'jimbob' or 'sueann'

Passwords are ignored.

Jump to Line
Something went wrong with that request. Please try again.