after several months without publish comments, I’ll try to take up again this healthy habit :). I’ll try to explain several steps to get CAS integrated with Typo3 without going into details.
My partners and I have installed CAS and Typo3 and we’ve integrated them. In order to do this, you should have the following running:
- CAS installed and running on application server. We’ve installed CAS on Apache Tomcat 5.5.17 and integrated with LDAP. We have installed esup-cas-server-2.0.7 using LDAP and “uid” as user identifier.
- Typo3 installed and running on another server (or the same, but we don’t recommend it).
Having this environment running, we’ve had to follow the steps:
- Download the esup-PHPCas client from http://esup-phpcas.sourceforge.net/.
- Implement a new Typo3 extension “cas_auth“.
- esup-PHPcas was copied to cas_auth extension in order to be included from my class. CAS client provides this methods:
- client(): Gets a client CAS instance.
- forceAuthentication(): Checks if user is authenticated, if he isn’t redirects to CAS login form.
- getUser(): Gets current authenticated user.
- This extension should extend tx_sv_authbase.
- We have implemented a method getUser(), called on “Logout” and “Login” operations. That method invokes CAS client methods which authenticate user, calling to forceAuthentication() method that redirects to login form if user hasn’t a valid session.
- cas_auth has the property BE_enableSSO, which, if it’s set, allows to authenticate on backend if user exists both on fe_users and be_users tables.
- We have added the new class as a service:
t3lib_extMgm::addService($_EXTKEY, 'auth' /* sv type */, 'tx_casauth_sv1' /* sv key */,array( 'title' => 'CAS Auth','description' => 'Authentication with CAS','subtype' => $subTypes,'available' => TRUE,'priority' => 80,'quality' => 80,'os' => '','exec' => '','classFile' => t3lib_extMgm::extPath($_EXTKEY).'sv1/class.tx_casauth_sv1.php','className' => 'tx_casauth_sv1', ));
- Implement a new Typo3 plugin.
- We’ve named this extension caslogin.
- That extension shows a link to CAS login form if user isn’t authenticated and a link to logout if user has a valid session.
- There is another option that allows to set up caslogin form with a IFRAME on your site.
- That plugin should be added to the page where you want to validate user (showing login form or showing welcome text :)).
- One “cas server” record should exist on site main sysfolder. Cas server is provided by “cas_auth“. Cas server defines:
- Server name: Base url where Apache Tomcat serves our CAS instance.
- Server port: Port where Apache Tomcat serves our CAS instance.
- Log path: Complete path for cas client logging.
- Cas servlet: Relative uri where Apache Tomcat serves our CAS instance.
- URL to come back from CAS: Url used by CAS login form to come back to Typo3 site.
- At least, one caslogin plugin added to one page (it could be good idea to add caslogin plugin as TypoScript Object Path over all pages).
- ldap_server, ldap_lib and ldap_sync should be installed and configured on Typo3.
When user accesses to site the sequence is:
- User goes to home page (which must have a caslogin plugin configured).
- Typo3 checks if user is authenticated on caslogin.
- CAS login form is shown on home page depending on configuration.
- User fills in his/her username and password.
- If username and password are correct, CAS login form redirects to Typo3 check login page, which can be any page that receives several “GET” variables, for example: