byGalicia xa é unha realidade

Despois de duros meses de traballo, no que houbo que xestionar a coordinación, só na parte técnica, en algún momento do desenvolvemento de un equipo amplo, conseguimos publicar http://www.bygalicia.eu.

Síntome especialmente orgulloso de xestionar este proxecto polo que byGalicia poida supoñer para Galicia, a quen sempre estou disposto á axudar, como bo galego. A intención da Consellería de Innovación e Industria é convertela na marca país. Esto pode significar que as empresas galegas que saian ó exterior poidan levar unha marca paraugas detrás súa e lles sexa máis doado entrar en novos mercados.

Este portal non sería posible sen a cooperación de todos os actores que formamos parte do proxecto, por iso me gustaría darlle as grazas ás persoas implicadas no desenvolvemento mesmo:

Grazas ó equipo de traballo da Fundación para o Fomento da Calidade Industrial e Desenvolvemento Tecnolóxico de Galicia, en especial a Toño, polas posibilidades que nos ofreceu para a realización de propostas e a confianza depositada en nós; e a Javi, Julio e Vicente que entraron co proxecto xa comezado pero se implicaron nel como se estivesen dende o primeiro día.

Ademáis gustaríame destacar o traballo de Fernando Beltrán e Andrés Moratinos, de “El nombre de las cosas” e “Exágono” respectivamente, porque sen eles byGalicia non sería o que é hoxe. Verdadeiros cracks!

Finalmente e non menos importantes, agradecer a todos os que en algún momento axudaron a que este proxecto chegara a bo porto: Diego, Iván, Loren e Manuel, con axudas puntuais de Mario e Berto ;), e non me vou esquecer, de nomear a Miriam como parte do equipo nos seus inicios, responsable de que o portal sexa personalizable.

Grazas a todos,

Xavi.

CAS and Typo3 (II)

Hi,

after several months without publish comments, I’ll try to take up again this healthy habit :). I’ll try to explain several steps to get CAS integrated with Typo3 without going into details.

My partners and I have installed CAS and Typo3 and we’ve integrated them. In order to do this, you should have the following running:

  1. CAS installed and running on application server. We’ve installed CAS on Apache Tomcat 5.5.17 and integrated with LDAP. We have installed esup-cas-server-2.0.7 using LDAP and “uid” as user identifier.
  2. Typo3 installed and running on another server (or the same, but we don’t recommend it).

Having this environment running, we’ve had to follow the steps:

  1. Download the esup-PHPCas client from http://esup-phpcas.sourceforge.net/.
  2. Implement a new Typo3 extension “cas_auth“.
  1. esup-PHPcas was copied to cas_auth extension in order to be included from my class. CAS client provides this methods:
  • client(): Gets a client CAS instance.
  • forceAuthentication(): Checks if user is authenticated, if he isn’t redirects to CAS login form.
  • getUser(): Gets current authenticated user.
  1. This extension should extend tx_sv_authbase.
  2. We have implemented a method getUser(), called on “Logout” and “Login” operations. That method invokes CAS client methods which authenticate user, calling to forceAuthentication() method that redirects to login form if user hasn’t a valid session.
  3. cas_auth has the property BE_enableSSO, which, if it’s set, allows to authenticate on backend if user exists both on fe_users and be_users tables.
  4. We have added the new class as a service:
    t3lib_extMgm::addService($_EXTKEY,  'auth' /* sv type */,  'tx_casauth_sv1' /* sv key */,
    array(  'title' => 'CAS Auth',
    'description' => 'Authentication with CAS',
    'subtype' => $subTypes,
    'available' => TRUE,
    'priority' => 80,
    'quality' => 80,
    'os' => '',
    'exec' => '',
    'classFile' => t3lib_extMgm::extPath($_EXTKEY).'sv1/class.tx_casauth_sv1.php',
    'className' => 'tx_casauth_sv1', )
    );
    1. Implement a new Typo3 plugin.
      1. We’ve named this extension caslogin.
      2. That extension shows a link to CAS login form if user isn’t authenticated and a link to logout if user has a valid session.
      3. There is another option that allows to set up caslogin form with a IFRAME on your site.
      4. That plugin should be added to the page where you want to validate user (showing login form or showing welcome text :)).

    Backend configuration:

    • One “cas server” record should exist on site main sysfolder. Cas server is provided by “cas_auth“. Cas server defines:
      • Server name: Base url where Apache Tomcat serves our CAS instance.
      • Server port: Port where Apache Tomcat serves our CAS instance.
      • Log path: Complete path for cas client logging.
      • Cas servlet: Relative uri where Apache Tomcat serves our CAS instance.
      • URL to come back from CAS: Url used by CAS login form to come back to Typo3 site.
    • At least, one caslogin plugin added to one page (it could be good idea to add caslogin plugin as TypoScript Object Path over all pages).
    • ldap_server, ldap_lib and ldap_sync should be installed and configured on Typo3.

    When user accesses to site the sequence is:

    1. User goes to home page (which must have a caslogin plugin configured).
    2. Typo3 checks if user is authenticated on caslogin.
    3. CAS login form is shown on home page depending on configuration.
    4. User fills in his/her username and password.
    5. If username and password are correct, CAS login form redirects to Typo3 check login page, which can be any page that receives several “GET” variables, for example:
    “http://typo3_url/index.php?id=alias&submit=Login&logintype=login”

      Typo3 and CAS

      CAS is the Central Authentification Service. CAS is very useful for developing webs where companies wish to integrate several client services (services offered by independent tools) and offering that services avoiding that clients have to insert login and password several times (one for independent platform). In other words, CAS allows to deploy a Single Sign On among several tools.
      I have installed CAS (using the esup-cas-server) integrated with LDAP. Now, i’m trying to test integration between Typo3 CMS and CAS. By now, i have developed a service and a frontend plugin that allows to redirect to CAS login page and then, using the service, a user can access to Typo3 without authentication on Typo3.

      The following steps will be to improve the frontend plugin to show the CAS login page inside of Typo3, to avoid users to exit from Typo3 to CAS. With this improvement, the full scenario will be:

      1. A user will see public pages as anonymous user. The CMS will show an IFRAME with CAS login page.
      2. If the user wants to access to private contents, the user must introduce username and password on CAS login page.
      3. CAS login page redirects to CMS to log in the user and IFRAME will show the username and a button to log out.
      4. The user will be able to access to all private services and contents to which user has permissions.

      Reference:

      • CAS: http://www.ja-sig.org/products/cas/
      • Typo3: http://www.typo3.org

      Comenzamos!

      Hola, este es el comentario inicial del blog! Hoy es el primero de mis comentarios, espero que no sea el último :D.

      No soy un persona acostumbrada a escribir en blogs con lo que este primer comentario sirve para iniciar mi contacto con el mundo del blogger y ver si soy capaz de acostumbrarme a mantenerlo actualizado.

      Saludos.