{"id":5,"date":"2007-02-07T11:12:19","date_gmt":"2007-02-07T09:12:19","guid":{"rendered":"http:\/\/blogs.igalia.com\/xavi\/?p=5"},"modified":"2007-02-07T11:12:19","modified_gmt":"2007-02-07T09:12:19","slug":"cas-and-typo3-ii","status":"publish","type":"post","link":"https:\/\/blogs.igalia.com\/xavi\/2007\/02\/07\/cas-and-typo3-ii\/","title":{"rendered":"CAS and Typo3 (II)"},"content":{"rendered":"<p>Hi,<\/p>\n<p>after several months without publish comments, I&#8217;ll try to <span style=\"cursor: pointer\">take up again this healthy habit :). I&#8217;ll try to explain several steps to get CAS integrated with Typo3 without <\/span><span style=\"cursor: pointer\">going into details.<\/span><\/p>\n<p>My partners and I have installed CAS and Typo3 and we&#8217;ve integrated them. In order to do this, you should have the following running:<\/p>\n<ol>\n<li>CAS installed and running on application server. We&#8217;ve installed CAS on Apache Tomcat 5.5.17 and integrated with LDAP. We have installed esup-cas-server-2.0.7 using LDAP and &#8220;uid&#8221; as user identifier.<\/li>\n<li>Typo3 installed and running on another server (or the same, but we don&#8217;t recommend it).<\/li>\n<\/ol>\n<p>Having this environment running, we&#8217;ve had to follow the steps:<\/p>\n<ol>\n<li>Download the esup-PHPCas client from <a target=\"_blank\" href=\"http:\/\/esup-phpcas.sourceforge.net\/\">http:\/\/esup-phpcas.sourceforge.net\/.<\/a><\/li>\n<li>Implement a new Typo3 extension &#8220;<em>cas_auth<\/em>&#8220;.<\/li>\n<\/ol>\n<blockquote>\n<ol>\n<li><em>esup-PHPcas<\/em> was copied to <em>cas_auth<\/em> extension in order to be included from my class. CAS client provides this methods:<\/li>\n<\/ol>\n<blockquote>\n<ul>\n<li>client(): Gets a client CAS instance.<\/li>\n<li>forceAuthentication(): Checks if user is authenticated, if he isn&#8217;t redirects to CAS login form.<\/li>\n<li>getUser(): Gets current authenticated user.<\/li>\n<\/ul>\n<\/blockquote>\n<ol>\n<li>This extension should extend <em>tx_sv_authbase<\/em>.<\/li>\n<li>We have implemented a method <em>getUser()<\/em>, called on &#8220;Logout&#8221; and &#8220;Login&#8221; operations. That method invokes CAS client methods which authenticate user, calling to <em>forceAuthentication()<\/em> method that redirects to login form if user hasn&#8217;t a valid session.<\/li>\n<li><em>cas_auth <\/em>has the property <em>BE_enableSSO, <\/em>which, if it&#8217;s set, allows to authenticate on backend if user exists both on <em>fe_users<\/em> and <em>be_users<\/em> tables.<\/li>\n<li>We have added the new class as a service:<\/li>\n<\/ol>\n<ol \/><\/blockquote>\n<blockquote>\n<blockquote>\n<pre>t3lib_extMgm::addService($_EXTKEY,  'auth' \/* sv type *\/,  'tx_casauth_sv1' \/* sv key *\/,<\/pre>\n<pre>array(  'title' =&gt; 'CAS Auth',<\/pre>\n<pre>'description' =&gt; 'Authentication with CAS',<\/pre>\n<pre>'subtype' =&gt; $subTypes,<\/pre>\n<pre>'available' =&gt; TRUE,<\/pre>\n<pre>'priority' =&gt; 80,<\/pre>\n<pre>'quality' =&gt; 80,<\/pre>\n<pre>'os' =&gt; '',<\/pre>\n<pre>'exec' =&gt; '',<\/pre>\n<pre>'classFile' =&gt; t3lib_extMgm::extPath($_EXTKEY).'sv1\/class.tx_casauth_sv1.php',<\/pre>\n<pre>'className' =&gt; 'tx_casauth_sv1', )<\/pre>\n<pre>);<\/pre>\n<\/blockquote>\n<blockquote \/><\/blockquote>\n<ol>\n<li>Implement a new Typo3 plugin.<\/li>\n<ol>\n<li>We&#8217;ve named this extension <em>caslogin<\/em>.<\/li>\n<li>That extension shows a link to CAS login form if user isn&#8217;t authenticated and a link to logout if user has a valid session.<\/li>\n<li>There is another option that allows to set up <em>caslogin <\/em>form with a IFRAME on your site.<\/li>\n<li>That plugin should be added to the page where you want to validate user (showing login form or showing welcome text :)).<\/li>\n<\/ol>\n<\/ol>\n<p>Backend configuration:<\/p>\n<ul>\n<li>One &#8220;cas server&#8221; record should exist on site main sysfolder. Cas server is provided by &#8220;<em>cas_auth<\/em>&#8220;. Cas server defines:<\/li>\n<ul>\n<li>Server name: Base url where Apache Tomcat serves our CAS instance.<\/li>\n<li>Server port: Port where Apache Tomcat serves our CAS instance.<\/li>\n<li>Log path: Complete path for cas client logging.<\/li>\n<li>Cas servlet: Relative uri where Apache Tomcat serves our CAS instance.<\/li>\n<li>URL to come back from CAS: Url used by CAS login form to come back to Typo3 site.<\/li>\n<\/ul>\n<li>At least, one <em>caslogin <\/em>plugin added to one page (it could be good idea to add <em>caslogin<\/em> plugin as TypoScript Object Path over all pages).<\/li>\n<li><em>ldap_server<\/em>, <em>ldap_lib<\/em> and <em>ldap_sync<\/em> should be installed and configured on Typo3.<\/li>\n<\/ul>\n<p>When user accesses to site the sequence is:<\/p>\n<ol>\n<li>User goes to home page (which must have a caslogin plugin configured).<\/li>\n<li>Typo3 checks if user is authenticated on <em>caslogin.<\/em><\/li>\n<li>CAS login form is shown on home page depending on configuration.<\/li>\n<li>User fills in his\/her username and password.<\/li>\n<li>If username and password are correct, CAS login form redirects to Typo3 check login page, which can be any page that receives several &#8220;GET&#8221; variables, for example:<\/li>\n<\/ol>\n<div align=\"center\">&#8220;http:\/\/typo3_url\/index.php?id=alias&amp;submit=Login&amp;logintype=login&#8221;<\/div>\n<ol \/>\n<ol>\n<ol \/><\/ol>\n","protected":false},"excerpt":{"rendered":"<p>Hi, after several months without publish comments, I&#8217;ll try to take up again this healthy habit :). I&#8217;ll try to explain several steps to get CAS integrated with Typo3 without going into details. My partners and I have installed CAS &hellip; <a href=\"https:\/\/blogs.igalia.com\/xavi\/2007\/02\/07\/cas-and-typo3-ii\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":30,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-5","post","type-post","status-publish","format-standard","hentry","category-free-software"],"_links":{"self":[{"href":"https:\/\/blogs.igalia.com\/xavi\/wp-json\/wp\/v2\/posts\/5","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.igalia.com\/xavi\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.igalia.com\/xavi\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.igalia.com\/xavi\/wp-json\/wp\/v2\/users\/30"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.igalia.com\/xavi\/wp-json\/wp\/v2\/comments?post=5"}],"version-history":[{"count":0,"href":"https:\/\/blogs.igalia.com\/xavi\/wp-json\/wp\/v2\/posts\/5\/revisions"}],"wp:attachment":[{"href":"https:\/\/blogs.igalia.com\/xavi\/wp-json\/wp\/v2\/media?parent=5"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.igalia.com\/xavi\/wp-json\/wp\/v2\/categories?post=5"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.igalia.com\/xavi\/wp-json\/wp\/v2\/tags?post=5"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}