dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
b3877e74a9
lemonldap-ng/build/lemonldap-ng/doc/pages/documentation/1.0/authcas.html
Clément Oudot b3877e74a9 Update documentation
2010-11-19 16:47:36 +00:00

161 lines
5.6 KiB
HTML
Raw Blame History

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
lang="en" dir="ltr">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
<!-- metadata -->
<meta name="generator" content="Offline" />
<meta name="version" content="Offline 0.1" />
<!-- style sheet links -->
<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
</head>
<body>
<div class="dokuwiki export">
<h1><a name="cas" id="cas">CAS</a></h1>
<div class="level1">
<table class="inline">
<tr class="row0 roweven">
<th class="col0">Authentication </th><th class="col1"> Users </th><th class="col2"> Password </th>
</tr>
<tr class="row1 rowodd">
<td class="col0 centeralign"></td><td class="col1"> </td><td class="col2"> </td>
</tr>
</table>
</div>
<!-- SECTION "CAS" [1-70] -->
<h2><a name="presentation" id="presentation">Presentation</a></h2>
<div class="level2">
<p>
<acronym title="LemonLDAP::NG">LL::NG</acronym> can delegate authentication to a <acronym title="Central Authentication Service">CAS</acronym> server. This requires <a href="http://sourcesup.cru.fr/projects/perlcas/" class="urlextern" title="http://sourcesup.cru.fr/projects/perlcas/" rel="nofollow">Perl CAS module</a>.
</p>
<p>
<p><div class="notetip"><acronym title="LemonLDAP::NG">LL::NG</acronym> can also act as <a href="../../documentation/1.0/idpcas.html" class="wikilink2" title="documentation:1.0:idpcas" rel="nofollow">CAS server</a>, that allows to interconnect two <acronym title="LemonLDAP::NG">LL::NG</acronym> systems.
</div></p>
</p>
<p>
<acronym title="LemonLDAP::NG">LL::NG</acronym> can also request proxy tickets for its protected services. Proxy tickets will be collected at authentication phase and stored in user session under the form:
</p>
<p>
<code>_casPT</code><strong>serviceID</strong> = <strong>Proxy ticket value</strong>
</p>
<p>
They can then be forwarded to applications trough <a href="../../documentation/1.0/writingrulesand_headers.html#headers" class="wikilink1" title="documentation:1.0:writingrulesand_headers">HTTP headers</a>.
</p>
</div>
<!-- SECTION "Presentation" [71-655] -->
<h2><a name="perl-cas_module_installation" id="perl-cas_module_installation">Perl-CAS module installation</a></h2>
<div class="level2">
<p>
Download the latest version:
</p>
<pre class="code">
wget https://sourcesup.cru.fr/frs/download.php/2476/AuthCAS-1.4.tar.gz
</pre>
<p>
Extract and build the module:
</p>
<pre class="code">
tar zxvf AuthCAS-1.4.tar.gz
cd AuthCAS-1.4/
perl Makefile.PL
make
make test
</pre>
<p>
Install the module:
</p>
<pre class="code">
sudo make install
</pre>
</div>
<!-- SECTION "Perl-CAS module installation" [656-989] -->
<h2><a name="configuration" id="configuration">Configuration</a></h2>
<div class="level2">
<p>
In Manager, go in <code>General Parameters</code> &gt; <code>Authentication modules</code> and choose <acronym title="Central Authentication Service">CAS</acronym> for authentication.
</p>
<p>
<p><div class="notetip">You can then choose any other module for users and password.
</div></p>
</p>
<p>
Then, go in <code><acronym title="Central Authentication Service">CAS</acronym> parameters</code>:
</p>
<ul>
<li class="level1"><div class="li"> <strong>Authentication level</strong>: authentication level for this module.</div>
</li>
<li class="level1"><div class="li"> <strong>Server <acronym title="Uniform Resource Locator">URL</acronym></strong>: <acronym title="Central Authentication Service">CAS</acronym> server <acronym title="Uniform Resource Locator">URL</acronym> (must use https://)</div>
</li>
<li class="level1"><div class="li"> <strong>CA file</strong>: CA certificate used to validate <acronym title="Central Authentication Service">CAS</acronym> server certificate</div>
</li>
<li class="level1"><div class="li"> <strong>Renew authentication</strong>: force authentication renewal on <acronym title="Central Authentication Service">CAS</acronym> server</div>
</li>
<li class="level1"><div class="li"> <strong>Gateways authentication</strong>: force transparent authentication on <acronym title="Central Authentication Service">CAS</acronym> server</div>
</li>
<li class="level1"><div class="li"> <strong><acronym title="Proxy Granting Ticket">PGT</acronym> file</strong>: temporary file where proxy tickets are stored (by default, <code>/tmp/pgt.txt</code>)</div>
</li>
<li class="level1"><div class="li"> <strong>Proxied services</strong>: list of services for which a proxy ticket is requested:</div>
<ul>
<li class="level2"><div class="li"> <strong>Key</strong>: Service ID</div>
</li>
<li class="level2"><div class="li"> <strong>Value</strong> Service <acronym title="Uniform Resource Locator">URL</acronym> (<acronym title="Central Authentication Service">CAS</acronym> service identifier)</div>
</li>
</ul>
</li>
</ul>
<p>
<p><div class="notetip">If no proxied services defined, <acronym title="Central Authentication Service">CAS</acronym> authentication will not activate the <acronym title="Central Authentication Service">CAS</acronym> proxy mode.
</div></p>
</p>
<p>
<p><div class="noteimportant">
If you activate proxy mode, you must create the <acronym title="Proxy Granting Ticket">PGT</acronym> file on your system, for example:
</p>
<pre class="code">
touch /tmp/pgt.txt
</pre>
<p>
</div></p>
</p>
</div>
<!-- SECTION "Configuration" [990-] --></div><!-- closes <div class="dokuwiki export">-->
Reference in New Issue View Git Blame Copy Permalink