CAS SSO Login for foswiki
Uses JA-SIG CAS
Single Sign On infrastructure for foswiki authentication.
If the user has already authenticated at the SSO, the user will not need to enter their password again.
This Authentication infrastructure can be coupled together with an external
User mapper such as Foswiki:Extensions.LdapContrib
, allowing foswiki to 'outsource' its user details.
To activate it, you will specify
security setup section of configure
, and set the
Don't forget to get get the CAS server's
certificate, and add its path into
: in the
can be removed if you're not getting the problem described below)
openssl s_client -cipher RC4-SHA -connect jasig.home.org.au:8443 2>&1 | sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/ p' > ../foswiki/core/jasig.crt
If you get the following error, add
to the command line, and to the expert setting below
sven@quiet:~/src/AuthCAS$ curl -I --insecure https://jasig.home.org.au:8443/login
curl: (35) error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error
If you successfully log into the CAS server, and then get returned to the foswiki with a url containing a
parameter but are not logged in to foswiki, you may be hitting an OpenSSL
issue due to your CAS server's cipher fallbacks. You bay be able to solve this by using the EXPERT
setting found in
. Set the value to
You do not need to install anything in the browser to use this extension. The following instructions are for the administrator who installs the extension on the server.
Open configure, and open the "Extensions" section. Use "Find More Extensions" to get a list of available extensions. Select "Install".
If you have any problems, or if the extension isn't available in
, then you can still install manually from the command-line. See http://foswiki.org/Support/ManuallyInstallingExtensions
for more help.
This is a re-write of the TWiki CASLogin work done by Greg Abbas, Charlie Reitsma and Olivier Berger, and uses Olivier Salaun's