Re: Intergrating a project with PHPCAS for authentication with CAS
OK. Here are the initial instructions for integrating a Scriptcase Project with CAS. Note: For this example, only the Control application is connected to CAS. All of the other applications are set to use security and are turned on for the Scriptcase session in the control app. The big problem with this is if someone wants to Bookmark the Menu application and return, they get the “Unathorised” message displayed on their screen. I set the Security URL to be ‘…/control/control.php’ but that didn’t do anything and it still just displayed the Unauthorized box. I’ll leave that for a later day.
The attached files need to be modified as follows:
cas_defines.php <- Need to insert your CAS server specifics here such as URI of your cas server. ie Replace ‘CAS_SERVER’ with your server like ‘cas.yourdomain.com’
scriptcase_cas.php <- Need to put your own CAS server IP addresses in the handle logout. Note that could be set in the cas_defines.php to make the scriptcase_cas.php more generic
The other files should work as is without modification
This was tested with phpCAS 1.3.0. (Download it and unpack it, then rename its folder as “cas” and place in the project folder on the deployed server and in the app folder on the Scriptcase development server for testing)
Other Caveats - Since Scriptcase is managing the Sessions I found that it was necessary to have each Scriptcase project to be installed to it’s own unique URL especially if there was another phpCAS enabled php app on the same server. This should be able to be sorted using a database for session variables.
Folder Structure on deployed server and in the apps folder under scriptcase on the development server.
Project
Project/control
Project/mainmenu
Project/formapp1
Project/cas
cas_defines.php
scriptcase_cas.php
cas_sessions.php
sessions.php
In the control app the following needs to be added to the ‘onApplicationInit’ event:
$sc_cas_file = '../scriptcase_cas.php';
include($sc_cas_file);
At this point anything after will only run if the person is Authenticated by CAS. ie If you only wanted Authentication to your CAS server then you can run the SC macros:
sc_apl_status ('mainmenu', 'on');
sc_apl_status ('formapp1','on');
Caveat: Using the “Use Security” set to yes in the Scriptcase Application will prevent URL’s being bookmarked deeper into your site from working - at the moment that is the price for this solution.
If you want your app to Authorize the person then I suggest something like this in your control app’s onScriptInit event
I have a table in the database of the default connection called User_Profiles which contains a list of the authorised users. The same approach could be taken with comparing attributes or other ways. (Note 2: My approach below could be improved to make sure that more than 1 is not in the database in case of an attack on the DB/site.)
$casuser = phpCAS::phpCAS::getUser();
sc_lookup(my_data, "SELECT ID FROM User_Profiles WHERE USERNAME='" . $casuser . "'");
if ({my_data} === false)
{
echo "Access error. Message=". {my_data_erro} ;
sc_apl_status ('mainmenu', 'off');
}
elseif (empty({my_data}))
{
echo "You are not authorised to use this application. Please contact the administrator of this site to request authorisation.";
sc_apl_status ('MainMenu', 'off');
}
else
{
echo "Authenticated";
sc_apl_status ('mainmenu', 'on');
sc_apl_status ('formapp1','on');
sc_redir(MainMenu);
}
Anyway I hope this helps anyone else that is wanting to integrate CAS with scriptcase.
Now on to try and accomplish phpCAS proxy mode integrated into Scriptcase for querying a SOAP service for 3 different applications in 2 projects.
scriptcase_cas.php (1.6 KB)
