This is a OmniAuth 2.1+ compatible port of the previously available OmniAuth CAS strategy that was bundled with OmniAuth 0.3.
Add this line to your application's Gemfile:
gem 'omniauth-cas'
And then execute:
$ bundle
Or install it yourself as:
$ gem install omniauth-cas
Use like any other OmniAuth strategy:
Rails.application.config.middleware.use OmniAuth::Builder do
provider :cas, host: 'cas.yourdomain.com'
endOmniAuth CAS requires at least one of the following two configuration options:
url- Defines the URL of your CAS server (i.e.https://example.org:8080)host- Defines the host of your CAS server (i.e.example.org).
Other configuration options:
-
port- The port to use for your configured CAShost. Optional if usingurl. -
ssl- TRUE to connect to your CAS server over SSL. Optional if usingurl. -
service_validate_url- The URL to use to validate a user. Defaults to'/serviceValidate'. -
callback_url- The URL custom URL path which CAS uses to call back to the service. Defaults to/users/auth/cas/callback. -
logout_url- The URL to use to logout a user. Defaults to'/logout'. -
login_url- Defines the URL used to prompt users for their login information. Defaults to/loginIf nohostis configured, the host application's domain will be used. -
uid_field- The user data attribute to use as your user's unique identifier. Defaults to'user'(which usually contains the user's login name). -
ca_path- Optional whensslistrue. Sets path of a CA certification directory. See Net::HTTP for more details. -
disable_ssl_verification- Optional whensslis true. Disables verification. -
merge_multivalued_attributes- When set totruereturns attributes with multiple values as arrays. Defaults tofalseand returns the last value as a string. -
on_single_sign_out- Optional. Callback used when a CAS 3.1 Single Sign Out request is received. -
fetch_raw_info- Optional. Callback used to return additional "raw" user info from other sources.provider :cas, fetch_raw_info: Proc.new { |strategy, opts, ticket, user_info, rawxml| return {} if user_info.empty? || rawxml.nil? # Auth failed extra_info = ExternalService.get(user_info[:user]).attributes extra_info.merge!({'roles' => rawxml.xpath('//cas:roles').map(&:text)}) extra_info }
Configurable options for values returned by CAS:
uid_key- The user ID data attribute to use as your user's unique identifier. Defaults to'user'(which usually contains the user's login name).name_key- The data attribute containing user first and last name. Defaults to'name'.email_key- The data attribute containing user email address. Defaults to'email'.nickname_key- The data attribute containing user's nickname. Defaults to'user'.first_name_key- The data attribute containing user first name. Defaults to'first_name'.last_name_key- The data attribute containing user last name. Defaults to'last_name'.location_key- The data attribute containing user location/address. Defaults to'location'.image_key- The data attribute containing user image/picture. Defaults to'image'.phone_key- The data attribute containing user contact phone number. Defaults to'phone'.
Given the following OmniAuth 0.3 configuration:
provider :CAS, cas_server: 'https://cas.example.com/cas/'Your new settings should look similar to this:
provider :cas,
host: 'cas.example.com',
login_url: '/cas/login',
service_validate_url: '/cas/serviceValidate'If you encounter problems with SSL certificates you may want to set the ca_path parameter or activate disable_ssl_verification (not recommended).
- Fork it
- Create your feature branch (
git checkout -b my-new-feature) - Commit your changes (
git commit -am 'Added some feature') - Push to the branch (
git push origin my-new-feature) - Create new Pull Request
Special thanks go out to the following people
- Phillip Aldridge (@iterateNZ) and JB Barth (@jbbarth) for helping out with Issue #3
- Elber Ribeiro (@dynaum) for Ubuntu SSL configuration support
- @rbq for README updates and OmniAuth 0.3 migration guide
