Skip to content

silecs/yii2-auth-cas

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

16 Commits
src
src
 
 
.gitignore
.gitignore
 
 
LICENCE.txt
LICENCE.txt
 
 
README.md
README.md
 
 
composer.json
composer.json
 
 

Repository files navigation

yii2-auth-cas

Yii2 library for authentication by CAS, using the library phpCAS.

Usage

  1. Add this to the project with composer require silecs/yii2-auth-cas

  2. Configure the Yii2 application, e.g. in backend/config/main.php :

    return [
    ...
    'modules' => [
        'cas' => [
            'class' => 'silecs\yii2auth\cas\CasModule',
            'config' => [
                'host' => 'ssoserver.example.com',
                'port' => '443',
                'path' => '/idp/profile/cas',
                // optional parameters
                'certfile' => '', // empty, or path to a SSL cert, or false to ignore certs
                'debug' => true, // will add many logs into X/runtime/logs/cas.log
            ],
        ],

  3. Add actions that use this CAS module, e.g. in SiteController :

    public function actionLogin()
{
    if (!Yii::$app->user->isGuest) {
        return $this->goHome();
    }
    return $this->redirect(['/cas/auth/login']);
}

public function actionLogout()
{
    if (Yii::$app->user->isGuest) {
        return $this->redirect(['/cas/auth/logout']);
    }
    return $this->goHome();
}

Notes

The user component that implements yii\web\IdentityInterface will be used to fetch the local profile after querying the CAS server. It means that if User is the App component and CAS returns a username of "bibendum", the authentication will be successful if and only if the result of User::findIdentity("bibendum") is not null.

The action path '/cas/auth/login' starts with the alias of the module, as defined in the application configuration, e.g. 'cas' in 'modules' => [ 'cas' => [ ... ] ].

Testing with a CAS container

Here are some instructions on deploying a Docker CAS server to test this library. This procedure will use the CAS interface of a Shibboleth instance. This was tested on Debian Stretch and Buster (testing).

  1. Install docker from the extra repository at docker.io (I had errors with the older docker from the official Debian repository).

  2. Install docker-compose either from Debian or docker.io.

  3. Git clone https://hub.docker.com/r/unicon/shibboleth-idp/ If using an old docker-compose, then chekout 3c29f10 because later commits require a too recent feature.

  4. Modify docker-compose.yml so that the container won't try to use the port 80, so replace "80:80" with "8080:80".

  5. If your local Yii2 application is not using HTTPS, modify idp/shibboleth-idp/conf/cas-protocol.xml to replace c:regex="https://idptestbed/.*" by c:regex="https?://idptestbed/.*".

  6. Add 127.0.0.1 idptestbed to /etc/hosts, as root.

  7. Configure your Yii2 application to use:

     'host' => 'idptestbed',
 'port' => '443',
 'path' => '/idp/profile/cas',
 'certfile' => false,
 'debug' => true,

  8. Start the containers:

     docker-compose build
 docker-compose run

  9. Go to the login page of your Yii2 app.

  10. Ctrl-C in the containers termainal to end them.

You can modify ldap/users.ldif if you want to add users to the CAS. Don't forget to rebuild the Docker images after this.

About

Authentication by CAS in Yii2

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

7 stars

Watchers

6 watching

Forks

4 forks
Report repository

Releases 5

1.0.7 Latest
Jan 24, 2024
+ 4 releases

Packages

No packages published

Contributors 2

  •  
  •  

Languages