Page tree
Skip to end of metadata
Go to start of metadata

Basic information on CAS can be found here: http://kb.iu.edu/data/atfc.html

Here is what I did to switch Hydrant to CAS:

  • Added the devise_cas_authenticatable gem to the Gemfile
  • Appended CAS configuration options to config/initializers/devise.rb and changed authentication keys to [:username] and set case_insensitive_keys and strip_whitespace_keys to the same
  • Forked rubycas-client and modified to work with IU CAS and added this gem to the Gemfile
  • Changed User model by removing all behaviors except cas_authenticatable and removed all attributes except username
  • Modified the existing user database migration adding a username column and index and removed all others except timestamps
  • After database migration change had to drop the databases and rerun the migrations: rake db:drop db:migrate
  • Overrode the cas_authenticatable destroy_user_session route in routes.rb by pointing it at the default devise route to avoid full CAS logout when logging out of Hydrant

Observations

  • Need to write new migrations instead of modifying preexisting ones!
  • CAS guest accounts not working!  (When fixed update Logging in via IU CAS
  • To accomodate multiple authentication schemes and allow switching by configuration only
    • Create minimal User model with username as main field and basic behaviors
    • Create a model for the authentication scheme that extends User and add/override behaviors
    • Detect from configuration which model to use (and similarly which routes to use)
    • Does this mean we need to have a DB schema which includes all possible columns with only a subset used depending on the authentication scheme?
  • IU CAS is different in the following ways:
    • For ticket validation, IU's CAS server changes the following parameters:
      • add cassvc (set to "IU")
      • service -> casurl
      • ticket -> casticket
    • For ticket validation, IU's CAS server returns \r instead of \n in response
  • No labels