UC Davis College of Agricultural & Environmental Sciences
Personal tools

members

Feb 03, 2010

How to add CAS Authentication

by Tyler Randles — last modified Feb 03, 2010 09:40 AM
  1. To bring setting up Plone for CAS authentication we need to install an add on, so navigate to the portal_quickinstaller
    cas00.jpg
  2. Now install UI for CAS Login (Castle)
    cas01.jpg
  3. Navigate to acl_users and add CAS Auth Helper
    cas02.jpg
  4. Both the Id and Title are Kerberos
    cas03.jpg
  5. Kerberos will now appear in /PloneSite/acl_users/ like bellow
    cas04.jpg
  6. Click on Kerberos and select Authentication, Challenge, Reset Credentials, and Extraction
    cas05.jpg
  7. Click the properties tab for the Kerberos object and set these values:
    • https://cas.ucdavis.edu:8443/cas/login
    • https://cas.ucdavis.edu:8443/cas/logout
    • https://cas.ucdavis.edu:8443/cas/validate
    cas06.jpg
  8. Now customize the login_form inside /Plonesite/portal_skins/plone_login
    cas07.jpg
  9. The reason we need to customize the login_form, is to that it redirects to CAS
    <div metal:fill-slot="main"
         tal:define="auth nocall:here/acl_users/credentials_cookie_auth|here/cookie_authentication|nothing;
                     came_from request/came_from|request/HTTP_REFERER|nothing;
                     came_from python:test(utool.isURLInPortal(came_from), came_from, None);
                     errors options/state/getErrors;
                     ac_name auth/name_cookie|string:__ac_name;
                     ac_password auth/pw_cookie|string:__ac_password;
                     ac_persist auth/persist_cookie|nothing;
                     login_name python:request.get('login_name', request.get(ac_name, ''));">
    
    
    <p i18n:translate="description_no_account"
       tal:define="join python:[a['url'] for a in actions['user'] if a['id']=='join']"
       tal:condition="python: join and checkPermission('Add portal member', here)">
    
    If you do not have an account here, head over to the
    
    <span i18n:name="registration_form">
        <a href=""
           tal:define="join python:join.pop();
                       join join;
                       join python:join+test(join.find('?')==-1, '?', '&amp;')+ztu.make_query(came_from=came_from);"
           tal:attributes="href join"
           i18n:translate="description_no_account_registration_linktext">
            registration form</a></span>.
    
    </p>
    
    <dl class="portalMessage error"
        id="enable_cookies_message"
        style="display:none">
        <dt i18n:translate="">
            Error
        </dt>
        <dd i18n:translate="enable_cookies_message_before_login">
            Cookies are not enabled. You must enable cookies before you can log in.
        </dd>
    </dl>
    
    <div tal:condition="python: not auth" i18n:translate="login_form_disabled">
        While cookie authentication is disabled, cookie-based login is not available.
    </div>
    
    
    <metal:login define-macro="login">
    
        <fieldset id="login-form">
    
            <legend i18n:translate="heading_sign_in">Kerberos Authentication</legend>
    
            
    
            <div class="field login">
    
                
                    <metal:portlets define-slot="portlets_one_slot">
                      <tal:block replace="structure provider:plone.leftcolumn" />
                    </metal:portlets>
    
            </div>
    
            
        </fieldset>
    
    
    </metal:login>
    
    </div>
    cas08.jpg
  10. Now we are done in the ZMI! Now lets head over to Plone http://plonesite.com/login_form.  While nothing is there now have no worries! Click Manage Portlets.
    cas09.jpg
  11. Add the CAS login portlet
    cas10.jpg
  12. Now we must go through the motions and click save
    cas11.jpg
  13. Almost done, the last thing to do it give it a good test! So click login and it should redirect you to CAS.
    cas13.jpg
  14. If it says logout then job well done!
    cas14.jpg
  15. Question? Comment? We have a comments area and we welcome them!