Lunikon
05-26-2009, 07:36 PM
Hi everybody,
I'm currently attempting to build a CAS authentication plugin from scratch. For those who've never heard of CAS, a short introduction: CAS stands for Central Authentication Service and is a protocol for Single-Sign-On. If a user tries to access a page that requires authentication, he's redirected to the CAS server were he logs in. Afterwards he's sent back to the original page he wanted to visit, carrying along a ticket granted by CAS. The client (the page he wants to visit) checks with the CAS server whether the ticket is valid and if so, the server returns at least a user name of the logged in user.
My plugin handles this part already (all using phpCAS, http://www.ja-sig.org/wiki/display/CASC/phpCAS): If a page requires authentication, the user can do so with CAS and return to vB. His CAS username is available and I can load the respective user from the database.
My question is how I can tell vB to use the loaded user as the one currently logged in. Note that vB's original login-system is completely bypassed. Whether the user is logged in or not is completely dependent on whether a CAS-username is available.
I put my CAS-specific code in the init_startup-hook before anything else happens. There I tried to either override cookie values (writing the user-id and the password to $vbulletin->GPC for the session-init to use the values) or to init a new session before it is done in init.php. Neither approach was successfull.
Can anybody provide me with the last bit of information? What am I missing?
I'm currently attempting to build a CAS authentication plugin from scratch. For those who've never heard of CAS, a short introduction: CAS stands for Central Authentication Service and is a protocol for Single-Sign-On. If a user tries to access a page that requires authentication, he's redirected to the CAS server were he logs in. Afterwards he's sent back to the original page he wanted to visit, carrying along a ticket granted by CAS. The client (the page he wants to visit) checks with the CAS server whether the ticket is valid and if so, the server returns at least a user name of the logged in user.
My plugin handles this part already (all using phpCAS, http://www.ja-sig.org/wiki/display/CASC/phpCAS): If a page requires authentication, the user can do so with CAS and return to vB. His CAS username is available and I can load the respective user from the database.
My question is how I can tell vB to use the loaded user as the one currently logged in. Note that vB's original login-system is completely bypassed. Whether the user is logged in or not is completely dependent on whether a CAS-username is available.
I put my CAS-specific code in the init_startup-hook before anything else happens. There I tried to either override cookie values (writing the user-id and the password to $vbulletin->GPC for the session-init to use the values) or to init a new session before it is done in init.php. Neither approach was successfull.
Can anybody provide me with the last bit of information? What am I missing?