The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
|
|||||||
|
#1
05-26-2009, 07:36 PM
|
|||
|
|||
Building CAS authentication plugin: How to let vB know about authenticated user?
Hi everybody,
I'm currently attempting to build a CAS authentication plugin from scratch. For those who've never heard of CAS, a short introduction: CAS stands for Central Authentication Service and is a protocol for Single-Sign-On. If a user tries to access a page that requires authentication, he's redirected to the CAS server were he logs in. Afterwards he's sent back to the original page he wanted to visit, carrying along a ticket granted by CAS. The client (the page he wants to visit) checks with the CAS server whether the ticket is valid and if so, the server returns at least a user name of the logged in user. My plugin handles this part already (all using phpCAS, http://www.ja-sig.org/wiki/display/CASC/phpCAS): If a page requires authentication, the user can do so with CAS and return to vB. His CAS username is available and I can load the respective user from the database. My question is how I can tell vB to use the loaded user as the one currently logged in. Note that vB's original login-system is completely bypassed. Whether the user is logged in or not is completely dependent on whether a CAS-username is available. I put my CAS-specific code in the init_startup-hook before anything else happens. There I tried to either override cookie values (writing the user-id and the password to $vbulletin->GPC for the session-init to use the values) or to init a new session before it is done in init.php. Neither approach was successfull. Can anybody provide me with the last bit of information? What am I missing? 
|
|
#2
07-15-2009, 12:01 PM
|
|||
|
|||
|
Hi Lunikon,
I have exactly the same problems. Have you solved your problems? My casServer is already running and a simple phpCAS example too. I there a ready solution? I m very interested in this. I m writing my bachelor about SSO and will make some examples for a comany i work for. Best regards Felix
|
|
#3
07-15-2009, 12:28 PM
|
|||
|
|||
|
There is a LDAP modification available IIRC. You can have a look at that one to see how it can be done (it can be done on many different ways).
|
|
#4
07-15-2009, 02:52 PM
|
|||
|
|||
|
waht were the alternatives?
waht is with this thread? https://vborg.vbsupport.ru/showthread.php?t=168418 I think this three methods are sufficient !!! # adduser # login user # logout user "This modification is currently quarantined." Is there a reason? I hope we will find the easiest way. Thanks for your help
|
|
#5
07-15-2009, 02:58 PM
|
|||
|
|||
|
I neverr said you should use LDAP, i only suggested you could take a look at that LDAP modification to see how the login is handled.
If a modification is quarantined, then this is most likely done because of vulnerabilities. Seeing this modification was quarantined in January and the author still has not provided a fix, i doubt it will ever happen.
|
 |
«
Previous Thread
|
Next Thread
»
Linear Mode
|
|
All times are GMT. The time now is 04:56 PM.