On Wed, Oct 26, 2011 at 7:25 AM, Joel Goguen <[email protected]> wrote: > I'm trying to figure out how to fetch a user's credentials from clearPass > from a CGI script. Currently, this CGI script is behind a CAS-authenticated > directory (using mod_auth_cas in Apache) but that could change if > needed. I'm trying to use the Perl AuthCAS module, but I'm not having much > luck whether I let Apache handle the CAS authentication or not. > So far, I have been able to (outside a CAS directory) validate a service > ticket ($cas->validateST()) and get a proxy ticket ($cas->receivePT()) and > validate the proxy ticket ($cas->validatePT()), but I'm uncertain of where > to go from there. The proxy callback URL I set in the CGI is another CGI I > wrote that only stores the PGT and PGT IOU in a file using $cas->storePGT(). > I suspect I will need to add the URL for the CGI to the allowedProxyChains > bean in deployerConfigContext.xml as well?
To start you need to make sure you have clearPass installed and configured. https://wiki.jasig.org/display/CASUM/ClearPass https://github.com/wgthom/clearpass-cas Next...the CGIService needs to acquire a PGT when validating the ST. Using the PGT, the CGIService must request a Proxy Ticket for clearPass. Using the PT, CGIService requests username/password from clearPass. CasOwa provides an example of this using the .Net CAS Client: https://github.com/wgthom/CasOwa/blob/master/CasOwaAuthHandler.cs Also note that your CGIService doesn't need to be configured to accepted proxy tickets for authentication in order to use them. Best, Bill > -- > Joel Goguen > Developer > Enterprise Solutions > Integrated Technology Services > University of New Brunswick > E-mail: [email protected] > Phone: (506) 453-4872 > Fax: (506) 453-3590 > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
