I noticed a few messages in the CAS archives from March about using CAS and TWiki that had no resolution. We have recently been looking at CAS and were going to try and integrate TWiki into that framework. We already had TWiki configured to use Apache auth via mod_ldap and it was working with some minor restrictions.
We kept running into stumbling blocks when trying to set up mod_cas from Case Western (http://wiki.case.edu/CAS) as the auth source. Today, we finally got a break and found the proper setup. After initial testing, we verified that mod_cas was working properly with a set of static resources. However, when we tried adjusting the auth for Twiki from using mod_ldap to mod_cas, the initial pages would work, but then the subsequent included pages wouldn't. Everything was pointing at the ticket not being sent in requests to those pages. The answer came when I stumbled across this page about Shibbolizing TWiki: https://mams.melcoe.mq.edu.au/zope/mams/pubs/Installation/shib-twiki/document_view I decided to give it a stab and just adapt where they had used Shibboleth to mod_cas. It appears that we were trying too much by protecting the entire TWiki tree. All we really needed to protect was /twiki/bin/logon, /twiki/bin/register, and /twiki/bin/view/TWiki/TWikiRegistration. If you aren't accepting registration and have it disabled, then you really only need to protect /twiki/bin/logon. After making these minor changes we are able to authenticate users via CAS. All page access restrictions are provided by the TWiki Access Control. This little shift gave us everything we were looking for. In addition, it restored the Logout functionality of TWiki that you lose if you are using basic auth (LDAP or .htaccess) over the entire tree. Just thought I would share in case anyone else is looking for this information. Dallas -- Dallas Wisehaupt Systems Administrator [EMAIL PROTECTED] The University of Scranton _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
