I got it working by following your guideline. Thanks a lot.

However, this implementation blocked access to the 'local account' 
authentication method. I feel it desirable to keep the select auth page ( 
/index.php?mode=selectauth ), to allow 'local account' authentication and 
to serve as VCL's home page.

CAS has this module which 
provides API for PHP client. I think phpCAS maybe what I needed but I 
don't have the confidence about the actual plumbing. Could you have a 
quick look of phpCAS and suggest a path to integrate it into VCL?

John Ma
Marist College

From:   Josh Thompson <>
Date:   01/12/2011 01:32 PM
Subject:        Re: CASify VCL 2.2

Hash: SHA1


After doing some reading about CAS, it sounds like it is very similar to a 

home grown web authentication solution we use here at NCSU.  The basic 
idea of 
our system is to protect the vcl directory with a .htaccess file.  If the 
users are not authenticated to our system, they get redirected to an 
authentication server that provides them with an encrypted authentication 
cookie that an apache module on the web server hosting VCL can then 
decrypt to 
verify that the users are authenticated.

I have our system set up so that it gets the userid using that system (it 
sets $_SERVER['REMOTE_USER']).  Then, I connect to our campus ldap server 
look up more information about the user.  However, that part could be 
for you if you only need the userid.  A nice benefit of using ldap is that 
can automatically populate the user into certain groups in VCL so that the 

first time a user logs in, that user will already have access to anything 
or her groups have access to.  Without that, you'll either need to have 
user log in first or manually add an entry for the user to the vcl.user 
before the user can be granted access to anything in VCL.

Here are the first steps I'd suggest to get CAS working with VCL.  Having 
tried it myself, there's probably something I'm missing; so, it may take 
back in forth emails to get it fully worked out.

1) save the attached file (casauth.php) to .ht-inc/authmethods/casauth.php
2) create a new entry in the vcl.affiliation table (I'll call it Marist, 
assume the id associated with the new entry is 3)
3) create a new entry in $authMechs in .ht-inc/conf.php similar to this:

  "Marist CAS" => array("type" => "CAS",
                        "affiliationid" => 3)
4) create entries in $affilValFunc, $addUserFunc, $addUserFuncArgs, 
$updateUserFunc, and $updateUserFuncArgs in .ht-inc/conf.php similar to 

  $affilValFunc = array(1 => create_function('', 'return 0;'),
                        3 => create_function('', 'return 0;'));
  $addUserFunc = array(1 => create_function('', 'return 0;'),
                       3 => 'addCASUser');
  $addUserFuncArgs = array(3 => 'Marist CAS');
  $updateUserFunc = array(1 => create_function('', 'return 0;'),
                          3 => 'updateCASUser');
  $updateUserFuncArgs = array(3 => 'Marist CAS');
5) add require_once(".ht-inc/authmethods/casauth.php"); to the end of .ht-
6) protect the vcl directory on the web server with an appropriate 
file such that users must be authenticated to CAS to be able to view the 
index.php page
7) modify vcl/.ht-inc/utils.php as follows:
 a) in initGlobals, comment out everything between '# start auth check' 
and '# 
end auth check'
 b) add these lines above or below what you just commented out:
   $authed = 1;
   $userid = "{$_SERVER['REMOTE_USER']}@Marist";

Give that a try and let me know how things work out.


On Tuesday January 04, 2011, John Ma wrote:
> Hi community,
> I am attempting to integrate VCL2.2 with CAS (
> and wondering whether someone could provide a brief introduction of 
> authentication mechanism.
> I want to keep VCL user table for authorization but off load
> authentication to CAS. I am familiar with CAS and know the basics of PHP
> and Perl programming.
> Thanks in advance,
> John Ma
> sys admin
> Marist College
- -- 
- -------------------------------
Josh Thompson
VCL Developer
North Carolina State University

my GPG/PGP key can be found at
Version: GnuPG v2.0.16 (GNU/Linux)

[attachment "casauth.php" deleted by John Ma/ADM/Marist] 

Reply via email to