I need to support a Universities CAS Authentication system. This is simple with mod_auth_cas on Apache2 and is working fine.
We now need to add non university users to the system. This in effect means we need to support two login systems. The second login system is our own custom flavor that just auths users via POST to PHP.
It seems this is an impossible environment to setup. Any tips?
分享 The solution turned out to be phpCAS.
Using regular mod_auth_cas you are jailing entire locations behind CAS with no way to optionally disable it.
Using phpCAS you can perform the authentication OPTIONALLY in a php file.
All my php files are communicated to via ajax POST GET requests, so the login mechanism needed to prevent access to these files if not logged in and cause a redirect. Using the php $_SESSION variable we can store whether login was made and successful. On every access we can check the $_SESSION variable and do a quick exit after pushing a JSON message back to the javascript client informing them of the failure and to redirect.
When the user attempts to login they can choose the CAS route. Using phpCAS it will properly redirect them to the CAS server and back to my App when finished. If they choose the in house login database then they fill out a simple form like any homebrew login system. In both cases the $_SESSION stores the success and that success is checked and verified upon access to the critical PHP files.
Since it is verified and checked, is CAS expires we will catch it here. The in house login system expires inline with the PHP Session.
分享
