TWiki and CAS

Scott Battaglia scott.battaglia at gmail.com
Wed Sep 27 11:03:14 EDT 2006 

Dallas,

Thanks for the update.  Any chance you could post a summary of this in our
Wiki (http://www.ja-sig.org/wiki) in order to help others troubleshoot
later?

Thanks
-Scott

On 9/26/06, Dallas Wisehaupt <dallas.wisehaupt at scranton.edu> wrote:
>
> I noticed a few messages in the CAS archives from March about using CAS
> and TWiki that had no resolution. We have recently been looking at CAS
> and were going to try and integrate TWiki into that framework. We
> already had TWiki configured to use Apache auth via mod_ldap and it was
> working with some minor restrictions.
>
> We kept running into stumbling blocks when trying to set up mod_cas from
> Case Western (http://wiki.case.edu/CAS) as the auth source. Today, we
> finally got a break and found the proper setup.
>
> After initial testing, we verified that mod_cas was working properly
> with a set of static resources.  However, when we tried adjusting the
> auth for Twiki from using mod_ldap to mod_cas, the initial pages would
> work, but then the subsequent included pages wouldn't. Everything was
> pointing at the ticket not being sent in requests to those pages.
>
> The answer came when I stumbled across this page about Shibbolizing
> TWiki:
>
> https://mams.melcoe.mq.edu.au/zope/mams/pubs/Installation/shib-twiki/document_view
>
> I decided to give it a stab and just adapt where they had used
> Shibboleth to mod_cas. It appears that we were trying too much by
> protecting the entire TWiki tree. All we really needed to protect was
> /twiki/bin/logon, /twiki/bin/register, and
> /twiki/bin/view/TWiki/TWikiRegistration. If you aren't accepting
> registration and have it disabled, then you really only need to protect
> /twiki/bin/logon.
>
> After making these minor changes we are able to authenticate users via
> CAS. All page access restrictions are provided by the TWiki Access
> Control. This little shift gave us everything we were looking for. In
> addition, it restored the Logout functionality of TWiki that you lose if
> you are using basic auth (LDAP or .htaccess) over the entire tree.
>
> Just thought I would share in case anyone else is looking for this
> information.
>
> Dallas
> --
> Dallas Wisehaupt                            Systems Administrator
> dallas.wisehaupt at scranton.edu               The University of Scranton
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20060927/9e7ae1b9/attachment.html

More information about the cas mailing list