CAS as an authentication provider

The CMS can be configured to use CAS as its authentication provider (CMS version 2.0 and later)

The Central Authentication Service ( CAS ) is a single sign-on protocol for the web. Its purpose is to permit a user to access multiple applications while providing their credentials (such as userid and password) only once. It also allows web applications to authenticate users without gaining access to a user’s security credentials, such as a password.

  • Wikipedia

CAS integration is enabled via the settings.php file in the CMS installation. If Docker has been used settings.php will not be accessible, however, it is possible to create a settings-custom.php file in the /custom mount point. The below Configuration can be added to that file instead.

The purpose of the integration is to configure a CAS enabled IdP (identity provider) for authentication with the Xibo CMS.

A User already authenticated with the IdP will automatically be logged into the CMS. If the User does not exist they will optionally be created with a set of default credentials.

Configuration

CAS integration is configured in the settings.php file of the CMS installation. This file can be found in your /web folder.

There are two sections to adjust, the $authentication middleware and the $samlSettings configuration array.

Middleware

The authentication middleware should be changed to CASAuthentication , shown below:

$authentication = new \Xibo\Middleware\CASAuthentication();

CAS Settings

The CAS settings array contains all the necessary information for the CMS to connect and use a CAS enabled IdP. An example settings file can be seen below. the configuration is split into 3 main sections:

  • server : options for the server provider (these are used by the CMS to identify and communicate with the identity provider).
  • port : specify which port to use.
  • uri : the location of the CAS application at the server specified above.

Example Settings

$authentication = new \Xibo\Middleware\CASAuthentication();
$casSettings = array(
    'config' => array (
        'server' => 'your.cas.server',
        'port' => '443',
        'uri' => '/cas'
    )
);