====== How to use "CAS Jasig" to authenticate users in Vanilla2 forum ? ====== The goal is to integrate your existing SSO (based on [[http://www.jasig.org/cas|CAS]]) in a [[http://vanillaforums.org/|Vanilla2]] based forum. ===== Vanilla2 ProxyConnect plugin ===== First of all, you need to install the [[http://vanillaforums.org/addon/472/vanilla-proxyconnect|ProxyConnect]] plugin. Then you have to enable it from the dashboard. Finally, configure it like that: ^ Main Site URL | ''http://your-vanilla2-web-site/'' | ^ Authenticate URL | ''http://your-vanilla2-web-site/sso/authenticate.php'' | ^ Registration URL | ''http://your-vanilla2-web-site/sso/register.php'' | ^ Sign-In URL | ''http://your-vanilla2-web-site/sso/signin.php'' | ^ Sign-Out URL | ''http://your-vanilla2-web-site/sso/signout.php'' | Now, you have to setup these "sso scripts". ===== Scripts contents ===== The two more importants are ''sso/authenticate.php'' and ''sso/signin.php''. These scripts will share some parameters that will be stored in ''sso/config.php''. ==== sso/config.php ==== * ''$secret'' is a private key, it is used to secure the cookie between ''signin.php'' and ''authenticate.php''. * ''getMailFromLogin($login)'' is used to return the mail address corresponding to the login (write your own) * ''getUserIDFromLogin($login)'' is used to return a unique id to identified your login in the vanilla2 bdd ==== sso/signin.php ==== This one will redirect user to your SSO in order to get the authenticated login, then it will setup a cookie to communicate this login to the ''sso/authenticate.php'' script. It supposes that you have the [[https://wiki.jasig.org/display/CASC/phpCAS|phpCAS]] library (CAS client) installed and accessible through your PHP include_path. ==== sso/authenticate.php ==== This script get the cookie previously setup by ''sso/signin.php'' to extract the login value. Then it searches for a unique id and for the user's mail. And finally it returns result as vanilla2 is waiting for. __Notice__ : this script will be called directly by vanilla after ''sso/signin.php'' is called. This script is never loaded be the user's browser. UniqueID= Name= Email= ==== sso/signout.php ==== This script will just destroy the vanilla cookie and the SSO cookie. Attention: create a blank file ''favicon.ico'' in your vanilla root directory if you want to be able to logout. ==== sso/register.php ==== This script should redirect to your centralized user registration url... header('Location: http://your-registration-url'); {{tag>article computing sso cas vanilla forum}} ~~DISCUSSION~~