After much tinkering with RPI’s CAS (Central Authentication System) in PHP, I thought I would put together a guide to make it easy for anyone to put together a site that uses it. This would work for anyone at another location with a CAS server, but this example is for RPI.

Get the CAS Library https://wiki.jasig.org/display/CASC/phpCAS Download the tar file under “Current Version” Extract the contents, using a program such as 7-Zip, and put it in the root of whatever web folder you want Download the latest CA bundle for SSL http://curl.haxx.se/docs/caextract.html

Download “cacert.pem”, and put it in root of web project Create a index.php, login.php, logout.php The index has to load the library, check if the user is logged in, then print out text. <?PHP include_once(“./CAS-1.3.2/CAS.php”);

phpCAS::client(CAS_VERSION_2_0,’cas-auth.rpi.edu’,443,’/cas/’);

// SSL!

phpCAS::setCasServerCACert(“./CACert.pem”);//this is relative to the cas client.php file if (phpCAS::isAuthenticated())

{

echo “User:” . phpCAS::getUser();

echo “<a href=’./logout.php’>Logout</a>”;

}else{

echo “<a href=’./login.php’>Login</a>”;

} ?>

First we load the library for CAS from the subfolder

Then we select which will be our central server

We have to select our ca bundle, setCasServerCert does this

Now we have fully loaded and configured the library

Finally, I can ask CAS if a user has logged in, if so writeout some options, if not others This is the login page <?PHP include_once(“./CAS-1.3.2/CAS.php”);

phpCAS::client(CAS_VERSION_2_0,’cas-auth.rpi.edu’,443,’/cas/’);

// SSL!

phpCAS::setCasServerCACert(“./CACert.pem”);//this is relative to the cas client.php file if ( !phpCAS::isAuthenticated() )

{

phpCAS::forceAuthentication();

}else{

header(‘location: ./index.php’);

} ?>

Similar setup of authentication as before

Now we check if the user is NOT authenticated, if the user is not authenticated we force login

authenticated, if the user is not authenticated we force login If the user already is logged in, then we redirect to the index The logout page: <?PHP include_once(“./CAS-1.3.2/CAS.php”);

phpCAS::client(CAS_VERSION_2_0,’cas-auth.rpi.edu’,443,’/cas/’);

// SSL!

phpCAS::setCasServerCACert(“./CACert.pem”);//this is relative to the cas client.php file if (phpCAS::isAuthenticated())

{

phpCAS::logout();

}else{

header(‘location: ./index.php’);

} ?>

Same configuration (this can be done by including a core file that everything else calls, but for this example I wanted to keep it simple)

If they are not logged in, then we push the user back to login

That is the basic configuration, the example is available for download below. If there are any questions feel free to post a comment.

Download: https://github.com/daberkow/daberkow.github.io/blob/master/CASExample.zip

Extra Notes:

If you want to save server space, the docs folder under the CAS folder can be removed

I have ran into problems with CAS on a Windows Apache server, and CAS on a Linux Apache server reference the CACert.pem file differently One example of CAS on Windows is the timetracker software One example of CAS on Linux is QuickLogs

