Skip to content

CAS in Ruby on Rails

24 April, 2008

Ruby on rails has its own implementations of the CAS client and CAS server thanks to Matt Zokowski. The rubycas-client is a Ruby client library for JA-SIG’s Central Authentication Service (CAS) protocol, while the server is an ultra-lightweight implementation of the CAS authentication server following the same protocol.

More information on the project and the download links can be found here – http://code.google.com/p/rubycas-client/ and here – http://rubyforge.org/projects/rubycas-client

This is a great single solution to all your CAS needs in ruby on rails. It works very well with linux so be sure to give it a try if you work with Linux. However, the sample code given in the project pages is not the best way to implement a CAS system for your ruby on rails application. I tried to refine the installation for Noobs such as me.

FOR THE RUBYCAS-SERVER

First thing to do is make sure that the CAS server for your organization is working. I case you don’t have one, try the handy rubycas-server gem. It is in version 0.6.0 but I tried the 0.5.1 when I started. The instructions here are pretty simple and straightforward so I am not repeating them. In case you run into problems, try editing the config.yml file because that is where one would usually go wrong. Some configuration options explained here
The important things to look out for are the database config such as sockets and ports, and the right port numbers to run the server.
a) server: select the server eg. webrick, mongrel and add server info such as port, ssl certificate locations
b) database: enter the database configuration this varies according to db used
c) authentication: setup table info, authentication type and settings here
d) look and feel: you can change this to suit your organization, this just involves adding a theme.css file to /themes
e) logging: set logging location and level
f) other: set the ticket expiry times

Now if you plan to use ssl (I do not recommend this for testing and again mongrel does not seem to support ssl) you can try to make a self signed certificate by following the steps here.  Also, make a table of users and passwords in the cas server’s database. So for example mysql is selected as the database, then according to the config.yml default options, there should be a ‘casserver ‘ database and there needs to be a table titled ‘users’ with the columns ‘username’ and ‘password’ in it.

Next would be to implement the CASClient in our application.

FOR THE RUBYCAS_CLIENT

The home page of the rubycas-client shows one way to implement it as a plugin. However, I was using the casclient as a gem. So that did not help me much. Besides I had started with an older version of 1.1.0 instead of the newer 2.0.1. Whichever option you choose, the CAS client is also simple to install and use. For installing it as a gem, do a ‘gem install rubycas-client’ first. You can also force the versions by specifying them. The ruby forge api mentions the simplest way to install the ‘CAS filter’ for your controller is to add the line ‘before_filter CASClient::Frameworks::Rails::Filter’ or ‘before_filter CAS::Filter’ to your controller depending on which version of casclient you have. Version 1.1.0 requires the latter command. However, as mentioned further in the api, it is not the most efficient way. A better way is to ask CAS once and store the authentication info in session. Given below are the methods I used to implement casclient on my app. To change the method to suit the latest casclient version, just change the lines to the latest casclient commands (casfilteruser is replaced by cas_user etc.). I had to verify that users were authenticated both by CAS and by the local database.

cas filter sample code

From → ruby on rails

Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: