How to integrate CAS into Webauction

Archived from the Web Auction Discussion forum.

cinto_qq — Fri Aug 19, 2011 12:26 am

Hi,

Our company is using CAS as the authentication system. How can we integrate CAS with Webauction?

Cheers,
Cinto

cinto_qq — Tue Aug 23, 2011 3:37 am

Hi,

We have managed to add CAS to webauction.

However, how can we change the authorization from Webauction database to our own database? Do we add the check of getting the role inside function getRoles(Dataface_Record $record); under ApplicationDelegateClass.php?

Cheers,
Cinto

shannah — Tue Aug 23, 2011 10:32 am

CAS is really only meant for authentication (determining that someone is who they say they are). Authorization/Permissions should still be handled in web auction. I.e. you’ll generally still manage the user accounts inside web auction. The only difference with CAS is that the webauction password won’t be used because they’ll be using there CAS login.

If you want to start storing permissions info or group info centrally you’ll be looking at something separate from cas…. Essentially you need to create a way for web auction to communicate with your role management system. In reality I don’t think it’s realistic to have centralized permissions management for multiple distinct applications because many of the permissions will be specific to that application. It is possible to tap into a more general role policy that you store centrally and use this as a guideline when initializing the permissions for a particular application…. once again, outside the scope of CAS though.

-Steve

cinto_qq — Wed Aug 24, 2011 6:24 pm

Hi Steve,

Thanks for the explanation.

I have another question on CAS. We need users to login before they can see webauction. How can we modify webauction or CAS to achieve that?

Cheers,
Cinto

shannah — Wed Aug 31, 2011 7:58 pm

You can either use the Apache CAS module to disable access to the directory altogether. (This works using .htaccess files).
or
You can modify the getPermissions() method to disable anonymous access. E.g. in the application delegate class, change:

Code: Select all
function getPermissions(&$record){       if ( isAdmin() ) return Dataface_PermissionsTool::ALL();       return Dataface_PermissionsTool::READ_ONLY();        }

to

Code: Select all
function getPermissions(&$record){       if ( isAdmin() ) return Dataface_PermissionsTool::ALL();       return Dataface_PermissionsTool::NO_ACCESS();        }

-Steve

cinto_qq — Tue Sep 06, 2011 7:09 pm

Hi Steve,

Thanks! We are able to cas the whole webaucation.

I have modified the getPermissions method further to allow users to login. This is the code I used:

Code: Select all
function getPermissions(&$record){       if ( isAdmin() )                        return Dataface_PermissionsTool::ALL();             else if ( isUser() )                        return Dataface_PermissionsTool::READ_ONLY();       else                        return Dataface_PermissionsTool::NO_ACCESS();     }

I have written the function isUser() to check if the login belongs to userRole.

Cheers,
Cinto