Plack::Auth::SSO::CAS - implementation of Plack::Auth::SSO for CAS
#in your app.psgi builder { mount "/auth/cas" => Plack::Auth::SSO::CAS->new( session_key => "auth_sso", uri_base => "http://localhost:5000", authorization_path => "/auth/cas/callback", error_path => "/auth/error" )->to_app; mount "/auth/cas/callback" => sub { my $env = shift; my $session = Plack::Session->new($env); my $auth_sso = $session->get("auth_sso"); #not authenticated yet unless($auth_sso){ return [403,["Content-Type" => "text/html"],["forbidden"]]; } #process auth_sso (white list, roles ..) [200,["Content-Type" => "text/html"],["logged in!"]]; }; mount "/auth/error" => sub { my $env = shift; my $session = Plack::Session->new($env); my $auth_sso_error = $session->get("auth_sso_error"); unless ( $auth_sso_error ) { return [ 302, [ Location => $self->uri_for( "/" ) ], [] ]; } [ 200, [ "Content-Type" => "text/plain" ], [ "Something went wrong. User could not be authenticated against CAS\n", "Please report this error:\n", $auth_sso_error->{content} ]]; }; };
This is an implementation of Plack::Auth::SSO to authenticate against a CAS server.
It inherits all configuration options from its parent.
base url of the CAS service
Cf. https://apereo.github.io/cas/4.2.x/protocol/CAS-Protocol-Specification.html#253-error-codes
When a ticket arrives, it is checked against the CAS Server. This can lead to the following situations:
* an error occurs. This means that the CAS server is down, or returned an unexpected response. The error type is "unknown":
{ package => "Plack::Auth::SSO::CAS", package_id => "Plack::Auth::SSO::CAS", type => "unknown", content => "server could not complete request" }
* the ticket is rejected by the CAS server. When the authentication code is "TICKET_INVALID" the user is redirected back to the CAS server. In other cases the type equals the authentication code, and content equals the error description.
{ package => "Plack::Auth::SSO::CAS", package_id => "Plack::Auth::SSO::CAS", type => "INVALID_SERVICE", content => "invalid service" }
* add an option to ignore validation of the SSL certificate of the CAS Service? For now you should set the environment like this:
export SSL_VERIFY_NONE=1 export PERL_LWP_SSL_VERIFY_HOSTNAME=0
Nicolas Franck, <nicolas.franck at ugent.be>
<nicolas.franck at ugent.be>
Plack::Auth::SSO
To install Plack::Auth::SSO, copy and paste the appropriate command in to your terminal.
cpanm
cpanm Plack::Auth::SSO
CPAN shell
perl -MCPAN -e shell install Plack::Auth::SSO
For more information on module installation, please visit the detailed CPAN module installation guide.