Rack-CAS
Rack-CAS is simple Rack middleware to perform CAS client authentication.
Features
- Rack based
- Framework independent
Works with, but doesn't depend on Rails, Sinatra, etc. - Minimal dependencies
Current gem dependencies are rack, addressable and nokogiri. - Supports CAS extra attributes
Extra attributes are a mess though. So let me know if your brand of CAS server isn't supported. - Single sign out
One of the included session stores must be used.
Requirements
- Ruby >= 1.9.2
- A working CAS server
Installation
Rails
Add gem 'rack-cas'
to your Gemfile
and run bundle install
Once the necessary gems have been installed, in your config/application.rb
add:
config.rack_cas.server_url = 'https://cas.example.com/'
If the the server URL depends on your environment, you can define it in the according file: config/environments/<env>.rb
Single Sign Out
If you wish to enable single sign out you'll need to modify your configuration as below.
Active Record
Set the session_store
in your config/application.rb
:
require 'rack-cas/session_store/active_record'
config.rack_cas.session_store = RackCAS::ActiveRecordStore
Edit your config/initializers/session_store.rb
file with the following:
require 'rack-cas/session_store/rails/active_record'
YourApp::Application.config.session_store :rack_cas_active_record_store
Run:
rails generate cas_session_store_migration
rake db:migrate
Mongoid
Set the session_store
in your config/application.rb
:
require 'rack-cas/session_store/mongoid'
config.rack_cas.session_store = RackCAS::MongoidStore
Edit your config/initializers/session_store.rb
file with the following:
require 'rack-cas/session_store/rails/mongoid'
YourApp::Application.config.session_store :rack_cas_mongoid_store
Sinatra and Other Rack-Compatible Frameworks
Add gem 'rack-cas'
to your Gemfile
and run bundle install
Add the following to your config.ru
file:
require 'rack/cas'
use Rack::CAS, server_url: 'https://login.example.com/cas'
Single Sign Out
Single sign out support outside of Rails is currently untested. We'll be adding instructions here soon.
Integration
Your app should return a 401 status whenever a request is made that requires authentication. Rack-CAS will catch these responses and attempt to authenticate via your CAS server.
Once authentication with the CAS server has completed, Rack-CAS will set the following session variables:
request.session['cas']['user'] #=> johndoe
request.session['cas']['extra_attributes'] #=> { 'first_name' => 'John', 'last_name' => ... }
NOTE: extra_attributes
will be an empty hash unless they've been configured on your CAS server.
Testing
Controller Tests
Testing your controllers and such should be as simple as setting the session variables manually in a helper.
def set_current_user(user)
session['cas'] = { 'user' => user.username, 'extra_attributes' => {} }
end
Integration Tests
Integration testing using something like Capybara is a bit trickier because the session can't be manipulated directly. So for integration tests, I recommend using the provided Rack::FakeCAS
middleware instead of Rack::CAS
.
require 'rack/fake_cas'
use Rack::FakeCAS
If you are using Rails, FakeCAS is automatically used in the test environment by default. If you would like to activate it in any other environment, add the following to the corresponding config/environments/<env>.rb
:
config.rack_cas.fake = true
Then you can simply do the following in your integration tests in order to log in.
visit '/restricted_path'
fill_in 'username', with: 'johndoe'
fill_in 'password', with: 'any password'
'Login'
NOTE: The FakeCAS middleware will authenticate any username with any password and so should never be used in production.