Hi,
Our company is using CAS as the authentication system. How can we integrate CAS with Webauction?
Cheers,
Cinto
How to integrate CAS into Webauction
6 posts
• Page 1 of 1
How to integrate CAS into WebauctionHi,
Our company is using CAS as the authentication system. How can we integrate CAS with Webauction? Cheers, Cinto
Re: How to integrate CAS into WebauctionHi,
We have managed to add CAS to webauction. However, how can we change the authorization from Webauction database to our own database? Do we add the check of getting the role inside function getRoles(Dataface_Record $record); under ApplicationDelegateClass.php? Cheers, Cinto
Re: How to integrate CAS into WebauctionCAS is really only meant for authentication (determining that someone is who they say they are). Authorization/Permissions should still be handled in web auction. I.e. you'll generally still manage the user accounts inside web auction. The only difference with CAS is that the webauction password won't be used because they'll be using there CAS login.
If you want to start storing permissions info or group info centrally you'll be looking at something separate from cas.... Essentially you need to create a way for web auction to communicate with your role management system. In reality I don't think it's realistic to have centralized permissions management for multiple distinct applications because many of the permissions will be specific to that application. It is possible to tap into a more general role policy that you store centrally and use this as a guideline when initializing the permissions for a particular application.... once again, outside the scope of CAS though. -Steve
Re: How to integrate CAS into WebauctionHi Steve,
Thanks for the explanation. I have another question on CAS. We need users to login before they can see webauction. How can we modify webauction or CAS to achieve that? Cheers, Cinto
Re: How to integrate CAS into WebauctionYou can either use the Apache CAS module to disable access to the directory altogether. (This works using .htaccess files).
or You can modify the getPermissions() method to disable anonymous access. E.g. in the application delegate class, change:
to
-Steve
Re: How to integrate CAS into WebauctionHi Steve,
Thanks! We are able to cas the whole webaucation. I have modified the getPermissions method further to allow users to login. This is the code I used:
I have written the function isUser() to check if the login belongs to userRole. Cheers, Cinto
6 posts
• Page 1 of 1
Return to Web Auction Discussion Who is onlineUsers browsing this forum: No registered users and 1 guest |