nbudin/devise_cas_authenticatable nbudin/devise_cas_authenticatable

  • Stars
    star
    286
  • Rank 144,690 (Top 3 %)
  • Language
    Ruby
  • License
    MIT License
  • Created over 14 years ago
  • Updated over 2 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
nbudin/devise_cas_authenticatable
github

nbudin

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

CAS authentication support for Devise

devise_cas_authenticatable Ruby Gem Version

Written by Nat Budin
Taking a lot of inspiration from devise_ldap_authenticatable

devise_cas_authenticatable is CAS single sign-on support for Devise applications. It acts as a replacement for database_authenticatable. It builds on rack-cas and should support just about any conformant CAS server (although I have personally tested it using rubycas-server).

Requirements

  • Rails 5.0 or greater
  • Devise 4.0 or greater

devise_cas_authenticatable version 2 is a major rewrite

devise_cas_authenticatable version 1 was based on rubycas-client. Now that rubycas-client is deprecated, devise_cas_authenticatable version 2 is based on rack-cas.

In order to upgrade, you'll need to:

  • Make sure you're on a supported version of Devise (4.0 or above) and a supported version of Rails (5.0 or above)
  • Add the rack-cas configuration to your application.rb (see below)
  • Remove the cas_base_url, cas_login_url, cas_logout_url, cas_validate_url, and cas_client_config_options from your devise.rb initializer, if present
  • If using single sign out: set up rack-cas's built-in single sign out support

Installation

Add to your Gemfile:

gem 'devise'
gem 'devise_cas_authenticatable'

Setup

Once devise_cas_authenticatable is installed, add the following to your user model:

devise :cas_authenticatable

You can also add other modules such as token_authenticatable, trackable, etc. Please do not add database_authenticatable as this module is intended to replace it.

You'll also need to set up the database schema for this:

create_table :users do |t|
  t.string :username, :null => false
end

We also recommend putting a unique index on the username column:

add_index :users, :username, :unique => true

(Note: previously, devise_cas_authenticatable recommended using a t.cas_authenticatable method call to update the schema. Devise 2.0 has deprecated this type of schema building method, so we now recommend just adding the username string column as above. As of this writing, t.cas_authenticatable still works, but throws a deprecation warning in Devise 2.0.)

You'll need to configure rack-cas so that it knows where your CAS server is. See the rack-cas README for full instructions, but here is the bare minimum:

config.rack_cas.server_url = "https://cas.myorganization.com" # replace with your server URL
config.rack_cas.service = "/users/service" # If your user model isn't called User, change this

Finally, you may need to add some configuration to your config/initializers/devise.rb in order to tell your app how to talk to your CAS server. This isn't always required. Here's an example:

Devise.setup do |config|
  ...
  # The CAS specification allows for the passing of a follow URL to be displayed when
  # a user logs out on the CAS server. RubyCAS-Server also supports redirecting to a
  # URL via the destination param. Set either of these urls and specify either nil,
  # 'destination' or 'follow' as the logout_url_param. If the urls are blank but
  # logout_url_param is set, a default will be detected for the service.
  # config.cas_destination_url = 'https://cas.myorganization.com'
  # config.cas_follow_url = 'https://cas.myorganization.com'
  # config.cas_logout_url_param = nil

  # You can specify the name of the destination argument with the following option.
  # e.g. the following option will change it from 'destination' to 'url'
  # config.cas_destination_logout_param_name = 'url'

  # By default, devise_cas_authenticatable will create users.  If you would rather
  # require user records to already exist locally before they can authenticate via
  # CAS, uncomment the following line.
  # config.cas_create_user = false

  # If you don't want to use the username returned from your CAS server as the unique
  # identifier, but some other field passed in cas_extra_attributes, you can specify
  # the field name here.
  # config.cas_user_identifier = nil
end

Extra attributes

If your CAS server passes along extra attributes you'd like to save in your user records, using the CAS extra_attributes parameter, you can define a method in your user model called cas_extra_attributes= to accept these. For example:

class User < ActiveRecord::Base
  devise :cas_authenticatable

  def cas_extra_attributes=(extra_attributes)
    extra_attributes.each do |name, value|
      case name.to_sym
      when :fullname
        self.fullname = value
      when :email
        self.email = value
      end
    end
  end
end

See also

License

devise_cas_authenticatable is released under the terms and conditions of the MIT license. See the LICENSE file for more information.

More Repositories

1

react-blockly

A React component that embeds a Blockly visual programming editor.
TypeScript
253
star
2

devise_openid_authenticatable

OpenID authentication for Devise
Ruby
99
star
3

heroku_external_db

Makes it easy to connect to external databases from a Heroku app
Ruby
40
star
4

google4r-checkout

Google Checkout library for Ruby
Ruby
39
star
5

react-bootstrap4-modal

A very simple Bootstrap 4 modal dialog component for React
TypeScript
20
star
6

html2pdf

A command-line HTML-to-PDF converter for Mac OS X
Objective-C
20
star
7

journey

An online questionnaire application
Ruby
13
star
8

authlogic_pam

PAM authentication support for authlogic
Ruby
13
star
9

blockly_interpreter

An interpreter for Blockly programs in Ruby
Ruby
10
star
10

videojs-rails

This gem is deprecated. Please use videojs_rails by Sean Behan instead.
JavaScript
8
star
11

agikit

A set of developer tools for the Sierra AGI adventure game engine
TypeScript
8
star
12

procon

Awesome registration for awesome events
Ruby
6
star
13

devise_openid_example

A version of devise_example using devise_openid_authenticatable
Ruby
5
star
14

ec2-delete-old-snapshots-ruby

Ruby port of ec2-delete-old-snapshots.php
Ruby
4
star
15

vellum

A collaborative writing and mind-mapping application for the web
Ruby
4
star
16

rpp

Ruby library for parsing REAPER project files
Ruby
4
star
17

ae_users

An authentication and authorization plugin for Rails
Ruby
3
star
18

illyan

A central user account management app
Ruby
3
star
19

jipe

Jester In-Place Editing controls
JavaScript
2
star
20

ponzi

A household financial management tool
Ruby
2
star
21

union_bug

Advertise your union membership in work Slack
TypeScript
2
star
22

agikit-project-template

2
star
23

minitrack

A simple HTML5 calorie tracker for mobile phones
JavaScript
2
star
24

google_code_issues_import

Import google code issues to github
Ruby
2
star
25

ae_forms

A simple CSS-based form generator plugin for Rails
2
star
26

ae_users_migrator

Migration tool for legacy ae_users database
Ruby
1
star
27

stranger-ways-middleman

The Stranger Ways web site
HTML
1
star
28

incant

A new command line
C#
1
star
29

vellum-ipad

Vellum app for iPad
Objective-C
1
star
30

say-it-20

Say It 2.0 theme for WordPress - Nat Budin's fork
PHP
1
star
31

traverse

A web application for creating decision tree-based games
Ruby
1
star
32

cantrip

Computer-assisted casting for LARPs using the Alleged Entertainment casting algorithm
Ruby
1
star
33

sublime-flog-highlighter

Ruby complexity analysis for Sublime Text
Python
1
star
34

radiant-ae_users-authenticator

ae_users authentication plugin for Radiant CMS
Ruby
1
star
35

rblineprof-browser

A console-based browser for rblineprof results
Ruby
1
star
36

home

Standard layout for Nat's home directory
1
star
37

illyan_client

A REST API client for Illyan
Ruby
1
star
38

FireEngine

Objective-C
1
star