[[TableOfContents]] = 2005-06-22 phpCAS 初级研究 = phpCAS: a PHP client library for CAS (Central Authentication Service) phpCAS是一个ITS Central Authentication Service的client的简单接口,为php的web开发提供,是个开源项目,实际上是基于耶鲁大学这套sso的client端实现。 也就是说,实现我们的SSO,需要搭建ITS CAS的server端,而client则可以使用phpCAS。 == ITS Central Authentication Service == 首先需要了解CAS的基本知识 在kofwang的scrapBook中收录了两篇文章作为参考。 [wiki:SKSIG/ScrapBook_kofwang/data/20050622095833/index.html 用Yale CAS Server 来实现单点登陆(SSO)] [wiki:SKSIG/ScrapBook_kofwang/data/20050622101159/index.html Build and implement a single sign-on solution] lastest stable version CSA 2.0 This distribution contains the CAS 2.0 server -- that is, the web application that authenticates users, provides CAS tickets, and validates these tickets. The CAS 2.0 server is written entirely in Java and is deployable in any compliant Servlet 2.3 container (e.g., Tomcat). See below for installation instructions. == phpCAS 安装 == === phpCAS需要依赖以下三个模块 === * CURL 7.5+ * PHP 4.3.1+ * Apache 2.0.44+ 自从0.4.15版本以后,phpCAS同样支持IIS. === PHP在如下编译条件下,才能使得phpCAS正常工作 === * --with-curl: CURL support, needed to access proxies. * --with-openssl: SSL support, needed for fopen('http://...'), to validate CAS tickets; * --with-dom: DOM support, to read the XML responses of the CAS server (PHP4); * --with-zlib: Zlib support, needed by DOM. === 当使用 Horde FrameWork 时 === * --with-gettext: gettext support. === 当使用 Horde IMP 时 === * --with-imap: IMAP and POP support, needed when using IMP; * --with-kerberos: Kerberos support, needed by IMAP. === 当使用Mysql存储用户认证信息时 === * --with-mysql: MySQL support. === 注意 === * PHP >= 4.3.0 is needed to get full logging information (thanks to debug_backtrace()). * On some systems (Fedora Core 2 for instance), package php_domxml is required. === Apache 2.0.44+ === If you plan to write a CAS proxy, you will need to secure your Apache server with OpenSSL. HTTPS configuration is needed to use CAS proxies (the callback URL given to the CAS server to transmit the PGTIou must be secured). To achieve this, edit your httpd.conf file and add lines such as: SSLCertificateFile /etc/x509/cert.server.pem SSLCertificateKeyFile /etc/x509/key.server.pem SSLCertificateChainFile /etc/x509/cachain.pem SSLCACertificateFile /etc/x509/cacert.pem === PEAR === phpCAS 需要 PEAR::DB 的支持(如果没有,则会抛出一个 'could not find DB.php'的错误) 和 PEAR::Log.