Contents

  1. 2005-06-22 phpCAS 初级研究
    1. ITS Central Authentication Service
    2. phpCAS 安装
      1. phpCAS需要依赖以下三个模块
      2. PHP在如下编译条件下,才能使得phpCAS正常工作
      3. 当使用 Horde FrameWork 时
      4. 当使用 Horde IMP 时
      5. 当使用Mysql存储用户认证信息时
      6. 注意
      7. Apache 2.0.44+
      8. PEAR

2005-06-22 phpCAS 初级研究

phpCAS: a PHP client library for CAS (Central Authentication Service)

phpCAS是一个ITS Central Authentication Service的client的简单接口,为php的web开发提供,是个开源项目,实际上是基于耶鲁大学这套sso的client端实现。

也就是说,实现我们的SSO,需要搭建ITS CAS的server端,而client则可以使用phpCAS。

ITS Central Authentication Service

首先需要了解CAS的基本知识

在kofwang的scrapBook中收录了两篇文章作为参考。

用Yale CAS Server 来实现单点登陆(SSO)

Build and implement a single sign-on solution

lastest stable version CSA 2.0

This distribution contains the CAS 2.0 server -- that is, the web application that authenticates users, provides CAS tickets, and validates these tickets. The CAS 2.0 server is written entirely in Java and is deployable in any compliant Servlet 2.3 container (e.g., Tomcat). See below for installation instructions.

phpCAS 安装

phpCAS需要依赖以下三个模块

自从0.4.15版本以后,phpCAS同样支持IIS.

PHP在如下编译条件下,才能使得phpCAS正常工作

当使用 Horde FrameWork 时

当使用 Horde IMP 时

当使用Mysql存储用户认证信息时

注意

Apache 2.0.44+

If you plan to write a CAS proxy, you will need to secure your Apache server with OpenSSL. HTTPS configuration is needed to use CAS proxies (the callback URL given to the CAS server to transmit the PGTIou must be secured). To achieve this, edit your httpd.conf file and add lines such as:

SSLCertificateFile /etc/x509/cert.server.pem

SSLCertificateKeyFile /etc/x509/key.server.pem

SSLCertificateChainFile /etc/x509/cachain.pem

SSLCACertificateFile /etc/x509/cacert.pem

PEAR

phpCAS 需要 PEAR::DB 的支持(如果没有,则会抛出一个 'could not find DB.php'的错误) 和 PEAR::Log.

SkSig/2005-06-22 (last edited 2009-12-25 07:16:17 by localhost)