/ 
Dancer2-Plugin-Auth-CAS-2.000
River stage zero No dependents
/ Dancer2::Plugin::Auth::CAS

NAME

Dancer2::Plugin::Auth::CAS - CAS sso authentication for Dancer2

VERSION

Version 2.000

SYNOPSIS

Dancer2::Plugin::Auth::CAS provides CAS single-sign-on authentication

Add the plugin to your application:

use Dancer2::Plugin::Auth::CAS;

Configure the plugin in your config:

plugins:
  "Auth::CAS":
      cas_url: "https://your.org/sso"
      cas_denied_path: "/denied"
      cas_version: "2.0"
      cas_user_map: "user"
      cas_attr_map:
          email: "email"
          username: "username"
          firstName: "firstname"
          lastName: "lastname"

Call the auth_cas function in a before filter:

before sub {
    # fetches the ticket via URL 'ticket' parameter
    auth_cas; 

    # or if you want to fetch the ticket yourself:
    auth_cas( ticket => $cas_ticket_id ); 

    # or if you want to override global options:
    auth_cas(
        cas_denied_path => ... ,
        cas_user_map => ... ,
    );
};

or in a route handler:

get '/confidential' => sub {
    auth_cas;
    # Authenticated
    ...
};

DESCRIPTION

Cancer::Plugin::Auth::CAS provides single-sign-on (sso) authentication via JASIGs Central Authentication Service (CAS). See http://www.jasig.org/cas

CONFIGURATION

The available configuration options are listed below.

cas_url

The URL of your CAS server

cas_denied_path

Redirect towards this path or URL when authentication worked but was simply invalid.

cas_version

The version of your CAS server, usually '2.0' or '1.0'

cas_user_map

This lets you choose under what name the CAS user details will be stored in your session. Defaults to: 'cas_user' All user attributes delivered by the CAS-Server will be stored as a HashRef under the session key of cas_user_map. Defaults to: 'cas_user'

cas_attr_map

This lets you map CAS user attributes towards your own attribute names.

Example:

cas_attr_map:
    email: "user_email"
    username: "username"
    firstName: "first_name"
    lastName: "last_name"

This will map the CAS user attribute email to user_email aso..

FUNCTIONS

auth_cas ( %args )

This function may be called in a before filter or at the beginning of a route handler. It checks if the client is authenticated, else it redirects the client towards the CAS-server SSO login URL.

If the login succeeds, the CAS-Server will redirect the client towards the first requested path including a 'ticket' as URL parameter. This triggers the auth_cas a second time, where it validates the 'ticket' against the CAS-Server. If the service ticket validation fails, it will redirect the client towards the cas_denied_path URL.

Once the ticket validation has been done, the server includes user attributes in its reponse to the Dancer application. These user attributes are stored as a HashRef in a session key (see cas_user_map). These attributes can be renamed/mapped towards your own keys with the cas_attr_map option.

Parameters:

  • ticket (optional)

    If you want to extract the CAS ticket yourself, then you can forward it explicitly with this parameter.

  • cas_denied_path (optional)

    See cas_denied_path in the configuration section.

  • cas_user_map (optional)

    See cas_user_map in the configuration section.

AUTHOR

Jean Stebens, <cpan.helba at recursor.net>

BUGS

Please report any bugs or feature requests at https://github.com/corecache/Dancer-Plugin-Auth-CAS. I will be notified, and then you'll automatically be notified of progress on your bug as I make changes.

SUPPORT

You can find documentation for this module with the perldoc command.

perldoc Dancer2::Plugin::Auth::CAS

You can also look for information at: https://github.com/corecache/Dancer-Plugin-Auth-CAS

LICENSE AND COPYRIGHT

Copyright 2013-2014 Jean Stebens.

This program is free software; you can redistribute it and/or modify it under the terms of either: the GNU General Public License as published by the Free Software Foundation; or the Artistic License.

See http://dev.perl.org/licenses/ for more information.