This is a OmniAuth 1.0 compatible port of the previously available OmniAuth CAS strategy that was bundled with OmniAuth 0.3.
This fork adds:
- SAML ticket validation support (from https://github.com/loocla/omniauth-cas/tree/saml)
- ssl_version option (defaults to SSLv3)
Add this line to your application's Gemfile:
gem 'omniauth-cas'
And then execute:
$ bundle
Or install it yourself as:
$ gem install omniauth-cas
Use like any other OmniAuth strategy:
Rails.application.config.middleware.use OmniAuth::Builder do
provider :cas, host: 'cas.yourdomain.com'
end
OmniAuth CAS requires at least one of the following two configuration options:
url
- Defines the URL of your CAS server (i.e.http://example.org:8080
)host
- Defines the host of your CAS server (i.e.example.org
).
Other configuration options:
-
port
- The port to use for your configured CAShost
. Optional if usingurl
. -
ssl
- TRUE to connect to your CAS server over SSL. Optional if usingurl
. -
service_validate_url
- The URL to use to validate a user. Defaults to'/serviceValidate'
. -
callback_url
- The URL custom URL path which CAS uses to call back to the service. Defaults to/users/auth/cas/callback
. -
logout_url
- The URL to use to logout a user. Defaults to'/logout'
. -
login_url
- Defines the URL used to prompt users for their login information. Defaults to/login
If nohost
is configured, the host application's domain will be used. -
uid_field
- The user data attribute to use as your user's unique identifier. Defaults to'user'
(which usually contains the user's login name). -
ca_path
- Optional whenssl
istrue
. Sets path of a CA certification directory. See Net::HTTP for more details. -
disable_ssl_verification
- Optional whenssl
is true. Disables verification. -
on_single_sign_out
- Optional. Callback used when a CAS 3.1 Single Sign Out request is received. -
fetch_raw_info
- Optional. Callback used to return additional "raw" user info from other sources.provider :cas, fetch_raw_info: Proc.new { |strategy, opts, ticket, user_info, rawxml| return {} if user_info.empty? || rawxml.nil? # Auth failed extra_info = ExternalService.get(user_info[:user]).attributes extra_info.merge!({'roles' => rawxml.xpath('//cas:roles').map(&:text)}) extra_info }
Configurable options for values returned by CAS:
uid_key
- The user ID data attribute to use as your user's unique identifier. Defaults to'user'
(which usually contains the user's login name).name_key
- The data attribute containing user first and last name. Defaults to'name'
.email_key
- The data attribute containing user email address. Defaults to'email'
.nickname_key
- The data attribute containing user's nickname. Defaults to'user'
.first_name_key
- The data attribute containing user first name. Defaults to'first_name'
.last_name_key
- The data attribute containing user last name. Defaults to'last_name'
.location_key
- The data attribute containing user location/address. Defaults to'location'
.image_key
- The data attribute containing user image/picture. Defaults to'image'
.phone_key
- The data attribute containing user contact phone number. Defaults to'phone'
.
Given the following OmniAuth 0.3 configuration:
provider :CAS, cas_server: 'https://cas.example.com/cas/'
Your new settings should look similar to this:
provider :cas,
host: 'cas.example.com',
login_url: '/cas/login',
service_validate_url: '/cas/serviceValidate'
If you encounter problems wih SSL certificates you may want to set the ca_path
parameter or activate disable_ssl_verification
(not recommended).
- Fork it
- Create your feature branch (
git checkout -b my-new-feature
) - Commit your changes (
git commit -am 'Added some feature'
) - Push to the branch (
git push origin my-new-feature
) - Create new Pull Request
Special thanks go out to the following people
- Phillip Aldridge (@iterateNZ) and JB Barth (@jbbarth) for helping out with Issue #3
- Elber Ribeiro (@dynaum) for Ubuntu SSL configuration support
- @rbq for README updates and OmniAuth 0.3 migration guide