Limit users from CAS
- Status
- Closed
- Subject
- Limit users from CAS
- Version
- 1.8.x
1.9.x - Category
- Feature request
- Feature
- External Authentication (LDAP, AD, PAM, CAS, etc)
- Resolution status
- New
- Submitted by
- gpaterno
- Lastmod by
- gpaterno
- Rating
- Description
While CAS authentication is great, it allows multiple users to login if you have a widely common CAS server.
For example, SecurePass 1 strong authentication allow ALL securepass users to login through their CAS.
The need is to optionally limit which users or users domain can login to tikiwiki through CAS.- Solution
A quick and dirty solution is to do a regex check on the CAS username. For our purposes, on userslib.php (ver 8.2) around line 470 add the following:
469a470,477
>
> // Gippa
> // If user is authenticated, but not belong to us, fails
> elseif ( $userCAS && !preg_match("/(.*)@mycompany.com$/", $user) ) {
> return array(false, $user, $result);
> }
>
>That is a quick and dirty patch. You can create an input box to check for regex or domains.
Thank you very much.
Best regards,
Giuseppe- Priority
- 25
- Demonstrate Bug on Tiki 19+
-
This bug has been demonstrated on show2.tiki.org
Please demonstrate your bug on show2.tiki.org
Show.tiki.org is not configured properlyThe public/private keys configured to connect to show2.tiki.org were not accepted. Please make sure you are using RSA keys. Thanks.
- Demonstrate Bug (older Tiki versions)
-
This bug has been demonstrated on show.tikiwiki.org
Please demonstrate your bug on show.tikiwiki.org
Show.tiki.org is not configured properlyThe public/private keys configured to connect to show.tikiwiki.org were not accepted. Please make sure you are using RSA keys. Thanks.
- Ticket ID
- 4083
- Created
- Monday 19 December, 2011 14:35:21 UTC
by gpaterno - LastModif
- Wednesday 26 February, 2020 16:54:40 UTC