Software

RPI phpCAS Authentication Tutorial

After much tinkering with RPI’s CAS (Central Authentication System) in PHP, I thought I would put together a guide to make it easy for anyone to put together a site that uses it. This would work for anyone at another location with a CAS server, but this example is for RPI.

  1. Get the CAS Library
  2. Download the tar file under “Current Version”
  3. Extract the contents, using a program such as 7-Zip, and put it in the root of whatever web folder you want
  4. Download the latest CA bundle for SSL
  5. Create a index.php, login.php, logout.php
  6. The index has to load the library, check if the user is logged in, then print out text.
    • <?PHP

      include_once(“./CAS-1.3.2/CAS.php”);
      phpCAS::client(CAS_VERSION_2_0,’cas-auth.rpi.edu’,443,’/cas/’);
      // SSL!
      phpCAS::setCasServerCACert(“./CACert.pem”);//this is relative to the cas client.php file

      if (phpCAS::isAuthenticated())
      {
      echo “User:” . phpCAS::getUser();
      echo “<a href=’./logout.php’>Logout</a>”;
      }else{
      echo “<a href=’./login.php’>Login</a>”;
      }

      ?>

       

    • First we load the library for CAS from the subfolder
    • Then we select which will be our central server
    • We have to select our ca bundle, setCasServerCert does this
    • Now we have fully loaded and configured the library
    • Finally, I can ask CAS if a user has logged in, if so writeout some options, if not others
  7. This is the login page
    • <?PHP

      include_once(“./CAS-1.3.2/CAS.php”);
      phpCAS::client(CAS_VERSION_2_0,’cas-auth.rpi.edu’,443,’/cas/’);
      // SSL!
      phpCAS::setCasServerCACert(“./CACert.pem”);//this is relative to the cas client.php file

      if (!phpCAS::isAuthenticated())
      {
      phpCAS::forceAuthentication();
      }else{
      header(‘location: ./index.php’);
      }

      ?>

       

    • Similar setup of authentication as before
    • Now we check if the user is NOT authenticated, if the user is not authenticated we force login
    • If the user already is logged in, then we redirect to the index
  8. The logout page:
    • <?PHP

      include_once(“./CAS-1.3.2/CAS.php”);
      phpCAS::client(CAS_VERSION_2_0,’cas-auth.rpi.edu’,443,’/cas/’);
      // SSL!
      phpCAS::setCasServerCACert(“./CACert.pem”);//this is relative to the cas client.php file

      if (phpCAS::isAuthenticated())
      {
      phpCAS::logout();
      }else{
      header(‘location: ./index.php’);
      }

      ?>

       

    • Same configuration (this can be done by including a core file that everything else calls, but for this example I wanted to keep it simple)
    • If they are not logged in, then we push the user back to login

That is the basic configuration, the example is available for download below. If there are any questions feel free to post a comment.

Download: https://github.com/daberkow/daberkow.github.io/blob/master/CASExample.zip

Extra Notes:

  • If you want to save server space, the docs folder under the CAS folder can be removed
  • I have ran into problems with CAS on a Windows Apache server, and CAS on a Linux Apache server reference the CACert.pem file differently

QuickLogs v3.3.0 (and quickly v3.3.1) (and then v3.3.2)

Recently there was a big update the to QuickLogs product, on the face of it, it looks like the buttons have been changed a little bit. That is the small part of the upgrade, the main change is how the stats page works. Now the stats page is run by the HighCharts JavaScript engine instead of the PHP libchart that was used in the past. This takes the load of creating charts off of the server, and moves it to JavaScript  Also this increases the flexibility to add more charts in the future.

I started the new stats page (v3.3.0) with a drop down to select different types of graphs, the Activities, User, and Overall graphs were used with the drop down. A quick comment made by people at the Helpdesk was “why not use all the space available, I dont like having to navigate again after refreshing.” v3.3.1 brought back the single page, but more importantly sorted the data in the charts. By default Highcharts plots by order the data is put into it; but it was not largest category to smallest. A quick sort was put in, and then we were back to where v3.2 ws with charts but a new engine. The new engine also allows for the charts to be looked at under different time periods instead of only 30 days.

The morning the program moved to version 3.3.2, this was a pure bug fix with CAS having a certificate issue under the login page. At this time, I decided to centralize the CAS information for all pages under the ‘core.php’ page. That way if the certificate moves there is one place to do it.

QuickLogs represents a early version of my app design; these days I tend to make core.php and ajax.php heavy with most of the application functions, and subsequent pages call them with ajax. This is a older app where a lot of the functions are hard coded in the page. I have started migrating to using a wrapper on MySQL like I have with the time cards app. But I only changed it on functions I was modifying so most of QuickLogs remains doing manual queries.

Looking to the future there are many ideas for QuickLogs, yet little time to compete them. One person suggested a achievement system for different things you can do at work. Another suggestion was a Nemesis  a person who is right ahead of you for tickets, and having competition. The final suggestion was for some different types of charts. I wanted to do charts, I just have to find time.

At this point, QuickLogs is going on the shelf. (Unless I get a itch to add more charts) I am shifting to more time on Time Tracker and getting this product finished, before I leave RPI. Documentation for both products should be updated soon as well.

Windows Sudo

I am back at RPI, finishing up my degree. Recently I have been working on hour tracking software for several departments at RPI.

Recently I have run into a minor annoyance where I am in the command line in Windows and need to elevate a command or program so that I can do a administrative task. (Such as moving a file to the system32 folder), the normal solution is to right click command line short cut and “Run as Administrator”. While that works its not fast, I’m sure there are other solutions out there, but I wanted to quickly build on in .Net. I did this a while ago for Vista and called it elev, but never saved it and since I am trying to make the transition between Windows and Linux easier I called it sudo.

All you do is put this in your %windir%\system32\ folder, and then at the command line type “sudo cmd” or whatever command you want. Commands like “dir” are actually part of cmd not a separate file called so “sudo dir” wont show anything, it will output the .Net error.

Link to exe: https://github.com/daberkow/win_sudo/blob/master/sudo/sudo/bin/Release/sudo.exe

Link to project: https://github.com/daberkow/win_sudo

Quick Compare

I wrote a quick little program to solve a problem for me. If you have two algorithms in webpages and want to benchmark them to see the difference, the program will work for you. You add the the below code to a PHP page, or do he same thing in other languages, then the app will run as many times as you tell it to and find the result in time. To lower the time it takes to get a result, you can up the thread count. Averages are not returned till all threads return information.

Start of PHP Page:
$time = microtime(TRUE);
End of page:
echo "seconds " . (microtime(TRUE) - $time);


Download:
https://github.com/daberkow/QuickCompare/blob/master/WebTest/bin/Release/WebTest.exe
Git:
https://github.com/daberkow/QuickCompare/

OpenAFS @RPI Client

Recently I was told “I can’t remember anyone getting OpenAFS to work on their own”, by a staffer at my school. I took it on myself then to figure out how to get this working for students. And in the end I wrote an app that will automatically download and install the AFS client, then configure drives for you. This was an experiment in threading and using WPF instead of Windows Forms.

First the app goes and downloads the OpenAFS client, if it is a 64 bit machine it grabs the 32 bit tools first then the client. While downloading and installing these things it connects via SSH to a school server to get the location of the user’s home folder as well as verify the credentials given.

Once installation is complete the program runs ‘klog’, this goes to the AFS server and requests tokens in the cluster using the credentials given earlier. Once we are past the installing point all these actions need to be run on the campus network. When the program starts it tries to ping a couple internal servers, if it can hit more than half of them in under 75 milliseconds then it considers itself on campus; if it thinks it’s off campus, then it notifies the user. One small problem with the first release is sometimes this system gets confused by vpn taking slightly longer.

Now that we have working token the system recommends drive letters that are not in use as well as AFS spaces to mount including the users folder and ‘dept’ to start. The configure button will activate these drives, they are not set to persistent at this time.

Below is the github link, as well as the direct exe link:

Github: https://github.com/daberkow/RPI_OpenAFS

EXE: https://github.com/daberkow/RPI_OpenAFS/blob/master/OpenAFS%20Installer%20WPF/bin/Release/OpenAFS%20Installer%20WPF.exe

IPv6

As IPv6 starts to roll out more and more, and Windows to update more and more, it may be time to turn IPv6 back on your computer. I wanted to put a reminder out that the IPv6 Cleaner also has a tool built in to change the IPv6 setting of the machine. After changing the setting reboot and Windows will take the new setting. IPv6 Activator is the same code that runs in the 6to4 Cleaner, just as a standalone app.

The following options are avaible:

  • Enable IPv6 – Windows Default
  • Disable IPv6 except critical components – Use if card problem persists
  • Disable native IPv6 interfaces
  • Disable all tunnel IPv6 interfaces
  • Disable all IPv6 interfaces except for the IPv6 loopback interface

Download:

https://github.com/daberkow/daberkow.github.io/tree/master/6to4CardCleaner

Download:

https://github.com/daberkow/daberkow.github.io/tree/master/IPv6Activator

QuickLogs

One project I worked on last semester was for my job at RPI Helpdesk; we needed a system to track how many people came in, along with the general type of problem they were having. We had an old system in place that was written in python but it broke, and did not give the administration side that much information. I wanted to keep the same easy to use interface that the previous program had, along with add features. and give more information on the back end.

This system is used to be a white webpage, with 12 options on it. Then a new interface was added for the touch screen at the desk, this interface had 12 big buttons that used JavaScript to submit it. One of them was user-error, which was not recorded. There was nothing else on the page but these 12 buttons, which tracked the number of clicks per week.

An entire code rewrite was planned; MySQL was going to be used for the database, while the front end was JavaScript and PHP. JQuery was used to make JavaScript work easily across browsers.

While I was making this I was thinking of things I could add to the software, first the old options were built into the tool; instead of having the options build in the database holds available options and which ones the administrator wants active. The new version connects to the CAS (Central Authentication System) of the school; once users are authenticated they are given rights.  Administrators get a settings option given to them, which standard users don’t ever see that option.

JavaScript was used for the button submits, this way the entire page doesn’t have to refresh. At the request of the helpdesk workers, an indication was put in that the ticket was submitted successfully. The top right corner displays “Recorded, entry: #”, this starts at a black box and fades into that number.

The look started as a genetic design, but then at version 3.2 the program look on the look of the Print Queue webpage that the helpdesk hosts. This is the start to a unified look to helpdesk software. As a side note, the version numbers started at 3 because this is the third version of QuickLogs to my knowledge.  Also the main interface is in a folder called “lite” because for a time a enhanced interface was being worked on, a entire ticketing system that included full descriptions, tickets, and follow ups with students who came in.  With course work, this was scarped but the folder structure remained.

One feature that wasn’t requested but I put in for fun was ticket tracking, when a user is not logged in and hits a button then the transaction is recorded under user “default”. When a user is logged in then they are given credit for the ticket. This doesn’t effect anything with the users work, no incentives were given, just friendly competition. The system was in use for about half a semester and this feature was not used at all. Then when a handful of users started using that system, it snowballed into more and more of the users logging in. Now users wanted to beat their coworkers and thus remembered to log a lot more often then before when the data went into a black hole. Later we found in the code there was a stats page, but this was not shown to anyone but administrators who knew about it. Also the old system did not have any long-term user facing statistics, it gave the weekly number then reset. The new system graphs 30 days of problems, what percentage went to each; last 30 days tickets per user; finally, a chart of 24 hours, 7 days, 30 days, 90 days, 365 days and all time tickets recorded. That way the user gets to see their part in records recorded.

Another problem in the past for software like this has been a lack of documentation and information, after a student graduated and built a system like this all the knowledge was lost, it ran until it broke and a new person took over building a new one. Here the code was put on GitHub, all commented up.

That is a general overview of the QuickLogs project. It was a good learning experience for writing a whole web system. I got a enjoyment out of seeing people really use the system, and give feedback. At 8 months in there are around 5,000 records in the system at this point. Below is a gallery of two of the old interfaces, with 3 of the new ones.

 

GitHub: https://github.com/daberkow/QuickLogs