After much tinkering with RPI’s CAS (Central Authentication System) in PHP, I thought I would put together a guide to make it easy for anyone to put together a site that uses it. This would work for anyone at another location with a CAS server, but this example is for RPI.

1. Get the CAS Library
   • https://wiki.jasig.org/display/CASC/phpCAS
2. Download the tar file under “Current Version”
3. Extract the contents, using a program such as 7-Zip, and put it in the root of whatever web folder you want
4. Download the latest CA bundle for SSL
   • http://curl.haxx.se/docs/caextract.html
   • Download “cacert.pem”, and put it in root of web project
5. Create a index.php, login.php, logout.php
6. The index has to load the library, check if the user is logged in, then print out text.

   • <?PHP

     include_once(“./CAS-1.3.2/CAS.php”);
     phpCAS::client(CAS_VERSION_2_0,’cas-auth.rpi.edu’,443,’/cas/’);
     // SSL!
     phpCAS::setCasServerCACert(“./CACert.pem”);//this is relative to the cas client.php file

     if (phpCAS::isAuthenticated())
     {
     echo “User:” . phpCAS::getUser();
     echo “<a href=’./logout.php’>Logout</a>”;
     }else{
     echo “<a href=’./login.php’>Login</a>”;
     }

     ?>

      

   • First we load the library for CAS from the subfolder
   • Then we select which will be our central server
   • We have to select our ca bundle, setCasServerCert does this
   • Now we have fully loaded and configured the library
   • Finally, I can ask CAS if a user has logged in, if so writeout some options, if not others
7. This is the login page

   • <?PHP

     include_once(“./CAS-1.3.2/CAS.php”);
     phpCAS::client(CAS_VERSION_2_0,’cas-auth.rpi.edu’,443,’/cas/’);
     // SSL!
     phpCAS::setCasServerCACert(“./CACert.pem”);//this is relative to the cas client.php file

     if (!phpCAS::isAuthenticated())
     {
     phpCAS::forceAuthentication();
     }else{
     header(‘location: ./index.php’);
     }

     ?>

      

   • Similar setup of authentication as before
   • Now we check if the user is NOT authenticated, if the user is not authenticated we force login
   • If the user already is logged in, then we redirect to the index
8. The logout page:

   • <?PHP

     include_once(“./CAS-1.3.2/CAS.php”);
     phpCAS::client(CAS_VERSION_2_0,’cas-auth.rpi.edu’,443,’/cas/’);
     // SSL!
     phpCAS::setCasServerCACert(“./CACert.pem”);//this is relative to the cas client.php file

     if (phpCAS::isAuthenticated())
     {
     phpCAS::logout();
     }else{
     header(‘location: ./index.php’);
     }

     ?>

      

   • Same configuration (this can be done by including a core file that everything else calls, but for this example I wanted to keep it simple)
   • If they are not logged in, then we push the user back to login

That is the basic configuration, the example is available for download below. If there are any questions feel free to post a comment.

Download: https://github.com/daberkow/daberkow.github.io/blob/master/CASExample.zip

Extra Notes:

• If you want to save server space, the docs folder under the CAS folder can be removed
• I have ran into problems with CAS on a Windows Apache server, and CAS on a Linux Apache server reference the CACert.pem file differently
  • One example of CAS on Windows is the timetracker software
  • One example of CAS on Linux is QuickLogs