rbcas / casino Goto Github PK
View Code? Open in Web Editor NEWCASino is a Ruby-based Single Sign-On solution supporting the CAS standard
License: MIT License
CASino is a Ruby-based Single Sign-On solution supporting the CAS standard
License: MIT License
Hi, I need to use CASino and I need it to authenticate against 2 different DBs. So I added 2 different authenticators to my cas.yml
, both are authenticator: "ActiveRecord"
and it seems that CASino is always connecting ONLY to the one I have at the bottom in my list of authenticators in the cas.yml
file. I was trying to debug and looks like casino-activerecord_authenticator
is being instantiated twice but with the same name (because my tables are named the same for both connections) and so that may be the problem. Have you ever experienced something like the scenario I described above? Any solution?
Do you plan to support the v2.x line?
There are quite a few projects still on Rails 3 (which is supported) and maybe we could cherry-pick / port some bugfixes on a 2.x branch.
I'd be happy if you could release a 2.0.7
with daa65df and 12b5073.
If you agree and create a branch, I can prepare a PR with these commits.
this might belong in casino-ldap_authenticator but the issue is happening in the engine codebase (3.0.2)
I'm using the ldap-authenticator with username_attribute: "sAMAccountName"
. well when trying to insert into casino_users
its getting nil
for the username. If i add username: "sAMAccountName"
to the extra_attributes than everything works properly.
The authentication itself is working just fine, just the username not getting carried over unless specified in the extra_attributes. I think this should be automatically added or documented this way.
Backtrace:
...[bunch of stuff]...
app/processors/casino/processor_concern/ticket_granting_tickets.rb:48
app/processors/casino/processor_concern/ticket_granting_tickets.rb:33
app/processors/casino/login_credential_acceptor_processor.rb:45
app/processors/casino/login_credential_acceptor_processor.rb:37
app/processors/casino/login_credential_acceptor_processor.rb:27
...[bunch of stuff]...
Hello,
We're using RUBY CAS Server but after hacking and patching it, we're looking for another solution, and we found CASino.
CASino works well with Ruby 2.x or we need to use 1.9.3 as the .ruby-version says?
We are not able to use LDAP correctly, even it's properly configured in /config/cas.yml
The server has been restarted (CASino) but we can't find any reference in the log files.
This is on OSX using 10.9.4 and ruby 2.0.0p247
thanks,
I added CASino v3.0.0.pre.2 to an existing web application and encountered following error:
ActionController::RoutingError (uninitialized constant CASino::SessionsHelper):
/Users/mani/Projects/CASino/app/controllers/casino/sessions_controller.rb:2:in `<class:SessionsController>'
/Users/mani/Projects/CASino/app/controllers/casino/sessions_controller.rb:1:in `<top (required)>'
activesupport (4.1.0) lib/active_support/inflector/methods.rb:240:in `const_get'
activesupport (4.1.0) lib/active_support/inflector/methods.rb:240:in `block in constantize'
activesupport (4.1.0) lib/active_support/inflector/methods.rb:236:in `each'
activesupport (4.1.0) lib/active_support/inflector/methods.rb:236:in `inject'
activesupport (4.1.0) lib/active_support/inflector/methods.rb:236:in `constantize'
actionpack (4.1.0) lib/action_dispatch/routing/route_set.rb:76:in `controller_reference'
actionpack (4.1.0) lib/action_dispatch/routing/route_set.rb:66:in `controller'
actionpack (4.1.0) lib/action_dispatch/routing/route_set.rb:44:in `call'
actionpack (4.1.0) lib/action_dispatch/journey/router.rb:71:in `block in call'
actionpack (4.1.0) lib/action_dispatch/journey/router.rb:59:in `each'
actionpack (4.1.0) lib/action_dispatch/journey/router.rb:59:in `call'
after lots of try and error I found the cause of error in my Gemfile:
group :development, :test do
gem 'rspec-rails'
# Use railroad for generating model diagrams
gem 'railroady'
# Use dot for generating diagrams via RailRoady
gem 'dot'
end
commenting dot gem solved the problem!
#gem 'dot'
Any Idea?
The service parameter will be lost if you failed the login.
Possibly in the wiki to not blow up the documentation.
Clicking on the corresponding button when being logged in results in a "Something went wrong"-error.
This is happening because we removed jQuery-ujs together with jQuery and the request is now sent as GET instead of DELETE (or POST with _method=delete). See: https://github.com/rbCAS/CASino/blob/master/app/views/casino/sessions/index.html.erb#L21.
To enable Two-factor authentication on a mobile device it would be nice if the otpauth url would not only be encoded as a QR-Code but be provided as a link to. This allows the OTP app to be opened with all the informations as with the QR-Code, but without the haste to take a picture of the mobiles own screen.
https://code.google.com/p/google-authenticator/wiki/KeyUriFormat
Add a settings.yml configuration file which gets copied to the Rails app when running the installation generator.
It should contain settings such as:
Hi all, can you post instructions on how to deploy on heroku?
According to section 2.3.1 of the CAS 3.0 spec, the /logout route should accept a service parameter and redirect there if present.
Seems like a small enough change. I would be happy to submit a PR if you'd accept it.
This may not be an every day case, so I try to describe the problem in detail. In the local net CASino works as expected. We also grant users access from internet site through a microsoft forefront TMG 2010. The steps are:
So why not validate any service request if there are no service restrictions during login? If there is a valid ticket, all subsequent service validations are working.
I'm using rubycas server until now without such problem and I want to replace it by CASino since CASino is the superior application for me (clearer and much more understandable code, and other goodies like straight forward deployment).
When I log out an user from the server, it isn't log out from my apps, and I can see on my log file this code:
Started POST "/users/service" for 127.0.0.1 at 2014-07-28 09:39:31 -0300
Processing by Devise::CasSessionsController#single_sign_out as */*
Parameters: {"logoutRequest"=>"<samlp:LogoutRequest xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\" xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\" ID=\"66f2aa23-00fc-4e7e-a8da-9a2face99c43\" Version=\"2.0\" IssueInstant=\"2014-07-28 09:39:30 -0300\">\n <saml:NameID>@NOT_USED@</saml:NameID>\n <samlp:SessionIndex>ST-14065511443847-WOp6JMTuekqtYMrZbnbsULQhxIlwgBKRCBerqqZd</samlp:SessionIndex>\n</samlp:LogoutRequest>\n"}
Ignoring CAS single-sign-out request as feature is not currently enabled.
Rendered text template (0.0ms)
Completed 200 OK in 1ms (Views: 0.5ms | ActiveRecord: 0.0ms)
Why I get this message "Ignoring CAS single-sign-out request as feature is not currently enabled." ? I missing some settings?
Just for info: there is a hardcoded '/login' in session.js. If I use casino with a suburi like /zas, the browser redirects to /login instead of /zas/login after successfull login. This only occures on the very first access if there is no usable cookie for casino.
If I overwrite '/login' with '/zas/login' in session.js, all works as expected.
Environment:
CentOS 7.
Ruby 2.0
Mariadb 5.5
apache 2.4
http:///public
Gives me web application could not be started
cannot load such file -- bundler/setup (LoadError)
/usr/share/rubygems/rubygems/core_ext/kernel_require.rb:53:in require' /usr/share/rubygems/rubygems/core_ext/kernel_require.rb:53:in
require'
/home/deploy/.gem/ruby/gems/passenger-4.0.58/lib/phusion_passenger/loader_shared_helpers.rb:263:in block in run_load_path_setup_code' /home/deploy/.gem/ruby/gems/passenger-4.0.58/lib/phusion_passenger/loader_shared_helpers.rb:366:in
running_bundler'
/home/deploy/.gem/ruby/gems/passenger-4.0.58/lib/phusion_passenger/loader_shared_helpers.rb:261:in run_load_path_setup_code' /home/deploy/.gem/ruby/gems/passenger-4.0.58/helper-scripts/rack-preloader.rb:100:in
preload_app'
/home/deploy/.gem/ruby/gems/passenger-4.0.58/helper-scripts/rack-preloader.rb:158:in <module:App>' /home/deploy/.gem/ruby/gems/passenger-4.0.58/helper-scripts/rack-preloader.rb:29:in
module:PhusionPassenger'
/home/deploy/.gem/ruby/gems/passenger-4.0.58/helper-scripts/rack-preloader.rb:28:in `
Hello everyone,
I'm working on my undergraduate final project, its supposed to be about CASino and SSO for enterprise enviroment. Thus, I'm trying to understand the CASino architecture, I've been studying Jasig CAS in order to understand the roots of CASino and so on.
Well, I found this CAS architecture description (link below), but since my goal is CASino, I'm wondering if CASino follows this structure, and if so, who takes care of Web tier.
Another thing, I've translated en.yml file to pt-BR.yml in order to support Brazilian Portuguese language, so I want to ask how I supposed to test befor commit it.
Ty very much.
http://jasig.github.io/cas/4.0.0/planning/Architecture.html#system-components
Is it possible to get which backend was used in response?
Hi,
How am I suppose to get the current logged user in the server side controllers?
Thanks!
CASino uses addressable/uri, which does not fully normalize Urls with semicolon like
http://server/otrs/index.pl?Action=AgentTicketZoom;TicketID=12345
The result after service validation is
http://server/otrs/index.pl?Action=AgentTicketZoom%3BTicketID%3D12345
which OTRS cannot handle.
More info: sporkmonger/addressable#114 and #58
I've installed the CAS server and got it working, I've installed the Devise CAS client and got it working, or at least working with the dummy authenticator. I want to use the ActiveRecord authenticator but I'm faced with what seems to be an insurmountable and very basic problem. How do I get the users into the database?
Nowhere do I see an explanation of how to register new users on the CAS server yet everyone talks about the ActiveRecord authenticator as if they've got it working. Do records get added from a Devise client to the CAS server by magic? Does the RAS server actually use the Devise user table? That seems crazy.
How does it work?
I've installed the CAS server and got it working, I've installed the Devise CAS client and got it working, or at least working with the dummy authenticator. I want to use the ActiveRecord authenticator but I'm faced with what seems to be an insurmountable and very basic problem. How do I get the users into the database?
Nowhere do I see an explanation of how to register new users on the CAS server yet everyone talks about the ActiveRecord authenticator as if they've got it working. Do records get added from a Devise client to the CAS server by magic? Does the RAS server actually use the Devise user table? That seems crazy.
How does it work?
I think that set_locale
should be removed from this engine since it's not it's responsibility (e.g. move it to CASinoApp
). In case when I want to allow user to select language on itself I would need to hack the CASino instead of just relying on existing implementation somewhere in my app.
We have some users with browsers sending longer user_agent strings as 256 bytes. This results in an Mysql2::Error: Data too long for column 'user_agent'
since user_agent is of type string.
Please cut the user_agent at 256 bytes or switch to type text.
development:
frontend:
sso_name: "SEDL Login"
footer_text: "Powered by <a href=\"http://rbcas.com/\">CASino</a>"
authenticators:
sedl_worker_database:
authenticator: "ActiveRecord"
options:
connection:
adapter: "postgresql"
host: "localhost"
username: "postgres"
database: "sedlrevamp_development"
table: "workers"
username_column: "name"
password_column: "password"
extra_attributes:
email: "email"
create_table "workers", force: true do |t|
t.string "name"
t.string "email"
t.string "password"
end
id: 1
name: test4
email: [email protected]
password: $2a$10$NGLYWXVBALzKtKNpvA5y7eHT.NryvSYYUt2rV.233WvwRTD03hh3K, #"secret"
Started POST "/login" for 198.214.140.183 at 2014-08-11 15:16:18 -0500
Processing by CASino::SessionsController#create as HTML
Parameters: {"utf8"=>"โ", "authenticity_token"=>"eH2fEegF7otQCkc+7d1RFcS8epNZlPBMg55zn3Sa5H4=", "lt"=>"LT-14077881571249-GxHERvxEfecei4FEB3lzx1yOJ0lEKquI5RmNOvJ3", "username"=>"brollins", "password"=>"secret", "button"=>""}
CASino::LoginTicket Load (0.7ms) SELECT "casino_login_tickets".* FROM "casino_login_tickets" WHERE "casino_login_tickets"."ticket" = 'LT-14077881571249-GxHERvxEfecei4FEB3lzx1yOJ0lEKquI5RmNOvJ3' LIMIT 1
Login ticket 'LT-14077881571249-GxHERvxEfecei4FEB3lzx1yOJ0lEKquI5RmNOvJ3' successfully validated
SQL (1.0ms) DELETE FROM "casino_login_tickets" WHERE "casino_login_tickets"."id" = 141
(0.2ms) BEGIN
CASino::LoginTicket Exists (0.4ms) SELECT 1 AS one FROM "casino_login_tickets" WHERE "casino_login_tickets"."ticket" = 'LT-14077881783785-0Zltlhz6qlfq0DeTXVeqIx4pDdjD4uDZ5q6G9FnD' LIMIT 1
SQL (0.5ms) INSERT INTO "casino_login_tickets" ("created_at", "ticket", "updated_at") VALUES ($1, $2, $3) RETURNING "id" ["created_at", "2014-08-11 20:16:18.381984"], ["ticket", "LT-14077881783785-0Zltlhz6qlfq0DeTXVeqIx4pDdjD4uDZ5q6G9FnD"], ["updated_at", "2014-08-11 20:16:18.381984"] COMMIT
Created login ticket 'LT-14077881783785-0Zltlhz6qlfq0DeTXVeqIx4pDdjD4uDZ5q6G9FnD'
Rendered /home/brian/.rvm/gems/ruby-1.9.3-p327/gems/casino-3.0.1/app/views/casino/application/_messages.html.erb (0.3ms)
Rendered /home/brian/.rvm/gems/ruby-1.9.3-p327/gems/casino-3.0.1/app/views/casino/application/_footer.html.erb (0.2ms)
Rendered /home/brian/.rvm/gems/ruby-1.9.3-p327/gems/casino-3.0.1/app/views/casino/sessions/new.html.erb within layouts/application (7.2ms)
Completed 403 Forbidden in 30ms (Views: 14.5ms | ActiveRecord: 3.5ms)
Is there a way after I sign up then I should be automatically logged in my casino server?
@luxflux
I try to do login by using RestClient.post("cas.xxx.com/login", {:username => "xxx", :password => "xxx", :lt => "xxx"}) from my client side, but after doing that, although my client side web has logged in, but when I visit cas.xxx.com, I found my user doesn't log in. Coule you help me to find out why it doesn't successd
Hello, guys! I have found the when I run
bundle exec rails g casino:install
I face with the problem, that there is no JS environment. I have fix this problem with installing therubyracer gem. My proposal is to include this gem into gem dependencies.
Best regards,
Arthur
Hi,
it seems i have to override sign in method of casino, because there is a requirement in my client application like inviting a new user to client application and adding them into a group,like wise i have to add existing user to the group while they sign in via casino. i have done sign up part by overriding devise registrations controller for adding the user to the system and group, i have to do this for existing user also. so how to override casino sign in method ? kindly help me.
I've noticed that Jasig CAS has support for third-party protocols, any plans to bring that to CASino in the near future?
What is the :see_other, and it useful for?
/CASino/app/controllers/casino/sessions_controller.rb:
47 @url = params[:url]
48 if params[:service].present? && service_allowed?(params[:service])
49: redirect_to params[:service], status: :see_other
50 end
51 end
/CASino/app/helpers/casino/sessions_helper.rb:
61 end
62 end
63: redirect_to sessions_path, status: :see_other
64 end
65 end
..
71 else
72 url = acquire_service_ticket(tgt, params[:service], options).service_with_ticket_url
73: redirect_to url, status: :see_other
74 end
75 end
It does not make much sense to present the user with a ever growing list of Two-factor codes. Therefore it would be nice to disable autocomplete on the Two-factor input field/form.
Does CASino support oauth provider??
Hi,
I'm trying to change the table name in cas.yml
to users
but it's not working.
The error PG::UndefinedTable: ERROR: relation "casino_users" does not exist
appears in the dev environment (I have not tried production yet) right after the login form submission.
Here is a screenshot of the Rails exception:
My cas.yml
file looks like this.
I have also changed the migration RenameBaseModels
to not change the users
table name into casino_users
since I already have users
table.
My gemfile.lock
looks like this, we are using casino 3.0.0.pre.1
, casino-activerecord_authenticator 3.0.0.pre.1 branch: casino3
and rails 4.1.0
.
Using the new grape-based API.
Any suggestions for integrating CASino into an existing Rails 4.0 app?
We need to support calling CAS with a service ticket to log the user out. Is there a reason (security or otherwise) that this isn't available in the CASino API? If not, we'll put in a PR for it when we get it together.
Cronjob is too complicated to setup...
Casino works fine for me with rails 4.1 (branch rails4) if the casino application uses the root url, but there are some gotchas if I install casino (using a simple new plain rails 4.1 app) for use on a sub url like myhost.example.net/zas. We use a lot of applications through a reverse proxy, so each application including casino has to use a sub url to separate namespaces.
Here is what I have done to get it working using /zas as sub url:
# /etc/apache2/conf.d/zas.conf
<Location /zas>
PassengerBaseURI /zas
PassengerAppRoot /var/srv/www/casinoapp/current
RackEnv production
</Location>
<Directory "/var/srv/www/casinoapp/current/public">
AllowOverride All
order allow,deny
allow from all
</Directory>
# casinoapp/config/application.rb:
Rails.application.routes.default_url_options[:script_name] = ENV['RAILS_RELATIVE_URL_ROOT']
I've got the idea for the default_url_options from here: activeadmin/activeadmin#101 (comment)
There is a special issue with redirects in routes.rb within an engine, for rails4 I use the following modification to casino/config/routes.rb:
root to: redirect('login')
Just remove the '/' from '/login' here. Rails4 then respects SCRIPT_NAME for sub urls. More info on this: rails/rails#7977 (comment)
And last but not least asset precompilation must respect the sub url on deployment:
namespace :deploy do
namespace :assets do
task :precompile do
run "cd #{release_path} && bundle exec rake RAILS_ENV=production RAILS_RELATIVE_URL_ROOT=#{sub_uri} assets:precompile"
end
end
end
before 'deploy:assets:precompile', 'deploy:assets:symlink'
The only issue here for casino (using the current rails 4 branch and rails 4.1) is the '/' in front of login which should be removed.
# root to: redirect('/login')
root to: redirect('login')
The other stuff can be done by using a own minimal rails application instead of CASinoApp.
I want to sign in users with Casino after they successfully submit the sign up form.
Something like the Devise's sign_in method.
Thoughts?
I want to use casino for a rails 4.2 app but got the following issue:
Bundler could not find compatible versions for gem "rails":
In Gemfile:
casino (>= 0) ruby depends on
rails (~> 4.1.0) ruby
rails (4.2.0)
Any reasons why you use a so strict version dependency?
Hi, i'm trying this version of Cas server and when i run it in development env all goes well, but when i change env to production, i have an error like
Failed to load authenticator 'ActiveRecord'. Maybe you have to include "gem 'casino_core-authenticator-active_record'" in your Gemfile? Error: cannot load such file -- casino_core-authenticator-active_record
I've followed the instructions I found in the Casino site and github pages "install from scratch", for to set the ActiveRecord authenticator, so in the Gemfile 've added gem 'casino_core-authenticator-activerecord'
I've had this error also on CasinoApp but i've reinstalled all and now it goes well.
i've copied the cas.yml from casinoapp to my-casino and executed the
RAILS_ENV=production bundle exec rails s
but i don't know why the yml file is parsed so the uppercase A is changed to _a
Both Casino and CasinoApp run with rails 3.2.12.
what can i do?
Another question: i woulk like that ther'is a redirection on logout, not only the link for the next page if params[:url] is present
We don't have integration tests ๐
As mentioned here:
I think we should plan a major overhaul of the processor/listener approach we currently use. It's too complicated and not of much use since we merged CASino and CASinoCore.
I've just installed CASino
gem, generated migrations and run them with error:
PG::UndefinedColumn: ERROR: column "authenticator" does not exist
: CREATE UNIQUE INDEX "index_casino_users_on_authenticator_and_username" ON "casino_users" ("authenticator", "username")
/home/yanoo/Code/project/db/migrate/20150115141937_rename_base_models.casino.rb:62:in `up'
ActiveRecord::StatementInvalid: PG::UndefinedColumn: ERROR: column "authenticator" does not exist
: CREATE UNIQUE INDEX "index_casino_users_on_authenticator_and_username" ON "casino_users" ("authenticator", "username")
/home/yanoo/Code/project/db/migrate/20150115141937_rename_base_models.casino.rb:62:in `up'
PG::UndefinedColumn: ERROR: column "authenticator" does not exist
/home/yanoo/Code/project/db/migrate/20150115141937_rename_base_models.casino.rb:62:in `up'
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.