Hi, I need to use CASino and I need it to authenticate against 2 different DBs. So I added 2 different authenticators to my cas.yml, both are authenticator: "ActiveRecord" and it seems that CASino is always connecting ONLY to the one I have at the bottom in my list of authenticators in the cas.yml file. I was trying to debug and looks like casino-activerecord_authenticator is being instantiated twice but with the same name (because my tables are named the same for both connections) and so that may be the problem. Have you ever experienced something like the scenario I described above? Any solution?

Do you plan to support the v2.x line?
There are quite a few projects still on Rails 3 (which is supported) and maybe we could cherry-pick / port some bugfixes on a 2.x branch.

I'd be happy if you could release a 2.0.7 with daa65df and 12b5073.

If you agree and create a branch, I can prepare a PR with these commits.

this might belong in casino-ldap_authenticator but the issue is happening in the engine codebase (3.0.2)

I'm using the ldap-authenticator with username_attribute: "sAMAccountName". well when trying to insert into casino_users its getting nil for the username. If i add username: "sAMAccountName" to the extra_attributes than everything works properly.

The authentication itself is working just fine, just the username not getting carried over unless specified in the extra_attributes. I think this should be automatically added or documented this way.

Backtrace:

...[bunch of stuff]...

app/processors/casino/processor_concern/ticket_granting_tickets.rb:48
app/processors/casino/processor_concern/ticket_granting_tickets.rb:33
app/processors/casino/login_credential_acceptor_processor.rb:45
app/processors/casino/login_credential_acceptor_processor.rb:37
app/processors/casino/login_credential_acceptor_processor.rb:27

...[bunch of stuff]...

Hello,

We're using RUBY CAS Server but after hacking and patching it, we're looking for another solution, and we found CASino.

CASino works well with Ruby 2.x or we need to use 1.9.3 as the .ruby-version says?

We are not able to use LDAP correctly, even it's properly configured in /config/cas.yml

The server has been restarted (CASino) but we can't find any reference in the log files.

This is on OSX using 10.9.4 and ruby 2.0.0p247

thanks,

I added CASino v3.0.0.pre.2 to an existing web application and encountered following error:

 ActionController::RoutingError (uninitialized constant CASino::SessionsHelper):
 /Users/mani/Projects/CASino/app/controllers/casino/sessions_controller.rb:2:in    `<class:SessionsController>'
 /Users/mani/Projects/CASino/app/controllers/casino/sessions_controller.rb:1:in `<top (required)>'
 activesupport (4.1.0) lib/active_support/inflector/methods.rb:240:in `const_get'
 activesupport (4.1.0) lib/active_support/inflector/methods.rb:240:in `block in constantize'
 activesupport (4.1.0) lib/active_support/inflector/methods.rb:236:in `each'
 activesupport (4.1.0) lib/active_support/inflector/methods.rb:236:in `inject'
 activesupport (4.1.0) lib/active_support/inflector/methods.rb:236:in `constantize'
 actionpack (4.1.0) lib/action_dispatch/routing/route_set.rb:76:in `controller_reference'
 actionpack (4.1.0) lib/action_dispatch/routing/route_set.rb:66:in `controller'
 actionpack (4.1.0) lib/action_dispatch/routing/route_set.rb:44:in `call'
 actionpack (4.1.0) lib/action_dispatch/journey/router.rb:71:in `block in call'
 actionpack (4.1.0) lib/action_dispatch/journey/router.rb:59:in `each'
 actionpack (4.1.0) lib/action_dispatch/journey/router.rb:59:in `call'

after lots of try and error I found the cause of error in my Gemfile:

group :development, :test do
   gem 'rspec-rails'

   # Use railroad for generating model diagrams
    gem 'railroady'

    # Use dot for generating diagrams via RailRoady
    gem 'dot'
end

commenting dot gem solved the problem!

   #gem 'dot'

Any Idea?

The service parameter will be lost if you failed the login.

Possibly in the wiki to not blow up the documentation.

Clicking on the corresponding button when being logged in results in a "Something went wrong"-error.

This is happening because we removed jQuery-ujs together with jQuery and the request is now sent as GET instead of DELETE (or POST with _method=delete). See: https://github.com/rbCAS/CASino/blob/master/app/views/casino/sessions/index.html.erb#L21.

To enable Two-factor authentication on a mobile device it would be nice if the otpauth url would not only be encoded as a QR-Code but be provided as a link to. This allows the OTP app to be opened with all the informations as with the QR-Code, but without the haste to take a picture of the mobiles own screen.

https://code.google.com/p/google-authenticator/wiki/KeyUriFormat

Add a settings.yml configuration file which gets copied to the Rails app when running the installation generator.

It should contain settings such as:

• Page title
• Footer text

Hi all, can you post instructions on how to deploy on heroku?

According to section 2.3.1 of the CAS 3.0 spec, the /logout route should accept a service parameter and redirect there if present.

Seems like a small enough change. I would be happy to submit a PR if you'd accept it.

This may not be an every day case, so I try to describe the problem in detail. In the local net CASino works as expected. We also grant users access from internet site through a microsoft forefront TMG 2010. The steps are:

1. User calls https://gw.mycompany.extern/myapp
2. TMG rewrites the URL to https://appserver.mycompany.intern/myapp
3. Appserver with mod_auth_cas requests a ticket
4. User get the new session form with the url https://gw.mycompany.extern/zas/login?service=https://appserver.mycompany.intern/myapp, this url is not replaced by TMG, since this is a parameter, not a called URL. The session form contains a hidden input field name=service value=https://gw.mycompany.extern/myapp, so the TMG has replaced the intern URL here to an extern URL.
5. User sends the Login form, and the value of the hidden field will be send as parameter, not as URL, so TMG does not translate it. CASino register the service with the extern URL https://gw.mycompany.extern/myapp.
6. Appserver sends a serviceValidate for https://appserver.mycompany.intern/myapp, but CASino says NO. The database shows only a registered service for the extern URL, but not for the intern URL. From users scope the login seems to fail, but the service validation after successfull login will be rejected. Why? I dont have any rules to restrict service access, all services should be allowed.
7. If the User now load the URL manually, all works fine. If the User first call CASino from outside to login and get a ticket he next can successfull access the application.

So why not validate any service request if there are no service restrictions during login? If there is a valid ticket, all subsequent service validations are working.
I'm using rubycas server until now without such problem and I want to replace it by CASino since CASino is the superior application for me (clearer and much more understandable code, and other goodies like straight forward deployment).

When I log out an user from the server, it isn't log out from my apps, and I can see on my log file this code:

Started POST "/users/service" for 127.0.0.1 at 2014-07-28 09:39:31 -0300
Processing by Devise::CasSessionsController#single_sign_out as */*
  Parameters: {"logoutRequest"=>"<samlp:LogoutRequest xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\" xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\" ID=\"66f2aa23-00fc-4e7e-a8da-9a2face99c43\" Version=\"2.0\" IssueInstant=\"2014-07-28 09:39:30 -0300\">\n  <saml:NameID>@NOT_USED@</saml:NameID>\n  <samlp:SessionIndex>ST-14065511443847-WOp6JMTuekqtYMrZbnbsULQhxIlwgBKRCBerqqZd</samlp:SessionIndex>\n</samlp:LogoutRequest>\n"}
Ignoring CAS single-sign-out request as feature is not currently enabled.
  Rendered text template (0.0ms)
Completed 200 OK in 1ms (Views: 0.5ms | ActiveRecord: 0.0ms)

Why I get this message "Ignoring CAS single-sign-out request as feature is not currently enabled." ? I missing some settings?

Just for info: there is a hardcoded '/login' in session.js. If I use casino with a suburi like /zas, the browser redirects to /login instead of /zas/login after successfull login. This only occures on the very first access if there is no usable cookie for casino.

If I overwrite '/login' with '/zas/login' in session.js, all works as expected.

Environment:
CentOS 7.
Ruby 2.0
Mariadb 5.5
apache 2.4

http:///public
Gives me web application could not be started
cannot load such file -- bundler/setup (LoadError)
/usr/share/rubygems/rubygems/core_ext/kernel_require.rb:53:in require' /usr/share/rubygems/rubygems/core_ext/kernel_require.rb:53:inrequire'
/home/deploy/.gem/ruby/gems/passenger-4.0.58/lib/phusion_passenger/loader_shared_helpers.rb:263:in block in run_load_path_setup_code' /home/deploy/.gem/ruby/gems/passenger-4.0.58/lib/phusion_passenger/loader_shared_helpers.rb:366:inrunning_bundler'
/home/deploy/.gem/ruby/gems/passenger-4.0.58/lib/phusion_passenger/loader_shared_helpers.rb:261:in run_load_path_setup_code' /home/deploy/.gem/ruby/gems/passenger-4.0.58/helper-scripts/rack-preloader.rb:100:inpreload_app'
/home/deploy/.gem/ruby/gems/passenger-4.0.58/helper-scripts/rack-preloader.rb:158:in <module:App>' /home/deploy/.gem/ruby/gems/passenger-4.0.58/helper-scripts/rack-preloader.rb:29:inmodule:PhusionPassenger'
/home/deploy/.gem/ruby/gems/passenger-4.0.58/helper-scripts/rack-preloader.rb:28:in `

Hello everyone,

I'm working on my undergraduate final project, its supposed to be about CASino and SSO for enterprise enviroment. Thus, I'm trying to understand the CASino architecture, I've been studying Jasig CAS in order to understand the roots of CASino and so on.
Well, I found this CAS architecture description (link below), but since my goal is CASino, I'm wondering if CASino follows this structure, and if so, who takes care of Web tier.
Another thing, I've translated en.yml file to pt-BR.yml in order to support Brazilian Portuguese language, so I want to ask how I supposed to test befor commit it.

Ty very much.

http://jasig.github.io/cas/4.0.0/planning/Architecture.html#system-components

Is it possible to get which backend was used in response?

Hi,

How am I suppose to get the current logged user in the server side controllers?

Thanks!

CASino uses addressable/uri, which does not fully normalize Urls with semicolon like

http://server/otrs/index.pl?Action=AgentTicketZoom;TicketID=12345

The result after service validation is

http://server/otrs/index.pl?Action=AgentTicketZoom%3BTicketID%3D12345

which OTRS cannot handle.

More info: sporkmonger/addressable#114 and #58

I've installed the CAS server and got it working, I've installed the Devise CAS client and got it working, or at least working with the dummy authenticator. I want to use the ActiveRecord authenticator but I'm faced with what seems to be an insurmountable and very basic problem. How do I get the users into the database?

Nowhere do I see an explanation of how to register new users on the CAS server yet everyone talks about the ActiveRecord authenticator as if they've got it working. Do records get added from a Devise client to the CAS server by magic? Does the RAS server actually use the Devise user table? That seems crazy.

How does it work?

I've installed the CAS server and got it working, I've installed the Devise CAS client and got it working, or at least working with the dummy authenticator. I want to use the ActiveRecord authenticator but I'm faced with what seems to be an insurmountable and very basic problem. How do I get the users into the database?

Nowhere do I see an explanation of how to register new users on the CAS server yet everyone talks about the ActiveRecord authenticator as if they've got it working. Do records get added from a Devise client to the CAS server by magic? Does the RAS server actually use the Devise user table? That seems crazy.

How does it work?

I think that set_locale should be removed from this engine since it's not it's responsibility (e.g. move it to CASinoApp). In case when I want to allow user to select language on itself I would need to hack the CASino instead of just relying on existing implementation somewhere in my app.

We have some users with browsers sending longer user_agent strings as 256 bytes. This results in an Mysql2::Error: Data too long for column 'user_agent' since user_agent is of type string.

Please cut the user_agent at 256 bytes or switch to type text.

cas.yml

development:
    frontend:
    sso_name: "SEDL Login"
    footer_text: "Powered by <a href=\"http://rbcas.com/\">CASino</a>"

authenticators:
  sedl_worker_database:
    authenticator: "ActiveRecord"
    options:
      connection:
        adapter: "postgresql"
        host: "localhost"
        username: "postgres"
        database: "sedlrevamp_development"
      table: "workers"
      username_column: "name"
      password_column: "password"
      extra_attributes:
        email: "email"

workers_table schema

create_table "workers", force: true do |t|
  t.string "name"
  t.string "email"
  t.string "password"
end

example record:

id: 1
name: test4 
email: [email protected]
password: $2a$10$NGLYWXVBALzKtKNpvA5y7eHT.NryvSYYUt2rV.233WvwRTD03hh3K, #"secret"

stack trace

Started POST "/login" for 198.214.140.183 at 2014-08-11 15:16:18 -0500
Processing by CASino::SessionsController#create as HTML
Parameters: {"utf8"=>"✓",    "authenticity_token"=>"eH2fEegF7otQCkc+7d1RFcS8epNZlPBMg55zn3Sa5H4=", "lt"=>"LT-14077881571249-GxHERvxEfecei4FEB3lzx1yOJ0lEKquI5RmNOvJ3", "username"=>"brollins", "password"=>"secret", "button"=>""}

CASino::LoginTicket Load (0.7ms) SELECT "casino_login_tickets".* FROM "casino_login_tickets" WHERE "casino_login_tickets"."ticket" = 'LT-14077881571249-GxHERvxEfecei4FEB3lzx1yOJ0lEKquI5RmNOvJ3' LIMIT 1
Login ticket 'LT-14077881571249-GxHERvxEfecei4FEB3lzx1yOJ0lEKquI5RmNOvJ3' successfully validated
SQL (1.0ms) DELETE FROM "casino_login_tickets" WHERE "casino_login_tickets"."id" = 141
(0.2ms) BEGIN
CASino::LoginTicket Exists (0.4ms) SELECT 1 AS one FROM "casino_login_tickets" WHERE "casino_login_tickets"."ticket" = 'LT-14077881783785-0Zltlhz6qlfq0DeTXVeqIx4pDdjD4uDZ5q6G9FnD' LIMIT 1
SQL (0.5ms) INSERT INTO "casino_login_tickets" ("created_at", "ticket", "updated_at") VALUES ($1, $2, $3) RETURNING "id" ["created_at", "2014-08-11 20:16:18.381984"], ["ticket", "LT-14077881783785-0Zltlhz6qlfq0DeTXVeqIx4pDdjD4uDZ5q6G9FnD"], ["updated_at", "2014-08-11 20:16:18.381984"] COMMIT
Created login ticket 'LT-14077881783785-0Zltlhz6qlfq0DeTXVeqIx4pDdjD4uDZ5q6G9FnD'
Rendered /home/brian/.rvm/gems/ruby-1.9.3-p327/gems/casino-3.0.1/app/views/casino/application/_messages.html.erb (0.3ms)
Rendered /home/brian/.rvm/gems/ruby-1.9.3-p327/gems/casino-3.0.1/app/views/casino/application/_footer.html.erb (0.2ms)
Rendered /home/brian/.rvm/gems/ruby-1.9.3-p327/gems/casino-3.0.1/app/views/casino/sessions/new.html.erb within layouts/application (7.2ms)
Completed 403 Forbidden in 30ms (Views: 14.5ms | ActiveRecord: 3.5ms)

Is there a way after I sign up then I should be automatically logged in my casino server?

@luxflux
I try to do login by using RestClient.post("cas.xxx.com/login", {:username => "xxx", :password => "xxx", :lt => "xxx"}) from my client side, but after doing that, although my client side web has logged in, but when I visit cas.xxx.com, I found my user doesn't log in. Coule you help me to find out why it doesn't successd

Hello, guys! I have found the when I run

bundle exec rails g casino:install

I face with the problem, that there is no JS environment. I have fix this problem with installing therubyracer gem. My proposal is to include this gem into gem dependencies.

Best regards,
Arthur

Hi,
it seems i have to override sign in method of casino, because there is a requirement in my client application like inviting a new user to client application and adding them into a group,like wise i have to add existing user to the group while they sign in via casino. i have done sign up part by overriding devise registrations controller for adding the user to the system and group, i have to do this for existing user also. so how to override casino sign in method ? kindly help me.

I've noticed that Jasig CAS has support for third-party protocols, any plans to bring that to CASino in the near future?

What is the :see_other, and it useful for?

/CASino/app/controllers/casino/sessions_controller.rb:
   47      @url = params[:url]
   48      if params[:service].present? && service_allowed?(params[:service])
   49:       redirect_to params[:service], status: :see_other
   50      end
   51    end

/CASino/app/helpers/casino/sessions_helper.rb:
   61          end
   62        end
   63:       redirect_to sessions_path, status: :see_other
   64      end
   65    end
   ..
   71      else
   72        url = acquire_service_ticket(tgt, params[:service], options).service_with_ticket_url
   73:       redirect_to url, status: :see_other
   74      end
   75    end

It does not make much sense to present the user with a ever growing list of Two-factor codes. Therefore it would be nice to disable autocomplete on the Two-factor input field/form.

Does CASino support oauth provider??

Hi,

I'm trying to change the table name in cas.yml to users but it's not working.

The error PG::UndefinedTable: ERROR: relation "casino_users" does not exist appears in the dev environment (I have not tried production yet) right after the login form submission.

Here is a screenshot of the Rails exception:

My cas.yml file looks like this.

I have also changed the migration RenameBaseModels to not change the users table name into casino_users since I already have users table.

My gemfile.lock looks like this, we are using casino 3.0.0.pre.1, casino-activerecord_authenticator 3.0.0.pre.1 branch: casino3 and rails 4.1.0.

Using the new grape-based API.

Any suggestions for integrating CASino into an existing Rails 4.0 app?

We need to support calling CAS with a service ticket to log the user out. Is there a reason (security or otherwise) that this isn't available in the CASino API? If not, we'll put in a PR for it when we get it together.

Cronjob is too complicated to setup...

Casino works fine for me with rails 4.1 (branch rails4) if the casino application uses the root url, but there are some gotchas if I install casino (using a simple new plain rails 4.1 app) for use on a sub url like myhost.example.net/zas. We use a lot of applications through a reverse proxy, so each application including casino has to use a sub url to separate namespaces.

Here is what I have done to get it working using /zas as sub url:

# /etc/apache2/conf.d/zas.conf
<Location /zas>
  PassengerBaseURI /zas
  PassengerAppRoot /var/srv/www/casinoapp/current
  RackEnv production
</Location>

<Directory "/var/srv/www/casinoapp/current/public">
   AllowOverride All
   order allow,deny
   allow from all
</Directory>

# casinoapp/config/application.rb:
Rails.application.routes.default_url_options[:script_name] = ENV['RAILS_RELATIVE_URL_ROOT']

I've got the idea for the default_url_options from here: activeadmin/activeadmin#101 (comment)

There is a special issue with redirects in routes.rb within an engine, for rails4 I use the following modification to casino/config/routes.rb:

  root to: redirect('login')

Just remove the '/' from '/login' here. Rails4 then respects SCRIPT_NAME for sub urls. More info on this: rails/rails#7977 (comment)

And last but not least asset precompilation must respect the sub url on deployment:

namespace :deploy do
  namespace :assets do
    task :precompile do
      run "cd #{release_path} && bundle exec rake RAILS_ENV=production RAILS_RELATIVE_URL_ROOT=#{sub_uri} assets:precompile"
    end
  end
end
before 'deploy:assets:precompile', 'deploy:assets:symlink'

The only issue here for casino (using the current rails 4 branch and rails 4.1) is the '/' in front of login which should be removed.

# root to: redirect('/login')
root to: redirect('login')

The other stuff can be done by using a own minimal rails application instead of CASinoApp.

I want to sign in users with Casino after they successfully submit the sign up form.

Something like the Devise's sign_in method.

Thoughts?

I want to use casino for a rails 4.2 app but got the following issue:

Bundler could not find compatible versions for gem "rails":
  In Gemfile:
    casino (>= 0) ruby depends on
      rails (~> 4.1.0) ruby

    rails (4.2.0)

Any reasons why you use a so strict version dependency?

Hi, i'm trying this version of Cas server and when i run it in development env all goes well, but when i change env to production, i have an error like
Failed to load authenticator 'ActiveRecord'. Maybe you have to include "gem 'casino_core-authenticator-active_record'" in your Gemfile? Error: cannot load such file -- casino_core-authenticator-active_record

I've followed the instructions I found in the Casino site and github pages "install from scratch", for to set the ActiveRecord authenticator, so in the Gemfile 've added gem 'casino_core-authenticator-activerecord'
I've had this error also on CasinoApp but i've reinstalled all and now it goes well.
i've copied the cas.yml from casinoapp to my-casino and executed the
RAILS_ENV=production bundle exec rails s
but i don't know why the yml file is parsed so the uppercase A is changed to _a
Both Casino and CasinoApp run with rails 3.2.12.
what can i do?
Another question: i woulk like that ther'is a redirection on logout, not only the link for the next page if params[:url] is present

We don't have integration tests 😟

• LDAP
• Active Record
• Static

As mentioned here:

I think we should plan a major overhaul of the processor/listener approach we currently use. It's too complicated and not of much use since we merged CASino and CASinoCore.

Plan

• Find possible approaches to encapsulate the CAS logic
• Architectural decision
• Implement new architecture
• ???
• Profit!

I've just installed CASino gem, generated migrations and run them with error:

PG::UndefinedColumn: ERROR:  column "authenticator" does not exist
: CREATE UNIQUE INDEX  "index_casino_users_on_authenticator_and_username" ON "casino_users"  ("authenticator", "username")
/home/yanoo/Code/project/db/migrate/20150115141937_rename_base_models.casino.rb:62:in `up'
ActiveRecord::StatementInvalid: PG::UndefinedColumn: ERROR:  column "authenticator" does not exist
: CREATE UNIQUE INDEX  "index_casino_users_on_authenticator_and_username" ON "casino_users"  ("authenticator", "username")
/home/yanoo/Code/project/db/migrate/20150115141937_rename_base_models.casino.rb:62:in `up'
PG::UndefinedColumn: ERROR:  column "authenticator" does not exist
/home/yanoo/Code/project/db/migrate/20150115141937_rename_base_models.casino.rb:62:in `up'