gnu-social/plugins/CasAuthentication
Andrew Engelbrecht 6ca5bb4d41 Added CAS user whitelist feature
This feature filters users who may log in via CAS. This is useful when
both CAS and password authentication is enabled and there is a mismatch
between some GNU social account names and CAS user names. This prevents
CAS users from logging in as someone else on GNU social.
2017-04-17 12:41:49 -04:00
..
actions Added CAS user whitelist feature 2017-04-17 12:41:49 -04:00
extlib Upgrade from CAS 1.1.0RC6 to 1.1.2 2010-08-30 16:53:32 -04:00
locale Snapshot of the Transifex translation project - October 2015 2015-10-04 18:23:01 +02:00
CasAuthenticationPlugin.php Added CAS user whitelist feature 2017-04-17 12:41:49 -04:00
README Added CAS user whitelist feature 2017-04-17 12:41:49 -04:00

The CAS Authentication plugin allows for StatusNet to handle authentication
through CAS (Central Authentication Service).

Installation
============
add "addPlugin('casAuthentication',
    array('setting'=>'value', 'setting2'=>'value2', ...);"
to the bottom of your config.php

Settings
========
provider_name*: a unique name for this authentication provider.
authoritative (false): Set to true if CAS's responses are authoritative
    (if authorative and CAS fails, no other password checking will be done).
autoregistration (false): Set to true if users should be automatically created
    when they attempt to login.
email_changeable (true): Are users allowed to change their email address?
    (true or false)
password_changeable*: must be set to false. This plugin does not support changing passwords.

server*: CAS server to authentication against
port (443): Port the CAS server listens on. Almost always 443
path (): Path on the server to CAS. Usually blank.
takeOverLogin (false): Take over the main login action. If takeOverLogin is
    set, anytime the standard username/password login form would be shown,
    a CAS login will be done instead.
user_whitelist (null): Only allow login via CAS for users listed in this
    array. This is useful when both CAS and password authentication is enabled
    and there is a mismatch between some GNU social account names and CAS user
    names. This prevents CAS users from logging in as someone else on GNU
    social. When set to null, no CAS logins are filtered by this feature.

* required
default values are in (parenthesis)

Example
=======
addPlugin('casAuthentication', array(
    'provider_name'=>'Example',
    'authoritative'=>true,
    'autoregistration'=>true,
    'server'=>'sso-cas.univ-rennes1.fr',
    'port'=>443,
    'path'=>'',
    'takeOverLogin'=>true
));