rafaelka / jasigphpcas
Jasigs "Cantral Authentication Service"-Client for TYPO3 Flow and Neos
Installs: 10
Dependents: 0
Suggesters: 0
Security: 0
Stars: 2
Watchers: 4
Forks: 1
Open Issues: 2
Type:typo3-flow-package
Requires
- jasig/phpcas: 1.3.*
- typo3/flow: <=2.3
This package is not auto-updated.
Last update: 2024-12-21 16:51:35 UTC
README
The package for TYPO3 Flow to authenticate by CAS-Server.
The CAS("Central Authentication Service" by Jasig) Client.
Installation
composer install rafaelka-jasig-php-cas
here is a sample configuration file.
TYPO3: Flow: security: authentication: providers: DefaultProvider: provider: PersistedUsernamePasswordProvider AuthenticationProviderByTHM: # Requered: works only with this provider. provider: RafaelKa\JasigPhpCas\Security\Authentication\Provider\PhpCasAuthenticationProvider providerOptions: # The CAS client settings for this provider. casClient: ################################################################## # Requred: Hostname from CAS-Server server_hostname: cas.thm.de # Requered: Path to Root-Certifiacete(X.509) from CAS-Server casServerCACertificatePath: 'resource://RafaelKa.JasigPhpCas.Demo/Private/Certificates/CAS-Server/thmCaCert.pem' # Optional: Default is '/cas' URI from CAS-Service server_uri: '/cas' # Optional: Default is 443 server_port: 443 # Optional: Default is '2.0' server_version: '2.0' # Optional: Default is FALSE but if defined then casServerCACertificatePath: is ignored. noCasServerValidation: FALSE # Optional: Default is 'resource://RafaelKa.JasigPhpCas/PHP/Debug/' debugPath: 'resource://RafaelKa.JasigPhpCas/PHP/Debug/' ## Following option have no functionaty @todo: # Optional: Default is TRUE changeSessionID: TRUE # Optioanal: Default is NULL serverProxyValidateURL: '' # Optioanal: Default is NULL serverLoginURL: '' # Optioanal: Default is NULL serverLogoutURL: # Optioanal: Default is NULL serverProxyValidateURL: # Optioanal: Default is NULL serverSamlValidateURL: # Optioanal: Default is NULL serverServiceValidateURL: # Optioanal: Default is NULL :: since CAS 4.0 no functionality singleSignoutCallback: # ################################################################## Mapping: ################################################################## # Optional: Default is RafaelKa\JasigPhpCas\Service\DefaultMapper but if other defined, then all mapping settings will be ignored and not validated mapperClass: # Optional: Default is FALSE and the same as ....Mapping.Account.persistAccounts. If one of both is TRUE then account will be persisted. persistAccounts: # Optional: Default is FALSE but is ignored by: persistAccounts: FALSE persistParties: # Optional: Default is FALSE. If set to TRUE, then settings for person can be omitted. doNotMapParties: # Optional: Default is "No Redirect" :: Is usefull if you want users "accepting privacy policy" by new users. Is ignored if: "persistAccounts: FALSE" # but if defined to persist and redirect then you must persist account and party by yourself. # redirectByNewUser: # Controller: # Action: # packageKey: # arguments: Account: ################################################################ # Requered: path to value in casAttributes array accountidentifier: path.to.account.identifier.in.cas.attributes # Optional: Deafault is NULL, path to source as string expected credentialsSource: path.to.credentials.source # Optional: Default is NULL expirationDate: '' # Optional: Default is NULL but if is set expirationDate = periodOfValidity+creationDate periodOfValidity: 183 # Optional: Default is NULL. If is set, then checks CasManager the existency of provider name. # This option is ignored by: "persistAccounts: FALSE" useStaticProviderName: DefaultProvider # Optional: Default is NULL. If is set, then checking the existency of provider name is skipped. # This option overrides "useProviderNameByPersistingAccount" but is ignored to by: "persistAccounts: FALSE" forceUseStaticProviderName: DefaultProvider # ################################################################ Roles: ################################################################ # Description: # requered: # "identifier:" Type expected: string # aim path to value in casAttributes array. # example: office.department for $casAttributes['office']['department'] # or # # "staticIdentifier:" Type expected: string # overrides: "identifier" # aim: DeafaultMapper will not look in CAS-attributes # and simply assign difined role to account. # Uses role identifier from Policy.yaml for role. # # "packageKey" Type expected: string # aim: Uses package key where roles are defined (see Policy.yaml). # # optional: # "rewriteRoles" Type expected: array # depends on: "identifier:" # ignored by: "staticIdentifier:" # aim: if roles by CAS-Attributes are not human readable # then can you rewrite them. ## # WARNING: leastways one role must be defined. ################# Example: (Note: "-" are requered) # - # identifier: office.department # packageKey: RafaelKa.JasigPhpCas.Demo # rewriteRoles: # S: Student # P: Professor # D: Director # R: Rector # - # staticIdentifier: casUser # packageKey: RafaelKa.JasigPhpCas.Demo # - # identifier: userClass # packageKey: RafaelKa.JasigPhpCas.Demo ################################################################################# - ############################################################## # One of both options must be defined. identifier: path.to.role.identifier # "staticIdentifier" overrides "identifier" and uses role identifier from Policy.yaml # mapper will not look in CAS-attributes and simply assign difined role to account. staticIdentifier: userFromSomeSite # ## # requered packageKey: RafaelKa.JasigPhpCas.Demo ############################################################## - identifier: path.to.role.identifier packageKey: RafaelKa.JasigPhpCas.Demo # Optional: Default is NULL. This option is ignored if "staticIdentifier" is set. rewriteRoles: S: Student M: Mitarbeiter L: Lehrbeauftragter P: Professor - identifier: department.0 packageKey: RafaelKa.JasigPhpCas.Demo - identifier: department.1 packageKey: RafaelKa.JasigPhpCas.Demo ################################################################################ ################################################################ Party: ################################################################ Person: ############################################################## # is TYPO3\Party\Domain\Model\PersonName entity and properties from this. # Each property is optional, like definition of PersonName class but atleast one property must be set, otherwise is name NULL @ Person entity. name: alias: title: firstName: path.to.first.name middleName: lastName: surnames otherName: # is TYPO3\Party\Domain\Model\ElectronicAddress entity and properties of this entity. # Optional: Default is NULL but if set then identifier and three other (static)properties must be defined. primaryElectronicAddress: ############################################################ # Description: # requered: # "identifier:" Type expected:.string # aim:. . . . . .path to value in casAttributes array. # # "type:" || "staticType:" # "usage:" || "staticUsage:" # "approved:"|| "staticApproved:" # # "***:" Type expected: string | boolean by "approved:" # aim:. . . . . .path to value in casAttributes array. # # "static***:" Type expected: string | boolean by "staticApproved:" # overrides:. . ."***:" # ##################### Example1: ################################################# # identifier: electronicAddress.0.identifier # type: electronicAddress.0.type # usage: electronicAddress.0.usage # approved: electronicAddress.0.approved ################################################################################# ##################### Example2: ################################################# # identifier: electronicAddress.0.identifier # staticType: E-mail # usage: Work # staticApproved: TRUE ################################################################################# identifier: path.to.mail staticType: E-mail usage: path.to.usage staticApproved: TRUE ################################################################################ # Not implemented currently. electronicAddresses: ########################################################### # The same as primaryElectronicAddress: but as array # ##################### Example: ################################################## # - # identifier: mail # staticType: E-mail # staticUsage: Work # staticApproved: TRUE #################################################################################