Thanks.
-> With CAS I mean the Central Authentication Service, which is supported
here: https://github.com/apereo/cas or here:
https://www.apereo.org/projects/cas It is a system for Single Sign On
authentication with Service Ticket, and it is quite used in Universities. We
want to integrate Squid with CAS auth.
The authentication provided by CAS is based on a mechanism which redirect
user navigation to CAS University site, and proceed only when credentials
are valid. In this way the site that picks the credentials is not an
application site, but it is University CAS itself. The application that uses
University CAS is simply redirecting user navigation, that it takes the
control.
-> Ok for PHP
-> For what concerns Squid helpers, I saw some examples, but most of those
examples are based never-ending loops that wait for standard input and then
proceed with authentication. In this loop, the credentials are picked by
Squid web server. We do not want this. We want credentials to be inputted in
our CAS portal system. But I don't know how to code configuration file for
Squid and related helpers.
Il 06/09/19 11:16, Amos Jeffries <squid3@xxxxxxxxxxxxx> ha scritto:
--On 6/09/19 7:50 pm, Dario Basset wrote:
> My institution has been asked to integrate Squid and CAS. We want to
> integrate Squid and CAS in its simplest way, that is:
Details about this CAS ?
Does it have a specific name?
"CAS" is like saying "proxy" - it is a type.
What type(s) of authentication is it doing?
What APIs does it provide for checking credentials validity?
What APIs does it provide for initial user login?
Note that all of those 'What ...' questions are plural. Authenticators
tend to have multiple APIs for each activity.
> 1) redirect the navigation to the CAS site,
> 2) let the user input login/password,
> 3) then, after successfull login, check with PHP all nnecessary
> permissions,
FWIW: my advice is to avoid PHP for Squid helpers. That language has
problems keeping helpers running long-term.
<https://wiki.squid-cache.org/Features/AddonHelpers#What_language_are_helper_meant_to_be_written_in.3F>
> 4) proceed with Squid Proxy.
>
> I can't understand how to code Squid configuration and PHP helpers.
> I have seen here
> http://squid-web-proxy-cache.1019090.n4.nabble.com/Need-help-for-ACL-Authentication-web-Form-Cookies-td4555576.html
>
> But I cannot understand how to make it work. Can you please show me a
> link to simple example?
All the helpers called "fake" are examples of how to write helpers for
their Squid helper interface. Which is essentially the same these days
with a (somewhat) unified protocol they all speak.
> Or tell me where are samples sources with PHP
> helpers and SQUID configuration in order ro have the full example working?
>
Not without the details asked for above. The conversation you found
David and I are mentioning BerkleyDB and SQL helpers. Those are the
"CAS" we use. The squid.conf part is essentially what you see in that
thread.
You will need a helper to access whatever the CAS database is (via any
API it provides for that access).
Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
------------------------------------------------------------
Dario Basset dario.basset@xxxxxxxx
Direzione Servizio bibliotecario d’Ateneo
Via G. Colombo, 46 02-50315296
------------------------------------------------------------
Il tuo 5 x mille progetti
Sostieni la ricerca, investi sul futuro dei giovani
Universita` degli Studi di Milano - codice fiscale 80012650158
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
