view release on metacpan or  search on metacpan

lib/Catalyst/Authentication/Credential/CAS.pm  view on Meta::CPAN

    },
  };

  # in a controller
  sub auto :Private {
    unless( $c->user_exists || $c->authenticate ) {
      $c->res->status( 401 );
      $c->res->body( 'Access Denied' );
      return 0;
    }
  }


=head1 DESCRIPTION

This module allows you to CAS-ify your Catalyst applications.  It
integrates L<Authen::CAS::Client|Authen::CAS::Client> into Catalyst's
authentication framework.

=head1 CONFIGURATION

The following properties may be configured:

=over 2

=item B<uri>

This specifies the base URI for the CAS instance and is passed to
the C<new()> method of the CAS client.  See the documentation for
L<Authen::CAS::Client|Authen::CAS::Client> for more information.

=item B<username_field>

This specifies the name of the key in the C<$authinfo> hash that
is passed to C<$realm-E<gt>find_user()> for mapping the user name
returned from the CAS upon successful authentication and ticket
validation.  Its value will depend on what the configured user
store expects.  It defaults to C<'username'> if not specified in
the application's configuration.

=item B<version>

This specifies the verion of the CAS protocol to use.  Currently
only C<'1.0'> and C<'2.0'> are supported.  If not specified in
the application's configuration, the default of C<'2.0'> is used.
Its value will depend on if you can use the current version of
the CAS protocol or if you need to fall back to the older version
for compatibility.

=back

=head1 METHODS

=over 2

=item B<authenticate( $authinfo, $realm, $c )>

This is called during the normal Catalyst authentication process
and should never be called directly.

Since CAS is a service that verifies credentials outside of your
application, the login process for your application will have
two phases.  In the first phase, an unauthenticated user will
attempt to access your application and be redirected to the CAS
for credential verification.  A service URI must be provided to
the CAS so that once the user has been identified, they can be
redirected from the CAS back to your application for the second
phase of authentication.  During this second phase the (supposedly)
authenticated user will be given a ticket that your application must
validate with the CAS.  If the ticket is valid, the user is
considered authenticated.  The C<authenticate()> method handles
both phases of authentication.

Unless specified otherwise, this method will do its best to guess
the appropriate behavior for the service URI and ticket handling.
The service URI will be derived as the URI for the currently
executing action unless specified in the C<'service'> key of the
C<$authinfo> hash.  The ticket returned from the CAS will be
retrieved from the request parameters unless specifed in the
C<'ticket'> key of the C<$authinfo> hash.  If no ticket is
defined (phase one authentication) the response will be set to
redirect to the CAS and the current action will be detached.

You may also pass other parameters in the C<$authinfo> hash that
will affect the way the CAS verifies credentials.  See the
documentation for L<Authen::CAS::Client|Authen::CAS::Client> for
more on the C<'renew'>, C<'gateway'> and C<'pgtUrl'> parameters.

=back

=head1 BUGS

None are known at this time, but if you find one, please feel
free to submit a report to the author.

=head1 SEE ALSO

=over 2

=item L<Authen::CAS::Client|Authen::CAS::Client>

=item L<Catalyst::Plugin::Authentication|Catalyst::Plugin::Authentication>

=back

=head1 AUTHOR

jason hord E<lt>pravus@cpan.orgE<gt>

with contributions from:

Kevin L. Kane E<lt>kkane@cpan.orgE<gt>

=head1 COPYRIGHT

Copyright (c) 2010, jason hord

Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.

=cut