LDN - Luminis Developer Network

I have been talking about CAS for awhile on here.  If you search for CAS, you'll see comments from me dating back to January.  I've finally got it in place, in production, and I love it!

In our environment we have a lot of homegrown external systems (mostly all in PHP) which only need a username passed to them that is guaranteed as valid.  They need no more complexity than that for integration.  CAS makes this EXTREMELY simple.

First, you have to install CAS as an add-on package.  For detailed instructions see the support center, search for CAS or it is in the "Luminis Installation Guide Appendix D (11/4/04)"  This step is annoying since you have to roll back all your patches and reapply them plus your mods after installing it. For us mod-happy people this is a bit annoying.  Although, for Luminis III.2 people, patch build 112 just came out and since you should do this for that anyway, now is the best time to get CAS rolling, and while you're at it, you can install webservices support too, but that is another story.

Anyway once you get it in place and configured (this is minimal) you are ready to start CAS'ifying your services!  In our environment we use mostly PHP, so I will provide the following examples in that. 

First, go out and get the phpCAS libraries: http://esup-phpcas.sourceforge.net/  This requires CURL, OpenSSL, DOM, and zlib support, but those are all easy enough to compile in, plus useful for all kinds of things!  Note: This is only required on the destination servers.

Then drop some test code on the server like this:

<?php
 // import phpCAS lib
 include_once('cas/CAS.php');

 // initialize phpCAS
 phpCAS::client(CAS_VERSION_2_0,'YOUR_SERVER.edu',443,'cp/cas/');

 // check CAS authentication
 phpCAS::authenticateIfNeeded();

 // at this step, the user has been authenticated by the CAS server
 // and the user's login name can be read with phpCAS::getUser().

 echo phpCAS::getUser();
?>

This example can be linked to directly in the portal, or the direct url can be distributed.  Either way, when accessed it will verify that the user is logged into the portal, if not redirect them to the login page, then back after a successful login.  If you use this as an inline frame in a channel it should always work because they are only accessing it when logged in.  We have been going crazy putting this in place for all sorts of apps. (examples: work order, help desk call tracking, project management software, computing resources channel, HR intranet, alumni services intranet, survey tool, media loans, student union building manager system, custom Banner ad hoc reporting, etc)  More importantly I converted all these services to CAS support since 3/26.  It is very easy and so far entirely reliable.