Welcome, guest | Sign In | My Account | Store | Cart

Notice! PyPM is being replaced with the ActiveState Platform, which enhances PyPM’s build and deploy capabilities. Create your free Platform account to download ActivePython or customize Python with the packages you require and get automatic updates.

Download
ActivePython
INSTALL>
pypm install anz.cas

How to install anz.cas

  1. Download and install ActivePython
  2. Open Command Prompt
  3. Type pypm install anz.cas
 Python 2.7Python 3.2Python 3.3
Windows (32-bit)
1.0.1 Available View build log
1.0 Available View build log
Windows (64-bit)
1.0.1 Available View build log
1.0 Available View build log
Mac OS X (10.5+)
1.0.1 Available View build log
1.0 Available View build log
Linux (32-bit)
1.0.1 Available View build log
1.0 Available View build log
Linux (64-bit)
1.0.1 Available View build log
1.0 Available View build log
 
Author
License
GPL
Imports
Lastest release
version 1.0.1 on Jan 5th, 2011

Abstract

This is an Python implementation of the server-end of JA-SIG's

System Message: WARNING/2 (<string>, line 9)

Field list ends without a blank line; unexpected unindent.

CAS protocol, providing a cross-domain single sign-on solution for web applications.

1   Introduction

anz.cas implement a new PAS plugin 'Anz Central Auth Service'. It enabling you to turn your Plone site into a CAS server.

2   Overview

anz.cas gives you:

  • A stand-alone central login page where the user enters their credentials.
  • A mechanism for validating the user's credentials against various

System Message: WARNING/2 (<string>, line 26)

Bullet list ends without a blank line; unexpected unindent.

backends (make use of PAS's authentication plugins). - A back-end validator where CAS-enabled client applications connect to check whether the current user is authenticated (if the user has already been authenticated with the CAS server, then they are permitted to proceed, otherwise they are redirected to the CAS server's login page for authentication). - Almost full compatibility with the open, multi-platform CAS protocol.

Why you would want/need this:

  • CAS allows you to share authentication across domains.
  • The user only sees the login page once -- the first time they try to

System Message: WARNING/2 (<string>, line 38)

Bullet list ends without a blank line; unexpected unindent.

access any one of your CAS-protected services, and never again until they log out or their single-sign on session expires. - Client applications never see the user's actual credentials.

3   Credits

Thanks to those guys who developed the following products, without your works anz.cas will never happen.

4   Comparison with JA-SIG's CAS

4.1   Advantages
  • anz.cas is designed to be simple to set up and configure by a Zope/Plone

System Message: WARNING/2 (<string>, line 57)

Bullet list ends without a blank line; unexpected unindent.

user (which is quite the opposite from it's popular official java cousin, the JA-SIG CAS Server). - With JA-SIG CAS Server, you should do more work to integrate your Zope/Plone sites with it. With anz.cas you can reduce your software stack. - You can make full use of now existed PAS authentication plugins to do authenticate work for you.

4.2   Disadvantages
  • As the official implementation, JA-SIG CAS Server is stable, solid and

System Message: WARNING/2 (<string>, line 67)

Bullet list ends without a blank line; unexpected unindent.

popular used. anz.cas is in the opposite, I hope you guys can give me some feedbacks to make it better :).

5   Requirements

  • Plone 3 or Plone 4
  • ZODB3>=3.8.3 (When Plone3, test under 3.8.3 only)
  • zope.proxy>=3.4.1 (When Plone3, test under 3.4.1 only)
  • zope.bforest
  • uuid

6   Installation

To install anz.cas into the global Python environment (or a workingenv), using a traditional Zope 2 instance, you can do this:

  • When you're reading this you have probably already run

System Message: WARNING/2 (<string>, line 84)

Bullet list ends without a blank line; unexpected unindent.

easy_install anz.cas. Find out how to install setuptools (and EasyInstall) here: http://peak.telecommunity.com/DevCenter/EasyInstall

  • Create a file called anz.cas-configure.zcml in the

System Message: WARNING/2 (<string>, line 89)

Bullet list ends without a blank line; unexpected unindent.

/path/to/instance/etc/package-includes directory. The file should only contain this:

<include package="anz.cas" />

Alternatively, if you are using zc.buildout and the plone.recipe.zope2instance recipe to manage your project, you can do this:

  • Add anz.cas to the list of eggs to install, e.g.:
[buildout]

System Message: ERROR/3 (<string>, line 104)

Inconsistent literal block quoting.

... eggs = ... anz.cas

  • Tell the plone.recipe.zope2instance recipe to install a ZCML slug:
[instance]

System Message: ERROR/3 (<string>, line 114)

Inconsistent literal block quoting.

recipe = plone.recipe.zope2instance ... zcml = anz.cas

  • Re-run buildout, e.g. with:
$ ./bin/buildout

You can skip the ZCML slug if you are going to explicitly include the package from another package's configure.zcml file.

Then go into your Plone site install "anz.cas" product by quick_installer or portal_setup.

7   How to use anz.cas

anz.cas is designed to be easy to set up and customize.

7.1   Create a Plone site as 'CAS Server'

For the security consideration, I strongly recommend you to create an dedicated Plone site to serve as a 'CAS Server'. In this site you should install 'anz.cas' and configure it. Assume the site named 'cas'.

7.2   Setting up your Plone site behind Apache with SSL

As the CAS protocol, for the security consideration, all the communication with CAS Server are over SSL. How to do that is out of the scope, this doc will guide you.

Note: You can left this behind now, go through the following steps to experience anz.cas quickly.

7.3   Customize central login page

anz.cas use Plone stock login_form as the central login page, you can skinned it whatever you want.

7.4   Configure your authentication mechanism

anz.cas make use of PAS authentication plugins to do authenticate work, so you can configure PAS to act as you want.

7.5   Create 'Anz Central Auth Service' plugin

Go to ZMI \cas\acl_users, add an 'Anz Central Auth Service' instance, choose any Id you like, we input 'anz_cas' for example.

7.6   Configure 'Anz Central Auth Service' plugin

1. Go to \cas\acl_users\anz_cas, in 'Active' tab active the only one interface -- IChallengePlugin.

Click 'Challenge' to configure 'Challenge Plugins', move 'anz_cas' to the top.

  1. Go to 'Properties' tab to configure CAS related properties.

System Message: ERROR/3 (<string>, line 176)

Malformed table. Text in column margin at line offset 3.

==============  ===========  ==============  ==============================
Property        Required     Default value   Note
requireSecure   False        True            Boolean variable denoting
whether secure connection is
required or not.

**Note:**
If you want to experience
anz.cas under non-ssl
environment, you should set it
to False.
loginPagePath   True         login_form      Where to send people for
logging in, default is
Plone's stock 'login_form'.
==============  ===========  ==============  ==============================
7.7   Services Management

By default there are no restrictions and any service at any URL may authenticate via CAS. This may be undesirable for a number of reasons, so anz.cas provides a Services Management administrative tool to control what services may use the CAS server and in particular what those services can do with CAS.

  • In 'Services' tab list all the current registered services, you can

System Message: WARNING/2 (<string>, line 201)

Bullet list ends without a blank line; unexpected unindent.

choose several or all of them to remove. - Click 'Add a service' link to register a new service.

System Message: ERROR/3 (<string>, line 204)

Malformed table. Text in column margin at line offset 3.

================  ========  =============  ================================
Field name        Required  Default value  Note
ID                True                     An identify of the registered
service, it must equal to
**serviceUrl** configured in
CAS client. CAS will redirects
to here after login.
Name              False                    Name of the registered service.
Description       False                    Description of the registered
service.
Enabled           False     True           If this service currently
allowed to use CAS?
SSO Enabled       False     True           If this service participate in
the SSO session?
Anonymous Access  False     False          If the service is allowed
anonymous or privileged access
to user information?
Allowed to Proxy  False     True           If this application allowed to
participate in the proxying
capabilities of CAS?
================  ========  =============  ================================
  • Click a registered service's id to modify it.

Note: If no registered services, there are no restrictions and any service at any URL may authenticate via CAS.

7.8   Configure CAS client

Configure the casServerUrlPrefix of your CAS clients to our new added plugin instance, eg. https://{your cas server domain}:{port}/cas/acl_users/anz_cas.

8   Security Policy

anz.cas uses tickets to implement supported authentication protocols, so it follows that ticket behavior determines most aspects of security policy. In current implementation, anz.cas provides for the following:

  • Ticket-granting tickets (TGT) that expire after more than 2 hours from

System Message: WARNING/2 (<string>, line 245)

Bullet list ends without a blank line; unexpected unindent.

its creation time. - One-time-used service tickets (ST) that must be validated within 5 minutes.

More security policy will be added later.

9   ToDo

  • Add automation tests ( I really don't know how to automation test this

System Message: WARNING/2 (<string>, line 254)

Bullet list ends without a blank line; unexpected unindent.

kind of package :) ) - More compatibility with CAS protocol.

10   Changelog

10.1   1.0.1
  • Update to support Plone4.

Note: When used under Plone3, please pin products version like this: ZODB3==3.8.3 zope.proxy==3.4.1

  • Redirection after login success bugfix.
10.2   1.0
  • Initial release

Subscribe to package updates

Last updated Jan 5th, 2011

Download Stats

Last month:1

What does the lock icon mean?

Builds marked with a lock icon are only available via PyPM to users with a current ActivePython Business Edition subscription.

Need custom builds or support?

ActivePython Enterprise Edition guarantees priority access to technical support, indemnification, expert consulting and quality-assured language builds.

Plan on re-distributing ActivePython?

Get re-distribution rights and eliminate legal risks with ActivePython OEM Edition.