Aker CAS CLI
Aker CAS CLI is a library that addresses a very specific problem: you have a ruby application which uses a service that authenticates only with CAS proxy tickets. You need to perform offline (non-interactive) tasks that hit this PT-protected service.
Aker CAS CLI takes a username and password, screen-scrapes its way
through an interactive CAS login, and gives you an Aker::User
just
as if a user of your application had done an interactive CAS login.
Sample use
# E.g., in a rake task in an Aker-protected Rails app
task :some_job => :environment do |t|
cas_cli = Aker::CasCli.new(Aker.configuration)
username, password = get_username_and_password_from_somewhere
user = cas_cli.authenticate(username, password)
if user
run_some_job_as(user)
else
fail "Could not authenticate #{user} for #{t.name}"
end
end
Assumptions
- Your CAS server only requires a username and password. It doesn't use X509 certificates, two-factor authentication, or any additional custom fields on the login form.
Use
Aker CAS CLI relies on the Aker CAS authority. The CAS authority must be configured in the Aker::Configuration you pass to Aker CAS CLI. If you're using Aker CAS CLI for a job implemented within your Aker-protected application, the application's Aker configuration is probably fine. This is what's used under "sample use," above.
Otherwise, you'll first need to create an appropriate Aker configuration. Example:
Aker.configure do
authority :cas
cas_parameters :cas_base_url => https://cas.myinst.edu/cas,
:proxy_retrieval_url => https://cas.myinst.edu/cas-callback/retrieve_pgt,
:proxy_callback_url => https://cas.myinst.edu/cas-callback/receive_pgt
end
See Aker's documentation for more information about configuring Aker, Aker authorities, etc.
Why isn't Aker CAS CLI an Aker authority?
An Aker authority also has the form of a module/class providing a method which takes a username and password, validates the pair, and returns an Aker::User. However, Aker CAS CLI is not intended to be used as part of the security configuration for Aker-protected applications. Aker provides features (multiple API modes, e.g.) which should obviate the need to ever scrape a CAS server's interactive login page as part of the regular operation of an Aker-protected application. This library is for interacting with non-Aker-protected services which have no alternatives to CAS PTs.
Credits
Aker CAS CLI was developed at and for the Northwestern University Biomedical Informatics Center.
Copyright
Copyright (c) 2012 Rhett Sutphin. See LICENSE for details.