Skip to content
This repository has been archived by the owner on Nov 8, 2023. It is now read-only.

A plugin for Movable Type that allows delegated user authentication to a CAS server in place of the native authentication scheme.

License

Notifications You must be signed in to change notification settings

movabletype/mt-plugin-central-authentication-service

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

26 Commits
 
 
 
 
 
 
 
 

Repository files navigation

Central Authentication Service

Configuration

You need to specify the following three configuration directives in your mt-config.cgi.

ExternalUserManagement

Must be set to 1

AuthenticationModule

Must be "CAS"

AuthLoginURL

The URL where CAS is located. Do not include the "/login" part. For example, it should be like http://localhost:8080/cas for the default installation of CAS server.

AuthLogoutURL

The URL where a user can logout from CAS. Do include the "/logout" part. For example, it should be like http://localhost:8080/cas/logout for the default installation of CAS server.

SingleCommunity 1

This last setting is needed to SSO login across multiple blogs

Additionally, if your network does not allow outbound HTTP request from inside Movable Type application, you will be required to add the MT_CAS_ValidationURL configuration directive.

MT_CAS_ValidationURL

The URL of the server which offers validation service (usually the same server you specify to AuthLoginURL). Do not include "/serviceValidate" part. For example it should read like http://localhost:8080 (no trailing slash). Default value is undefined. If not specified, AuthLoginURL will be used to validate session ticket.

Example

CGIPath http://sixapart.jp/mt/

ObjectDriver DBI::mysql
Database mt
DBUser user
DBPassword password

AuthenticationModule CAS
AuthLoginURL http://localhost:8080/cas
AuthLogoutURL http://localhost:8080/cas/logout
MT_CAS_ValidationURL http://server_name_inside_firewall:8080

# Or if you use SSL
#AuthLoginURL https://localhost:8443/cas
#AuthLogoutURL https://localhost:8443/cas/logout
#MT_CAS_ValidationURL https://server_name_inside_firewall:8443

Editing JavaScript Template

The consumer side of the login process works as below. In order for the browser to navigate to the correct address, users may need to edit JavaScript (or GlobalJavaScript, depending on what template sets they use) template to specify the login URL of MT used in second step.

  • User clicks "Sign In" link on the blog entry to comment.
  • MT accepts the request first, and redirect to CAS login URL.
  • User logs in to CAS.
  • CAS redirects back to the original blog entry.

If you use the plugin with Community Blog or Community Forum template set, or to be more precise, if you use the plugin with GlobalJavascript global template, You have to modify the template in a line.

Find mtSignIn function, and modify the line below:

var url = '<$mt:CGIPath$><$mt:CommunityScript>?__mode=login&blog_id=<$mt:BlogID$>';

... to below:

var url = '<$mt:CGIPath$><$mt:CommunityScript>?__mode=cas_login&blog_id=<$mt:BlogID$>';

... so it will request __mode=cas_login instead of __mode=login.

If you use the plugin with either Classic Blog or Professional Website template set, you don't have to modify JavaScript template.

About

A plugin for Movable Type that allows delegated user authentication to a CAS server in place of the native authentication scheme.

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages