You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A custom single sign-on with CAS for Question2Answer.
Unlike qa-external-casldap this external authentication plugin does not use ldap, but instead stores created and updated user data directly in the Q2A database.
The functionality of this plugin is not based on qa-external-casldap, but the phpCAS part should behave quite similar.
On the contrary, configurations of both these plugins match (except the ldap part of course) to support exchangeability and reusability. Big thanks to brenard for that plugin.
copy the qa-external-cas folder in you app root (i.e. "question2answer")
consult the qa-config.php and set external user to true:
define('QA_EXTERNAL_USERS', true);
use a symlink to point to the external user plugin of your choice:
ln -s qa-external-cas qa-external
add your configuration
copy qa-external-cas/config.example.php to qa-external-cas/config.php: cp qa-external-cas/config.example.php qa-external-cas/config.php
configure it.
Configuration
This is based on qa-external-casldap and enhanced with custom field names for the CAS user data (e.g. "additional attributes" when configured with rubyCAS/LDAP)
CAS_HOST : Hostname of CAS server (ex : cas.example.com)
CAS_PORT : HTTP (or HTTPS) port of CAS server (ex : 443)
CAS_CTX : URL context path of CAS server (ex: /cas)
CAS_VER : CAS protocol version. Possible values : CAS_VERSION_1_0 or CAS_VERSION_2_0
CAS_CA_CERT_FILE : SSL certificate path of CAS server. If empty, the SSL certificate will not be validated.
$CAS_USERS_ROLE : PHP array listing specific user role. Users's role must be define using Q2A constant : QA_USER_LEVEL_BASIC, QA_USER_LEVEL_EDITOR, QA_USER_LEVEL_ADMIN, QA_USER_LEVEL_SUPER (ex : array('user1' => QA_USER_LEVEL_SUPER,'user2' => QA_USER_LEVEL_EDITOR))
CAS_DEFAULT_USER_ROLE : User default role define using Q2A constant (see $CAS_USERS_ROLE)
Additional configuration:
CAS_SERVICE_LOGIN : relative, absolute path or FQDN url to you CAS login service
CAS_SERVICE_LOGOUT : relative, absolute path or FQDN url to you CAS logout service
CAS_ATTRIBUTE_MAIL : defines the name of the mail attribute retrieved by CAS. See your CAS server configuration and the example.config for more info. Defaults to "mail"
CAS_ATTRIBUTE_FULLNAME : defines the name of the "full name" attribute retrieved by CAS. Defaults to "cn"
