Zend Framework: Zend_Auth_Adapter_Cas Component Proposal

Proposed Component Name	Zend_Auth_Adapter_Cas
Developer Notes	http://framework.zend.com/wiki/display/ZFDEV/Zend_Auth_Adapter_Cas
Proposers	Teemu Välimäki
Revision	1.0 - 3 March 2008: Initial (wiki revision: 4)

"If the user ID and password are valid, CAS redirects the client to the application with a random number called a ticket. The application opens an HTTPS connection directly to CAS, and provides its own service identifier and the ticket. CAS then tells the application the user ID if the ticket is valid for that service identifier." tells Wikipedia.

2. References

3. Component Requirements, Constraints, and Acceptance Criteria

This component will implement Zend_Auth_Adapter_Interface.
This component will authenticate CAS ticket against CAS server.
This component will return Zend_Auth_Result::SUCCESS when CAS ticket is valid.
This component will return Zend_Auth_Result::FAILURE when CAS ticket is invalid.
This component must support optional SSL / TLS encrypted transport.
This component will not handle user redirects.
This component will not try to read GET parameter for a CAS ticket, it must be supplied with the authentication().
This component will not save any data.

4. Dependencies on Other Framework Components

Zend_Http_Client

5. Theory of Operation

CAS authentication requires authenticator to actually go to the CAS sign-on page, so this must be done elsewhere by the developer. After successful authentication CAS server will redirect authenticator back to developer defined url. After this the developer must create code, that will pick CAS ticket and supply it to this Auth Adapter in its authenticate-method.

6. Milestones / Tasks

As CAS authentication process is simple it should not be a big task to make use of this component. This component might run into trouble with different versions of CAS.

Milestone 1: [DONE] Initial proposal published for review.
Milestone 2: Working prototype and some examples.
Milestone 3: Working prototype checked into the incubator supporting use cases.
Milestone 4: Unit tests exist, work, and are checked into SVN.
Milestone 5: Initial documentation exists.

7. Class Index

Zend_Auth_Adapter_Cas

8. Use Cases

UC-01 using CAS

$auth = new Zend_Auth_Adapter_Cas('http://casserver.com/login/sso/', 'https://casserver.com/cas/login', 'https://casserver.com/cas/serviceValidate');

// authenticate with GET parameter, this could be from somewhere else too
$auth->authenticate($_GET['ticket']);

// get authenticated username
echo $auth->getUsername();

9. Class Skeletons

class Zend_Auth_Adapter_Cas implements Zend_Auth_Adapter_Interface
{
    /**
     * Your service url
     *
     * @var string
     */
    private $_serviceUrl;

    /**
     * Url where to take user for authentication
     *
     * @var string
     */
    private $_url;

    /**
     * Url where to validate ticket
     *
     * @var string
     */
    private $_serviceValidateUrl;

    /**
     * Authenticated username
     *
     * @var string
     */
    private $_username;

    /**
     * Constructor
     *
     * @param string $serviceUrl
     * @param string $url
     * @param string $serviceValidateUrl
     * @return void
     */
    public function __construct($serviceUrl, $url, $serviceValidateUrl){}

    /**
     * Returns authentication url
     *
     * @return string
     */
    public function getAuthenticationUrl(){}

    /**
     * Returns authenticated username
     *
     * @return string
     */
    public function getUsername(){}

    /**
     * Authenticates ticket
     *
     * This ticket it received from the CAS after
     * user has authenticated. It must be supplied
     * manually.
     *
     * @param string $ticket
     * @param return boolean
     */
    public function authenticate($ticket){}
}

Page Operations

Browse Space

Zend_Auth_Adapter_Cas

Labels