h1. Single Sign On

h2. Server

For Single Sign On (SSO) we use Central Authentication Service (CAS).
As a CAS server we use "rubycas-server":https://github.com/rubycas/rubycas-server which is running on [[infrastructure>servers>herman|Herman]]. This server is configured to use our LDAP database to verify the user credentials.

There is currently no init script, i.e. the cas server needs to be started manually. In order to do so execute @rubycas-server &@. If you need to stop the server you need to do this with @kill@.

Search for the configuration in @/etc/rubycas-server/config.yml@.

There is a theme in the colors of the _Pirate Party Switzerland_ available at the "GitHub account of Corvus":https://github.com/corvus-ch/rubycas-server-pps-theme. This Theme is currently installed at @/usr/lib/ruby/gems/1.8/gems/rubycas-server-1.1.1/public/themes/@ which wont survive an update. The correct place would be @/etc/rubycas-server/public/themes/@.  _rubycas-server_ only picks up this custom theme at the correct location, when the variable @public_dir@ is set in the config file.

h2. Clients

h3. Redmine

Redmine uses the module "redmine_cas":http://gitorious.org/redmine_cas in order to make use of the cas server. This module uses the client library which is written by the same developers as the server. Unfortunately the installed version of this module does not handle things very well. The issue was that there were too many redirects. In order to make things work I changed the module to not execute the redirect which Redmine passes along with the service URL the the CAS server. Probably a newer version of this module does not have this Problem anymore.

h3. Drupal

Used the modules http://drupal.org/project/cas and http://drupal.org/project/cas_attributes.