While CAS authentication is great, it allows multiple users to login if you have a widely common CAS server.
For example, SecurePass 1 strong authentication allow ALL securepass users to login through their CAS.
The need is to optionally limit which users or users domain can login to tikiwiki through CAS.
A quick and dirty solution is to do a regex check on the CAS username. For our purposes, on userslib.php (ver 8.2) around line 470 add the following:
469a470,477
>
> // Gippa
> // If user is authenticated, but not belong to us, fails
> elseif ( $userCAS && !preg_match("/(.*)@mycompany.com$/", $user) ) {
> return array(false, $user, $result);
> }
>
>
That is a quick and dirty patch. You can create an input box to check for regex or domains.
Thank you very much.
Best regards,
Giuseppe
To help developers solve the bug, we kindly request that you demonstrate your bug on a show2.tiki.org instance. To start, simply select a version and click on "Create show2.tiki.org instance". Once the instance is ready (in a minute or two), as indicated in the status window below, you can then access that instance, login (the initial admin username/password is "admin") and configure the Tiki to demonstrate your bug. Priority will be given to bugs that have been demonstrated on show2.tiki.org.
To help developers solve the bug, we kindly request that you demonstrate your bug on a show.tikiwiki.org instance. To start, simply select a version and click on "Create show.tikiwiki.org instance". Once the instance is ready (in a minute or two), as indicated in the status window below, you can then access that instance, login (the initial admin username/password is "admin") and configure the Tiki to demonstrate your bug. Priority will be given to bugs that have been demonstrated on show.tikiwiki.org.
filename | created | hits | comment | version | filetype | ||
---|---|---|---|---|---|---|---|
No attachments for this item |