1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

CAS - Central Authentication Server

Discussion in 'XenForo Pre-Sales Questions' started by Fidelix, Aug 28, 2011.

  1. Fidelix

    Fidelix New Member

    We are interested in Xenforo for a project, but we need SSO with Drupal, Moodle and a custom-made software of ours.

    SSO between these systems is annoyingly simple to do in Drupal, Joomla, Moodle and others, by using the CAS project - Central Authentication Server.
    http://en.wikipedia.org/wiki/Central_Authentication_Service

    We are able to make SSO work with ANY systems we build, in ANY programming languages we want. This already works between several systems like:

    Joomla: http://joomlacode.org/gf/project/auth_manager/
    Drupal: http://drupal.org/project/cas
    Moodle: http://docs.moodle.org/20/en/CAS_server_(SSO)
    They all use the phpCAS library:
    phpCAS: https://wiki.jasig.org/display/CASC/phpCAS

    Is there any addon / internal support for CAS on XenForo? If not, may I suggest that you do this, as it would answer many SSO/integration requests?
     
    Digital Doctor likes this.
  2. Digital Doctor

    Digital Doctor Well-Known Member

    phpCAS.
    Cool stuff.
    I see a list of software that is supported here:
    https://wiki.jasig.org/display/CASC/Applications CASified with phpCAS
    Joomla and Moodle don't seem to be on the list.
    Wordpress ?
    phpBB3 ?

    Seems like a list that xenforo would benefit from being on !
     
  3. Digital Doctor

    Digital Doctor Well-Known Member

    What are the benefits / weaknesses of Jfusion for Joomla integration vs. CAS ?
     
  4. Digital Doctor

    Digital Doctor Well-Known Member

    If xenforo was a supported CAS product, would you be able to tie together more than 1 xenforo ?
    as requested here.
     
    Brandon Sheley likes this.
  5. Fidelix

    Fidelix New Member

    We have one Joomla project that has CAS as the Authentication Manager, integrated with moodle.

    Wordpress: http://wordpress.org/extend/plugins/cas-authentication/
    http://wordpress.org/extend/plugins/wpcas/
    http://www.andrejciho.com/wordpress-mu/wpmu-cas-integration/

    Certainly. It depends on the level of integration that is needed.

    Avatars, profile fields, etc can be done through CAS attributes, but this behavior would need to be tightly prepared by Xenforo to work smoothly.
    There are alternatives to CAS out there like JOSSO, OpenAM (former opensso) and Pubcookie, but we found CAS to be the most mature and widely adopted, and certainly have better community resources (like community documentation and collaboration).
     
  6. Awesome-o

    Awesome-o Active Member

    An excellent question.
     
  7. Fidelix

    Fidelix New Member

    Jfusion is not an authentication server.
    Jfusion has "Visual Integration".
    Jfusion won't run decently for large projects. Well, Joomla itself is not suited for large projects, so not a good idea to use JFusion for a large number of users.
    Jfusion has no flexibility whatsoever for authenticating the way you want. You'd have to code if you need to change the way you authenticate.
    Jfusion has no attributes synchronization.
    Jfusion has no proxy support
    Jfusion has no client proxy (pass the authentication request through several servers)
    CAS has other features that only a server implementation could have.

    I guess Jfusion is easier and simpler for the not so technical users (most of XenForo users). But if you need multiple platform authentication, attributes synchronization or a more complete, mature, reliable system, CAS is the way to go.
     
    Digital Doctor likes this.
  8. Digital Doctor

    Digital Doctor Well-Known Member

    What is this ?
    What are the implications of not having this ?
     
  9. Fidelix

    Fidelix New Member

    attributes synchronization
    A way to synchronize whichever data you need between multiple systems. User avatars, location, points, wathever.

    proxy support
    For the proxy authentication:
    http://www.jasig.org/cas/proxy-authentication

    For bare proxy access:
    There are secure servers out there that only connect to the internet through a proxied gateway. This is very common on universities and large companies.
     
    Digital Doctor likes this.
  10. Digital Doctor

    Digital Doctor Well-Known Member

    Thanks !

    I thought jfusion did some of that. Maybe not until jfusion 2.0 ?
     
  11. Fidelix

    Fidelix New Member

    No, not even in 2.0. Not with multiple systems.

    And with only 2 systems, Jfusion only syncs the default user data. If you add new fields to the user, say goodbye to syncing unless you're a good coder.
     
    Digital Doctor likes this.
  12. bambua

    bambua Well-Known Member

Share This Page