• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

CAS - Central Authentication Server

#1
We are interested in Xenforo for a project, but we need SSO with Drupal, Moodle and a custom-made software of ours.

SSO between these systems is annoyingly simple to do in Drupal, Joomla, Moodle and others, by using the CAS project - Central Authentication Server.
http://en.wikipedia.org/wiki/Central_Authentication_Service

We are able to make SSO work with ANY systems we build, in ANY programming languages we want. This already works between several systems like:

Joomla: http://joomlacode.org/gf/project/auth_manager/
Drupal: http://drupal.org/project/cas
Moodle: http://docs.moodle.org/20/en/CAS_server_(SSO)
They all use the phpCAS library:
phpCAS: https://wiki.jasig.org/display/CASC/phpCAS

Is there any addon / internal support for CAS on XenForo? If not, may I suggest that you do this, as it would answer many SSO/integration requests?
 

Digital Doctor

Well-known member
#2
phpCAS.
Cool stuff.
I see a list of software that is supported here:
https://wiki.jasig.org/display/CASC/Applications+CASified+with+phpCAS
pNews is an NNTP reader written in PHP.
Horde IMP, the famous PHP webmail
Tikiwiki, a PHP CMS
Mantis, a Bug Tracking System
SPIP, a multilingual Content Management System (CMS)
PhpGroupware
egroupware
Claroline
Drupal
chamilo
Simply Voting
Joomla and Moodle don't seem to be on the list.
Wordpress ?
phpBB3 ?

Seems like a list that xenforo would benefit from being on !
 
#5
phpCAS.
Cool stuff.
I see a list of software that is supported here:
https://wiki.jasig.org/display/CASC/Applications CASified with phpCAS

Joomla and Moodle don't seem to be on the list.
Wordpress ?
phpBB3 ?

Seems like a list that xenforo would benefit from being on !
We have one Joomla project that has CAS as the Authentication Manager, integrated with moodle.

Wordpress: http://wordpress.org/extend/plugins/cas-authentication/
http://wordpress.org/extend/plugins/wpcas/
http://www.andrejciho.com/wordpress-mu/wpmu-cas-integration/

If xenforo was a supported CAS product, would you be able to tie together more than 1 xenforo ?
Certainly. It depends on the level of integration that is needed.

Avatars, profile fields, etc can be done through CAS attributes, but this behavior would need to be tightly prepared by Xenforo to work smoothly.
There are alternatives to CAS out there like JOSSO, OpenAM (former opensso) and Pubcookie, but we found CAS to be the most mature and widely adopted, and certainly have better community resources (like community documentation and collaboration).
 

Fidelix

New member
#7
Jfusion is not an authentication server.
Jfusion has "Visual Integration".
Jfusion won't run decently for large projects. Well, Joomla itself is not suited for large projects, so not a good idea to use JFusion for a large number of users.
Jfusion has no flexibility whatsoever for authenticating the way you want. You'd have to code if you need to change the way you authenticate.
Jfusion has no attributes synchronization.
Jfusion has no proxy support
Jfusion has no client proxy (pass the authentication request through several servers)
CAS has other features that only a server implementation could have.

I guess Jfusion is easier and simpler for the not so technical users (most of XenForo users). But if you need multiple platform authentication, attributes synchronization or a more complete, mature, reliable system, CAS is the way to go.
 

Fidelix

New member
#9
attributes synchronization
A way to synchronize whichever data you need between multiple systems. User avatars, location, points, wathever.

proxy support
For the proxy authentication:
http://www.jasig.org/cas/proxy-authentication

For bare proxy access:
There are secure servers out there that only connect to the internet through a proxied gateway. This is very common on universities and large companies.
 
#11
No, not even in 2.0. Not with multiple systems.

And with only 2 systems, Jfusion only syncs the default user data. If you add new fields to the user, say goodbye to syncing unless you're a good coder.