This project is a small modification to sfDoctrineGuardPlugin that i put together in order to have an elegant ACL integrated with a classy SSO. This modification that allows you to relay the sfGuard authentication to a CAS server, keeping profiles, groups and permissions of sfGuard. It works by comparing the CAS username with the username in the sfGuard database and forcing the login within sfGuard after successful authentication of CAS. Of course, this means that you need the user created in CAS and in sfGuard to coexist, although the only password that matters is the CAS one.
- Jonathan H. Wage (original author of sfGuard)
- Klaus Silveira (integrated CAS with sfGuard)
- Jeanmonod David (author of sfCASPlugin and the CAS utility class)
- implement the whole thing in a more elegant way
In order to install, you should follow the same steps to install sfDoctrineGuardPlugin. Just clone this GIT repository instead of the original SVN. After doing the classic steps, you need to configure your CAS server information. Modify your app.yml:
all:
cas:
server_name: 'cas.example.com'
server_port: 443
server_path: 'cas'
server_cert: '/path/to/cachain.pem'