RubyCAS-Server free download, RubyCAS-Server download on software download

Open source implementation of a JA-SIG CAS server for single sign-on authentication for enterprise web apps RubyCAS-Server provides a single sign-on solution for web applications, implementing the server-end of JA-SIG's CAS protocol. CAS allows for single, centralized sign-on authentication for multiple web applications running under various frameworks (Java, Rails, PHP, etc.)The idea is similar to the way Yahoo, Google, and other major portal sites allow the user to authenticate using a central welcome page. Likewise, your CAS server provides the login page where the user enters their username and password. After successful authentication, the server dishes out 'service tickets' that grant access to the various CAS-protected services. Your CAS-protected services never see the user's real credentials, and logging in to one service grants access to all other services. The user only sees the login page once, hence "single sign-on".RubyCAS-Server is designed to be easy to set up and customize. You do not need to know anything about Ruby to run the server. The front end (the central login page) can be skinned using CSS, and the back-end authentication method for validating usernames and passwords can be configured to use an existing SQL database, Active Directory, LDAP server, etc. For more information on the CAS protocol, have a look at the official JA-SIG CAS page.In order to make your services (i.e. your web applications) CAS-protected, each service will require some configuration. Generally this is done by installing a CAS client library. For example for a Ruby on Rails application, you'll have to install RubyCAS-Client, which essentially acts like a standard controller filter. For PHP, install esup-phpcas and include a small block of code at the top of your CAS-protected PHP pages. For Java-based frameworks, you'll have to install the Java CAS Client and add some XML to your app server's configuration. Have a look at the JA-SIG CAS lients page for information on clients for other frameworks (.NET, Perl, Zope, ColdFusion, etc.). What's New in This Release: New functionality: · Implemented single-sign-out functionality as specified in CAS 3.3. See http://www.ja-sig.org/wiki/display/CASUM/Single+Sign+Out. · It is now possible to configure Authenticators to return extra attributes to CAS clients alongside the username. For an example of how to do this see the included SQL authenticator. Also have a look at: http://groups.google.com/group/rubycas-server/browse_thread/thread/5eade3793cb590e9 Note that extra attributes of type other than String or Numeric are serialized into YAML format before being sent along to the client. · Added an MD5-password version of the SQL authenticator for Drupal and any other database that stores its passwords in hashed form (thanks malcolmm). · Added new Google authenticator for authenticating against Google/GMail accounts. Changes to existing functionality: · Service URIs are now automatically normalized. For example, if the service URI given to the server has a 'ticket' parameter, the ticket will now be automatically stripped. This is to avert any possible issues raised by misbehaving CAS clients (the CAS ticket should never be part of the service URI). Same goes for other CAS-related parameters like 'service', 'renew', and 'gateway'. Additionally, the trailing '/' and '?' characters are automatically stripped from URLs, since, for example, "http://google.com/" is almost certainly equivalent to "http://google.com". · The expire_sessions config variable is now respected -- ticket granting ticket cookies are set with an expiry datetime, so that the SSO session is effectively terminated once the ticket_granting_ticket_expiry period is reached. · If present, the HTTP_X_FORWARDED_FOR header is used for recording the client's address. This is useful when the server is running behind a reverse proxy, but it should not be considered authoritative since it can be easily spoofed. · The 'service' field in the 'casserver_st' table has been changed from VARCHAR(255) to TEXT in order to accomodate service URIs longer than 255 characters (fixes issue #46). · The CAS XML responses are no longer whitespace-formatted (i.e. Markaby's auto-indentation has been turned off). Apparently the whitespace was causing problems with mod_auth_cas. See: http://groups.google.com/group/rubycas-server/browse_thread/thread/e482fe09999b73d3 · When used without pre-authentication, the LDAP authenticator now tries to bind by searching for the given username in the LDAP directory based on the configured username_attribute. Prior to this change the authenticator attempted to bind with the LDAP server by assuming that the username credential matches the user's CN. This is no longer the case. · CAS responses to invalid requests (for example where required parameters are missing or incorrect) will now have HTTP status code 422. Internal server errors (where the server rather than the client is at fault) have error 500. Previously most responses had error code 200, regardless of their contents. Bug fixes: · Fixed logout action to work properly with ActiveRecord 2.1 (eager loading behaviour was changed upstream forcing a change to the way we look for ProxyGrantingTickets to delete on logout). · When running under Mongrel, the USR2 signal should now restart the server as expected -- however currently this only works when the server is running in the foregaround. When daemonized, USR2 will shut down the server without restarting (see issue #58). · Fixed activerecord/activesupport gem load problems, hopefully once and for all (however picnic-0.7.0 is now required).

RubyCAS-Server Related Software