Central Authentication System
Central Authentication System

CAS Sample Client Code: Perl

To integrate CAS into your perl application the following code will be required:

  1. openssl-0.9.6 - needed to generate ssl routine calls
  2. perl 5.002 - minimum version requirement
  3. Net_SSLeay.pm-1.21 - ssl routines to call CAS server
  4. (optionally) CASUtils.pm - TAMU implementation of CAS client code

To install the CAS code on your web server, you will need to make sure that the NetSSLeay.pm and CASUtils.pm modules are installed in your perl library path. This is typically /usr/local/lib/perl5/5.8.2 or different version after the perl5.

You will also need to make sure that your web server allows for execution of cgi scripts. With apache a sample httpd.conf file would have the following entries uncommented: /usr/local/apache/conf/httpd.conf 

    
        AddModule mod_cgi.c

        ScriptAlias /cgi-bin/ "/usr/local/apache/cgi-bin/"

        <Directory "/usr/local/apache/cgi-bin"> 
            AllowOverride None
            Options None
            Order allow,deny
            Allow from all
        </Directory>

        AddHandler cgi-script .cgi

To invoke the CAS server, you will need to change your perl code to call the CASUtils::check_login("--your protected page--") method before allowing the user to execute the perl code that needs to be protected. An example of this configuration is in validate.cgi. This code will redirect the user if they have not logged in to the CAS login page. When the user logs in, they will be redirected back to the page you pass into the check_login routine. If the user has logged in and has a valid session with the CAS server, the code will fall through and continue executing. A cookie that is stored in the users browser will be used to look up the session number stored on the CAS server so logging in through one service will also log the user into other services.

Sample Implementation

You can also implement the checks in your perl code without including the CASUtils.pm modules. You will still need to SSLeay routines. The sample code can be found in the sample code secure.cgi. In this sample code we use the netid-test server to authenticate our perl code located in the secure.cgi script. The first thing that we do in the code is to see if we have a valid ticket which on first pass we should not. Since we don't have a valid ticket, we perform a redirection to the login service and request that we return back to our routine by passing the location of our routine in the service variable. When we come back into the code, we should have a valid ticket. With this ticket, we validate our service by calling the cas server a second time. The validate routine returns a yes or a no and values of NetID, UIN, and SSN. These values are returned through the https return value and are surrounded by XML constructs.

Logout

You should also provide a mechanism to log the user out of the CAS authentication system. This can be done by calling the module on the CAS server. This is done by redirecting the user to https://netid.tamu.edu/cas/logout The logout.cgi script is an example of how to integrate this call into your perl code.