phpBB AuthCAS authentication module

Friday, November 30, 2007

Requirements

  • Apache 2
  • Apache2::AuthCAS
  • phpBB3 (tested with RC7)

Files

Description

This is an easy way to use a Central Authentication Service (CAS) to authenticate users to phpBB. It requires AuthCAS, which is an authentication module for the Apache webserver. I used Apache2::AuthCAS, but there is also a module for Apache 1. It’s actually a very simple modification to auth_apache.php, but it took me a while to figure out so I thought I’d share it.

Instructions

If you haven’t already, install AuthCAS using the instructions given on CPAN. Configure your httpd.conf or .htaccess (, etc.) to use AuthCAS on your phpBB site. For example, I put this in my httpd.conf:


    CASHost         "my.cas.server.edu"
    CASLoginURI     "/login"
    CASServiceValidateUri "/serviceValidate"
    CASErrorURL     "/auth_error.php"
    CASDbDataSource "dbname=cas"
    CASDbDriver     "mysql"
    CASDbUser       "mycasuser"
    CASDbPass       "mycaspass"

    AuthType Apache2::AuthCAS
    AuthName "CAS"
    PerlAuthenHandler Apache2::AuthCAS->authenticate
    require valid-user

Install auth_cas.php in /includes/auth/auth_cas.php of your phpBB directory.

Make sure you’ve created an account with the username that you’ll login with via CAS, and grant it admin permissions. This is necessary to be able to administer phpBB after you’ve switched authentication methods.

Finally, switch authentication methods in the Administrator Panel (the new one is called “Cas”). If you screw up and don’t have administrator access after you’ve switched to Cas authentication, you can replace auth_cas.php with auth_db.php to restore the original authentication method (although you’ll need to modify the function name in auth_cas.php so that it doesn’t conflict with the one in auth_db.php; cas_copy_auth_db.php has the correct modifications).

Known issues

The module uses the language strings made for the auth_apache.php module, which can be a little confusing. It’s not important enough for me to change them.

Comments are closed.