rubycas-server 1.0 → 1.0.1
Sign up to get free protection for your applications and to get access to all the features.
- data/CHANGELOG +14 -1
- data/README.md +3 -34
- data/config/config.example.yml +592 -0
- data/config/unicorn.rb +88 -0
- data/config.ru +11 -0
- data/db/migrate/001_create_initial_structure.rb +47 -0
- data/lib/casserver/authenticators/active_resource.rb +5 -3
- data/lib/casserver/authenticators/sql_encrypted.rb +1 -0
- data/lib/casserver/server.rb +10 -4
- data/rubycas-server.gemspec +10 -10
- metadata +135 -186
data/CHANGELOG
CHANGED
@@ -1,4 +1,17 @@
|
|
1
|
-
=== 1.0.
|
1
|
+
=== 1.0.1 :: 2011-11-22
|
2
|
+
|
3
|
+
* NEW:
|
4
|
+
* On startup the server now checks for a config.yml file in its own root directory,
|
5
|
+
then in /etc/rubycas-server.
|
6
|
+
|
7
|
+
* FIXED:
|
8
|
+
* Compatibilty with Sinatra 1.3 (:public changed to :public_folder).
|
9
|
+
* Database migration files should now be correctly bundled with the gem distribution.
|
10
|
+
* Should work with both ActiveRecord >= 2.3.12 and < 3.1. Previously the dependency
|
11
|
+
was erronously set to accept only the 2.3.12 series.
|
12
|
+
* Specs now pass under ActiveRecord 2.3.12 in both Ruby 1.8 and 1.9
|
13
|
+
|
14
|
+
=== 1.0.0 :: 2011-08-03
|
2
15
|
|
3
16
|
* NEW:
|
4
17
|
* Rewrite to replace Camping/Picnic with Sinatra
|
data/README.md
CHANGED
@@ -1,36 +1,5 @@
|
|
1
|
-
#
|
1
|
+
# MOVED!
|
2
2
|
|
3
|
-
|
3
|
+
This repo has been moved to https://github.com/rubycas/rubycas-server.
|
4
4
|
|
5
|
-
|
6
|
-
Other portions are copyright of their respective authors.
|
7
|
-
|
8
|
-
## Authors
|
9
|
-
|
10
|
-
See http://github.com/gunark/rubycas-server/commits/
|
11
|
-
|
12
|
-
## Installation
|
13
|
-
|
14
|
-
on ubuntu using unicorn:
|
15
|
-
|
16
|
-
git clone git@github.com:seven1240/rubycas-server.git
|
17
|
-
cd rubycas-server
|
18
|
-
sudo bundle install
|
19
|
-
|
20
|
-
If it complains mysql connectivity, do this
|
21
|
-
|
22
|
-
apt-get install libmysqlclient16-dev
|
23
|
-
sudo gem install mysql2
|
24
|
-
|
25
|
-
copy resources/config.example.yml into /etc/rubycas-server/config.yml, there's way to put the config in other place, yet to document. Change the config to meet your requests.
|
26
|
-
|
27
|
-
You might also want to change config/unicorn.conf
|
28
|
-
|
29
|
-
unicorn -D -c config/unicorn.conf
|
30
|
-
|
31
|
-
For info and detailed installation instructions please see http://code.google.com/p/rubycas-server
|
32
|
-
|
33
|
-
## License
|
34
|
-
|
35
|
-
RubyCAS-Server is licensed for use under the terms of the MIT License.
|
36
|
-
See the LICENSE file bundled with the official RubyCAS-Server distribution for details.
|
5
|
+
The fork you are looking at is no longer updated. Please change your git remotes to the new rubycas URL.
|
@@ -0,0 +1,592 @@
|
|
1
|
+
# IMPORTANT NOTE ABOUT YAML CONFIGURATION FILES
|
2
|
+
# ---> Be sure to use spaces instead of tabs for indentation. YAML is
|
3
|
+
# white-space sensitive!
|
4
|
+
|
5
|
+
##### SERVER SETUP ################################################################
|
6
|
+
|
7
|
+
# There are several ways to run RubyCAS-Server:
|
8
|
+
#
|
9
|
+
# webrick -- stand-alone WEBrick server; should work out-of-the-box; this is
|
10
|
+
# the default method, but probably not suited for high-traffic usage
|
11
|
+
# mongrel -- stand-alone Mongrel server; fast, but you'll need to install
|
12
|
+
# and compile Mongrel and run it behind an https reverse proxy like
|
13
|
+
# Pound or Apache 2.2's mod_proxy (since Mongrel cannot serve out
|
14
|
+
# over SSL on its own).
|
15
|
+
# passenger -- served out by Apache via the mod_rails/mod_rack module
|
16
|
+
# (see http://www.modrails.com/)
|
17
|
+
#
|
18
|
+
# The following are exampe configurations for each of these three methods:
|
19
|
+
#
|
20
|
+
|
21
|
+
|
22
|
+
###
|
23
|
+
### WEBrick example
|
24
|
+
###
|
25
|
+
# WEBrick is a simple, all-Ruby web server. This is the easiest method for running
|
26
|
+
# RubyCAS-Server. All you need is an SSL certificate (enter its path under the
|
27
|
+
# ssl_cert option). WEBrick is fine for sites with low to medium traffic, but for
|
28
|
+
# high-performance scenarios you may want to look into deploying using Mongrel
|
29
|
+
# or Passenger.
|
30
|
+
|
31
|
+
server: webrick
|
32
|
+
port: 443
|
33
|
+
ssl_cert: /path/to/your/ssl.pem
|
34
|
+
|
35
|
+
# If your private key is in a separate file from the cert
|
36
|
+
|
37
|
+
#ssl_key: /path/to/your/private_key.pem
|
38
|
+
|
39
|
+
# If you do not already have an SSL certificate and would like to automatically
|
40
|
+
# generate one, run the "generate_ssl_certificate" rake task and use the following
|
41
|
+
# settings:
|
42
|
+
|
43
|
+
# ssl_cert: ssl/cert.pem
|
44
|
+
# ssl_key: ssl/key.pem
|
45
|
+
|
46
|
+
|
47
|
+
# By default the login page will be available at the root path
|
48
|
+
# (e.g. https://login.example.net/). The uri_path option lets you serve it from a
|
49
|
+
# different path (e.g. https://login.example.net/cas).
|
50
|
+
|
51
|
+
#uri_path: /cas
|
52
|
+
|
53
|
+
|
54
|
+
# This lets you bind the server to a specific address. Use 0.0.0.0 to listen on
|
55
|
+
# all available interfaces (this is the default).
|
56
|
+
|
57
|
+
#bind_address: 0.0.0.0
|
58
|
+
|
59
|
+
|
60
|
+
###
|
61
|
+
### Mongrel example
|
62
|
+
###
|
63
|
+
# Mongrel is much faster than WEBrick, but there are two caveats:
|
64
|
+
# 1. Since Mongrel can't serve out encrypted HTTP on its own (and CAS requires this),
|
65
|
+
# you will have to set up a reverse proxy like Pound or Apache's mod_proxy and
|
66
|
+
# route through it requests to the Mongrel server. So for example,
|
67
|
+
# your Pound server will receive all of the requests to RubyCAS-Server on port 443,
|
68
|
+
# and forward them to the Mongrel server listening on port 11011.
|
69
|
+
# 2. Some of Mongrel's components are compiled into native binaries, so if you are
|
70
|
+
# installing on Linux, make sure you have all of the standard build tools
|
71
|
+
# available. The binaries should be automatically compiled for you when you
|
72
|
+
# install the mogrel gem (if you're runnings Windows, pre-compiled
|
73
|
+
# binaries will be downloaded and installed, so don't worry about this).
|
74
|
+
|
75
|
+
#server: mongrel
|
76
|
+
#port: 11011
|
77
|
+
|
78
|
+
|
79
|
+
# Bind the server to a specific address. Use 0.0.0.0 to listen on all
|
80
|
+
# available interfaces (this is the default).
|
81
|
+
|
82
|
+
#bind_address: 0.0.0.0
|
83
|
+
|
84
|
+
### Reverse proxy configuration examples
|
85
|
+
# If you're using mod_proxy, your Apache vhost config should look something like this:
|
86
|
+
#
|
87
|
+
# Listen 443
|
88
|
+
# <VirtualHost *:443>
|
89
|
+
# ServerAdmin admin@example.net
|
90
|
+
# ServerName login.example.net
|
91
|
+
#
|
92
|
+
# SSLEngine On
|
93
|
+
# SSLCertificateFile /etc/apache2/ssl.crt/example.pem
|
94
|
+
#
|
95
|
+
# # Don't do forward proxying, we only want reverse proxying
|
96
|
+
# ProxyRequests Off
|
97
|
+
#
|
98
|
+
# <Proxy balancer://rubycas>
|
99
|
+
# Order allow,deny
|
100
|
+
# Allow from all
|
101
|
+
# BalancerMember http://127.0.0.1:11011
|
102
|
+
# </Proxy>
|
103
|
+
# </VirtualHost>
|
104
|
+
#
|
105
|
+
# For Pound, the config should be something like:
|
106
|
+
#
|
107
|
+
# ListenHTTPS
|
108
|
+
# Address 0.0.0.0
|
109
|
+
# Port 11011
|
110
|
+
# Cert "/etc/ssl/example.pem"
|
111
|
+
#
|
112
|
+
# Service
|
113
|
+
# BackEnd
|
114
|
+
# Address localhost
|
115
|
+
# Port 443
|
116
|
+
# End
|
117
|
+
# End
|
118
|
+
# End
|
119
|
+
|
120
|
+
|
121
|
+
###
|
122
|
+
### Phusion Passenger (running under Apache configured for SSL)
|
123
|
+
###
|
124
|
+
|
125
|
+
# No additional configuration is requried to run RubyCAS-Server under
|
126
|
+
# passsenger. Just follow the normal instructions for a Passenger app
|
127
|
+
# (see http://www.modrails.com/).
|
128
|
+
#
|
129
|
+
# Here's an example Apache vhost config for RubyCAS-Server and Passenger:
|
130
|
+
#
|
131
|
+
# Listen 443
|
132
|
+
# <VirtualHost *:443>
|
133
|
+
# ServerAdmin admin@example.net
|
134
|
+
# ServerName login.example.net
|
135
|
+
#
|
136
|
+
# SSLEngine On
|
137
|
+
# SSLCertificateFile /etc/apache2/ssl.crt/example.pem
|
138
|
+
#
|
139
|
+
# RailsAutoDetect off
|
140
|
+
#
|
141
|
+
# DocumentRoot /usr/lib/ruby/gems/1.8/gems/rubycas-server-0.8.0/public
|
142
|
+
#
|
143
|
+
# <Directory "/usr/lib/ruby/gems/1.8/gems/rubycas-server-0.8.0/public">
|
144
|
+
# AllowOverride all
|
145
|
+
# Allow from all
|
146
|
+
# </Directory>
|
147
|
+
# </VirtualHost>
|
148
|
+
#
|
149
|
+
|
150
|
+
|
151
|
+
##### DATABASE #################################################################
|
152
|
+
|
153
|
+
# Set up the database connection. Make sure that this database is secure!
|
154
|
+
#
|
155
|
+
# By default, we use MySQL, since it is widely used and does not require any
|
156
|
+
# additional ruby libraries besides ActiveRecord.
|
157
|
+
#
|
158
|
+
# With MySQL, your config would be something like the following:
|
159
|
+
# (be sure to create the casserver database in MySQL beforehand,
|
160
|
+
# i.e. `mysqladmin -u root create casserver`)
|
161
|
+
|
162
|
+
database:
|
163
|
+
adapter: mysql
|
164
|
+
database: casserver
|
165
|
+
username: root
|
166
|
+
password:
|
167
|
+
host: localhost
|
168
|
+
reconnect: true
|
169
|
+
|
170
|
+
# IMPORTANT! By default, the server can handle up to ~5 concurrent requests
|
171
|
+
# (without queuing). You can increase this by setting the database connection
|
172
|
+
# pool size to a higher number. For example, to handle up to ~10 concurrent
|
173
|
+
# requests:
|
174
|
+
#
|
175
|
+
#database:
|
176
|
+
# pool: 10
|
177
|
+
# adapter: mysql
|
178
|
+
# database: casserver
|
179
|
+
# username: root
|
180
|
+
# password:
|
181
|
+
# host: localhost
|
182
|
+
|
183
|
+
#
|
184
|
+
# Instead of MySQL you can use SQLite3, PostgreSQL, MSSQL, or anything else
|
185
|
+
# supported by ActiveRecord.
|
186
|
+
#
|
187
|
+
# With SQLite3 (which does not require a separate database server), your
|
188
|
+
# configuration would look something like the following (don't forget to install
|
189
|
+
# the sqlite3-ruby gem beforehand!):
|
190
|
+
|
191
|
+
#database:
|
192
|
+
# adapter: sqlite3
|
193
|
+
# database: /var/lib/casserver.db
|
194
|
+
|
195
|
+
|
196
|
+
# By default RubyCAS-Server will run migrations at every startup to ensure
|
197
|
+
# that its database schema is up-to-date. To disable this behaviour set
|
198
|
+
# the following option to true:
|
199
|
+
|
200
|
+
#disable_auto_migrations: true
|
201
|
+
|
202
|
+
##### AUTHENTICATION ###########################################################
|
203
|
+
|
204
|
+
# Configure how username/passwords are validated.
|
205
|
+
#
|
206
|
+
# !!! YOU MUST CONFIGURE AT LEAST ONE OF THESE AUTHENTICATION METHODS !!!
|
207
|
+
#
|
208
|
+
# There are several built-in methods for authentication:
|
209
|
+
# SQL, ActiveDirectory, LDAP, and GoogleAccounts. If none of these work for you,
|
210
|
+
# it is relatively easy to write your own custom Authenticator class (see below).
|
211
|
+
#
|
212
|
+
# === SQL Authentication =======================================================
|
213
|
+
#
|
214
|
+
# The simplest method is to validate against a SQL database. This assumes
|
215
|
+
# that all of your users are stored in a table that has a 'username' column
|
216
|
+
# and a 'password' column. When the user logs in, CAS connects to this database
|
217
|
+
# and looks for a matching username/password in the users table. If a matching
|
218
|
+
# username and password is found, authentication is successful.
|
219
|
+
#
|
220
|
+
# If you prefer to have your passwords stored in an encrypted form, have a
|
221
|
+
# look at the SQLEncrypted authenticator:
|
222
|
+
# http://code.google.com/p/rubycas-server/wiki/UsingTheSQLEncryptedAuthenticator
|
223
|
+
#
|
224
|
+
# If your users table stores passwords with MD5 hashing (for example as with
|
225
|
+
# Drupal) try using the SQLMd5 version of the SQL authenticator.
|
226
|
+
#
|
227
|
+
# Example:
|
228
|
+
#
|
229
|
+
#authenticator:
|
230
|
+
# class: CASServer::Authenticators::SQL
|
231
|
+
# database:
|
232
|
+
# adapter: mysql
|
233
|
+
# database: some_database_with_users_table
|
234
|
+
# username: root
|
235
|
+
# password:
|
236
|
+
# host: localhost
|
237
|
+
# user_table: users
|
238
|
+
# username_column: username
|
239
|
+
# password_column: password
|
240
|
+
#
|
241
|
+
# When replying to a CAS client's validation request, the server will normally
|
242
|
+
# provide the client with the authenticated user's username. However it is
|
243
|
+
# possible for the server to provide the client with additional attributes.
|
244
|
+
# You can configure the SQL authenticator to provide data from additional
|
245
|
+
# columns in the users table by listing the names of the columns under the
|
246
|
+
# 'extra_attributes' option. Note though that this functionality is experimental.
|
247
|
+
# It should work with RubyCAS-Client, but may or may not work with other CAS
|
248
|
+
# clients.
|
249
|
+
#
|
250
|
+
# For example, with this configuration, the 'full_name' and 'access_level'
|
251
|
+
# columns will be provided to your CAS clients along with the username:
|
252
|
+
#
|
253
|
+
#authenticator:
|
254
|
+
# class: CASServer::Authenticators::SQL
|
255
|
+
# database:
|
256
|
+
# adapter: mysql
|
257
|
+
# database: some_database_with_users_table
|
258
|
+
# user_table: users
|
259
|
+
# username_column: username
|
260
|
+
# password_column: password
|
261
|
+
# extra_attributes: full_name, access_level
|
262
|
+
#
|
263
|
+
#
|
264
|
+
#
|
265
|
+
# === Google Authentication ====================================================
|
266
|
+
#
|
267
|
+
# The Google authenticator allows users to log in to your CAS server using
|
268
|
+
# their Google account credentials (i.e. the same email and password they
|
269
|
+
# would use to log in to Google services like Gmail). This authenticator
|
270
|
+
# requires no special configuration -- just specify its class name:
|
271
|
+
#
|
272
|
+
#authenticator:
|
273
|
+
# class: CASServer::Authenticators::Google
|
274
|
+
#
|
275
|
+
# If you are behind an http proxy, you can try specifying proxy settings as follows:
|
276
|
+
#
|
277
|
+
#authenticator:
|
278
|
+
# class: CASServer::Authenticators::Google
|
279
|
+
# proxy:
|
280
|
+
# host: your-proxy-server
|
281
|
+
# port: 8080
|
282
|
+
# username: nil
|
283
|
+
# password: nil
|
284
|
+
#
|
285
|
+
# Note that as with all authenticators, it is possible to use the Google
|
286
|
+
# authenticator alongside other authenticators. For example, CAS can first
|
287
|
+
# attempt to validate the account with Google, and if that fails, fall back
|
288
|
+
# to some other local authentication mechanism.
|
289
|
+
#
|
290
|
+
# For example:
|
291
|
+
#
|
292
|
+
#authenticator:
|
293
|
+
# - class: CASServer::Authenticators::Google
|
294
|
+
# - class: CASServer::Authenticators::SQL
|
295
|
+
# database:
|
296
|
+
# adapter: mysql
|
297
|
+
# database: some_database_with_users_table
|
298
|
+
# username: root
|
299
|
+
# password:
|
300
|
+
# host: localhost
|
301
|
+
# user_table: user
|
302
|
+
# username_column: username
|
303
|
+
# password_column: password
|
304
|
+
#
|
305
|
+
#
|
306
|
+
# === ActiveDirectory Authentication ===========================================
|
307
|
+
#
|
308
|
+
# This method authenticates against Microsoft's Active Directory using LDAP.
|
309
|
+
# You must configure the ActiveDirectory server, and base DN. The port number
|
310
|
+
# and LDAP filter are optional. You must also enter a CN and password
|
311
|
+
# for a special "authenticator" user. This account is used to log in to
|
312
|
+
# the ActiveDirectory server and search LDAP. This does not have to be an
|
313
|
+
# administrative account -- it only has to be able to search for other
|
314
|
+
# users.
|
315
|
+
#
|
316
|
+
# Note that the auth_user parameter must be the user's CN (Common Name).
|
317
|
+
# In Active Directory, the CN is genarally the user's full name, which is usually
|
318
|
+
# NOT the same as their username (sAMAccountName).
|
319
|
+
#
|
320
|
+
# For example:
|
321
|
+
#
|
322
|
+
#authenticator:
|
323
|
+
# class: CASServer::Authenticators::ActiveDirectoryLDAP
|
324
|
+
# ldap:
|
325
|
+
# host: ad.example.net
|
326
|
+
# port: 389
|
327
|
+
# base: dc=example,dc=net
|
328
|
+
# filter: (objectClass=person)
|
329
|
+
# auth_user: authenticator
|
330
|
+
# auth_password: itsasecret
|
331
|
+
#
|
332
|
+
# A more complicated example, where the authenticator will use TLS encryption,
|
333
|
+
# will ignore users with disabled accounts, and will pass on the 'cn' and 'mail'
|
334
|
+
# attributes to CAS clients:
|
335
|
+
#
|
336
|
+
#authenticator:
|
337
|
+
# class: CASServer::Authenticators::ActiveDirectoryLDAP
|
338
|
+
# ldap:
|
339
|
+
# host: ad.example.net
|
340
|
+
# port: 636
|
341
|
+
# base: dc=example,dc=net
|
342
|
+
# filter: (objectClass=person) & !(msExchHideFromAddressLists=TRUE)
|
343
|
+
# auth_user: authenticator
|
344
|
+
# auth_password: itsasecret
|
345
|
+
# encryption: simple_tls
|
346
|
+
# extra_attributes: cn, mail
|
347
|
+
#
|
348
|
+
# It is possible to authenticate against Active Directory without the
|
349
|
+
# authenticator user, but this requires that users type in their CN as
|
350
|
+
# the username rather than typing in their sAMAccountName. In other words
|
351
|
+
# users will likely have to authenticate by typing their full name,
|
352
|
+
# rather than their username. If you prefer to do this, then just
|
353
|
+
# omit the auth_user and auth_password values in the above example.
|
354
|
+
#
|
355
|
+
#
|
356
|
+
# === LDAP Authentication ======================================================
|
357
|
+
#
|
358
|
+
# This is a more general version of the ActiveDirectory authenticator.
|
359
|
+
# The configuration is similar, except you don't need an authenticator
|
360
|
+
# username or password. The following example has been reported to work
|
361
|
+
# for a basic OpenLDAP setup.
|
362
|
+
#
|
363
|
+
#authenticator:
|
364
|
+
# class: CASServer::Authenticators::LDAP
|
365
|
+
# ldap:
|
366
|
+
# host: ldap.example.net
|
367
|
+
# port: 389
|
368
|
+
# base: dc=example,dc=net
|
369
|
+
# username_attribute: uid
|
370
|
+
# filter: (objectClass=person)
|
371
|
+
#
|
372
|
+
# If you need more secure connections via TSL, specify the 'encryption'
|
373
|
+
# option and change the port. This example also forces the authenticator
|
374
|
+
# to connect using a special "authenticator" user with the given
|
375
|
+
# username and password (see the ActiveDirectoryLDAP authenticator
|
376
|
+
# explanation above):
|
377
|
+
#
|
378
|
+
#authenticator:
|
379
|
+
# class: CASServer::Authenticators::LDAP
|
380
|
+
# ldap:
|
381
|
+
# host: ldap.example.net
|
382
|
+
# port: 636
|
383
|
+
# base: dc=example,dc=net
|
384
|
+
# filter: (objectClass=person)
|
385
|
+
# encryption: simple_tls
|
386
|
+
# auth_user: cn=admin,dc=example,dc=net
|
387
|
+
# auth_password: secret
|
388
|
+
#
|
389
|
+
# If you need additional data about the user passed to the client (for example,
|
390
|
+
# their 'cn' and 'mail' attributes, you can specify the list of attributes
|
391
|
+
# under the extra_attributes config option:
|
392
|
+
#
|
393
|
+
#authenticator:
|
394
|
+
# class: CASServer::Authenticators::LDAP
|
395
|
+
# ldap:
|
396
|
+
# host: ldap.example.net
|
397
|
+
# port: 389
|
398
|
+
# base: dc=example,dc=net
|
399
|
+
# filter: (objectClass=person)
|
400
|
+
# extra_attributes: cn, mail
|
401
|
+
#
|
402
|
+
# Note that the above functionality is somewhat limited by client compatibility.
|
403
|
+
# See the SQL authenticator notes above for more info.
|
404
|
+
#
|
405
|
+
#
|
406
|
+
# === Custom Authentication ====================================================
|
407
|
+
#
|
408
|
+
# It should be relatively easy to write your own Authenticator class. Have a look
|
409
|
+
# at the built-in authenticators in the casserver/authenticators directory. Your
|
410
|
+
# authenticator should extend the CASServer::Authenticators::Base class and must
|
411
|
+
# implement a validate() method that takes a single hash argument. When the user
|
412
|
+
# submits the login form, the username and password they entered is passed to
|
413
|
+
# validate() as a hash under :username and :password keys. In the future, this
|
414
|
+
# hash might also contain other data such as the domain that the user is logging
|
415
|
+
# in to.
|
416
|
+
#
|
417
|
+
# To use your custom authenticator, specify it's class name and path to the
|
418
|
+
# source file in the authenticator section of the config. Any other parameters
|
419
|
+
# you specify in the authenticator configuration will be passed on to the
|
420
|
+
# authenticator and made availabe in the validate() method as an @options hash.
|
421
|
+
#
|
422
|
+
# Example:
|
423
|
+
#
|
424
|
+
#authenticator:
|
425
|
+
# class: FooModule::MyCustomAuthenticator
|
426
|
+
# source: /path/to/source.rb
|
427
|
+
# option_a: foo
|
428
|
+
# another_option: yeeha
|
429
|
+
#
|
430
|
+
# === Multiple Authenticators ==================================================
|
431
|
+
#
|
432
|
+
# If you need to have more than one source for authentication, such as an LDAP
|
433
|
+
# directory and a database, you can use multiple authenticators by making
|
434
|
+
# :authenticator an array of authenticators.
|
435
|
+
#
|
436
|
+
#authenticator:
|
437
|
+
# -
|
438
|
+
# class: CASServer::Authenticators::ActiveDirectoryLDAP
|
439
|
+
# ldap:
|
440
|
+
# host: ad.example.net
|
441
|
+
# port: 389
|
442
|
+
# base: dc=example,dc=net
|
443
|
+
# filter: (objectClass=person)
|
444
|
+
# -
|
445
|
+
# class: CASServer::Authenticators::SQL
|
446
|
+
# database:
|
447
|
+
# adapter: mysql
|
448
|
+
# database: some_database_with_users_table
|
449
|
+
# username: root
|
450
|
+
# password:
|
451
|
+
# host: localhost
|
452
|
+
# user_table: user
|
453
|
+
# username_column: username
|
454
|
+
# password_column: password
|
455
|
+
#
|
456
|
+
# During authentication, the user credentials will be checked against the first
|
457
|
+
# authenticator and on failure fall through to the second authenticator.
|
458
|
+
#
|
459
|
+
|
460
|
+
|
461
|
+
##### LOOK & FEEL ##############################################################
|
462
|
+
|
463
|
+
# Set the path to the theme directory that determines how your CAS pages look.
|
464
|
+
#
|
465
|
+
# Custom themes are not well supported yet, but will be in the near future. In
|
466
|
+
# the meantime, if you want to create a custom theme, you can create a
|
467
|
+
# subdirectory under the CASServer's themes dir (for example,
|
468
|
+
# '/usr/lib/ruby/1.8/gems/casserver-xxx/public/themes', if you installed CASServer
|
469
|
+
# on Linux as a gem). A theme is basically just a theme.css file that overrides
|
470
|
+
# the themes/cas.css styles along with a collection of image files
|
471
|
+
# like logo.png and bg.png.
|
472
|
+
#
|
473
|
+
# By default, we use the 'simple' theme which you can find in themes/simple.
|
474
|
+
theme: simple
|
475
|
+
|
476
|
+
# The name of your company/organization. This will show up on the login page.
|
477
|
+
organization: CAS
|
478
|
+
|
479
|
+
# A short bit of text that shows up on the login page. You can make this blank
|
480
|
+
# if you prefer to have no extra text shown at the bottom of the login box.
|
481
|
+
infoline: Powered by <a href="http://code.google.com/p/rubycas-server/">RubyCAS-Server</a>
|
482
|
+
|
483
|
+
# Custom views directory. If set, this will be used instead of 'lib/casserver/views'.
|
484
|
+
#custom_views: /path/to/custom/views
|
485
|
+
|
486
|
+
# Custom public directory. If set, static content (css, etc.) will be served from here rather
|
487
|
+
# than from rubycas-server's internal 'public' directory (but be mindful of any overriding
|
488
|
+
# settings you may have in your web server's config).
|
489
|
+
#public_dir: /path/to/custom/public
|
490
|
+
|
491
|
+
##### LOCALIZATION (L10N) #######################################################
|
492
|
+
# The server will attempt to detect the user's locale and show text in the
|
493
|
+
# appropriate language based on:
|
494
|
+
#
|
495
|
+
# 1. The 'lang' URL parameter (if any)
|
496
|
+
# 2. The 'lang' cookie (if any)
|
497
|
+
# 3. The HTTP_ACCEPT_LANGUAGE header supplied by the user's browser.
|
498
|
+
# 4. The HTTP_USER_AGENT header supplied by the user's browser.
|
499
|
+
#
|
500
|
+
# If the locale cannot be established based on one of the above checks (in the
|
501
|
+
# shown order), then the below 'default_locale' option will be used.
|
502
|
+
#
|
503
|
+
# The format is the same as standard linux locales (langagecode_COUNTRYCODE):
|
504
|
+
#
|
505
|
+
# ru_RU - Russian, Russia
|
506
|
+
# eo_AQ - Esperanto, Antarctica
|
507
|
+
#
|
508
|
+
# It will also work if you leave out the region (i.e. just "ru" for Russian,
|
509
|
+
# "eo" for Esperanto).
|
510
|
+
#
|
511
|
+
# If you are interested in contributing new translations or have corrections
|
512
|
+
# to the existing translations, see
|
513
|
+
# http://code.google.com/p/rubycas-server/wiki/HowToContribueTranslations
|
514
|
+
#
|
515
|
+
default_locale: en
|
516
|
+
|
517
|
+
##### LOGGING ##################################################################
|
518
|
+
|
519
|
+
# Configure general logging. This log is where you'll want to look in case of
|
520
|
+
# problems.
|
521
|
+
#
|
522
|
+
# You may want to change the file to something like /var/log/casserver.log
|
523
|
+
# Set the level to DEBUG if you want more detailed logging.
|
524
|
+
|
525
|
+
log:
|
526
|
+
file: /var/log/casserver.log
|
527
|
+
level: INFO
|
528
|
+
|
529
|
+
|
530
|
+
# If you want full database logging, uncomment this next section.
|
531
|
+
# Every SQL query will be logged here. This is useful for debugging database
|
532
|
+
# problems.
|
533
|
+
|
534
|
+
#db_log:
|
535
|
+
# file: /var/log/casserver_db.log
|
536
|
+
|
537
|
+
|
538
|
+
# Setting the following option to true will disable CLI output to stdout.
|
539
|
+
# i.e. this will get rid of messages like ">>> Redirecting RubyCAS-Server log..."
|
540
|
+
# This is useful when, for example, you're running rspecs.
|
541
|
+
|
542
|
+
#quiet: true
|
543
|
+
|
544
|
+
|
545
|
+
##### SINGLE SIGN-OUT ##########################################################
|
546
|
+
|
547
|
+
# When a user logs in to a CAS-enabled client application, that application
|
548
|
+
# generally opens its own local user session. When the user then logs out
|
549
|
+
# through the CAS server, each of the CAS-enabled client applications need
|
550
|
+
# to be notified so that they can close their own local sessions for that user.
|
551
|
+
#
|
552
|
+
# Up until recently this was not possible within CAS. However, a method for
|
553
|
+
# performing this notification was recently added to the protocol (in CAS 3.1).
|
554
|
+
# This works exactly as described above -- when the user logs out, the CAS
|
555
|
+
# server individually contacts each client service and notifies it of the
|
556
|
+
# logout. Currently not all client applications support this, so this
|
557
|
+
# behaviour is disabled by default. To enable it, uncomment the following
|
558
|
+
# configuration line. Note that currently it is not possible to enable
|
559
|
+
# or disable single-sign-out on a per-service basis, but this functionality
|
560
|
+
# is planned for a future release.
|
561
|
+
|
562
|
+
#enable_single_sign_out: true
|
563
|
+
|
564
|
+
|
565
|
+
##### OTHER ####################################################################
|
566
|
+
|
567
|
+
# You can set various ticket expiry times (specify the value in seconds).
|
568
|
+
|
569
|
+
# Unused login and service tickets become unusable this many seconds after
|
570
|
+
# they are created. (Defaults to 5 minutes)
|
571
|
+
|
572
|
+
#maximum_unused_login_ticket_lifetime: 300
|
573
|
+
#maximum_unused_service_ticket_lifetime: 300
|
574
|
+
|
575
|
+
# The server must periodically delete old tickets (login tickets, service tickets
|
576
|
+
# proxy-granting tickets, and ticket-granting tickets) to prevent buildup of
|
577
|
+
# stale data. This effectively limits the maximum length of a CAS session to
|
578
|
+
# the lifetime given here (in seconds). (Defaults to 48 hours)
|
579
|
+
#
|
580
|
+
# Note that this limit is not enforced on the client side; it refers only to the
|
581
|
+
# the maximum lifetime of tickets on the CAS server.
|
582
|
+
|
583
|
+
#maximum_session_lifetime: 172800
|
584
|
+
|
585
|
+
|
586
|
+
# If you want the usernames entered on the login page to be automatically
|
587
|
+
# downcased (converted to lowercase), enable the following option. When this
|
588
|
+
# option is set to true, if the user enters "JSmith" as their username, the
|
589
|
+
# system will automatically
|
590
|
+
# convert this to "jsmith".
|
591
|
+
|
592
|
+
#downcase_username: true
|
data/config/unicorn.rb
ADDED
@@ -0,0 +1,88 @@
|
|
1
|
+
# Sample configuration file for Unicorn (not Rack)
|
2
|
+
#
|
3
|
+
# See http://unicorn.bogomips.org/Unicorn/Configurator.html for complete
|
4
|
+
# documentation.
|
5
|
+
SINATRA_ROOT = `pwd`.strip
|
6
|
+
|
7
|
+
# Use at least one worker per core if you're on a dedicated server,
|
8
|
+
# more will usually help for _short_ waits on databases/caches.
|
9
|
+
worker_processes 3
|
10
|
+
|
11
|
+
# Help ensure your application will always spawn in the symlinked
|
12
|
+
# "current" directory that Capistrano sets up.
|
13
|
+
working_directory SINATRA_ROOT # available in 0.94.0+
|
14
|
+
|
15
|
+
# listen on both a Unix domain socket and a TCP port,
|
16
|
+
# we use a shorter backlog for quicker failover when busy
|
17
|
+
# listen "/tmp/.sock", :backlog => 64
|
18
|
+
listen 18889, :tcp_nopush => true
|
19
|
+
|
20
|
+
# nuke workers after 30 seconds instead of 60 seconds (the default)
|
21
|
+
timeout 30
|
22
|
+
|
23
|
+
# feel free to point this anywhere accessible on the filesystem
|
24
|
+
|
25
|
+
pid "#{SINATRA_ROOT}/tmp/pids/unicorn.pid"
|
26
|
+
|
27
|
+
# relative_path "/test_platform"
|
28
|
+
# some applications/frameworks log to stderr or stdout, so prevent
|
29
|
+
# them from going to /dev/null when daemonized here:
|
30
|
+
stderr_path "#{SINATRA_ROOT}/log/unicorn.stderr.log"
|
31
|
+
stdout_path "#{SINATRA_ROOT}/log/unicorn.stdout.log"
|
32
|
+
|
33
|
+
# combine REE with "preload_app true" for memory savings
|
34
|
+
# http://rubyenterpriseedition.com/faq.html#adapt_apps_for_cow
|
35
|
+
preload_app false
|
36
|
+
GC.respond_to?(:copy_on_write_friendly=) and
|
37
|
+
GC.copy_on_write_friendly = true
|
38
|
+
|
39
|
+
before_fork do |server, worker|
|
40
|
+
# the following is highly recomended for Rails + "preload_app true"
|
41
|
+
# as there's no need for the master process to hold a connection
|
42
|
+
# defined?(ActiveRecord::Base) and
|
43
|
+
# ActiveRecord::Base.connection.disconnect!
|
44
|
+
|
45
|
+
# The following is only recommended for memory/DB-constrained
|
46
|
+
# installations. It is not needed if your system can house
|
47
|
+
# twice as many worker_processes as you have configured.
|
48
|
+
#
|
49
|
+
# # This allows a new master process to incrementally
|
50
|
+
# # phase out the old master process with SIGTTOU to avoid a
|
51
|
+
# # thundering herd (especially in the "preload_app false" case)
|
52
|
+
# # when doing a transparent upgrade. The last worker spawned
|
53
|
+
# # will then kill off the old master process with a SIGQUIT.
|
54
|
+
old_pid = "#{server.config[:pid]}.oldbin"
|
55
|
+
|
56
|
+
puts 'pid:'
|
57
|
+
puts '-------------------'
|
58
|
+
puts server.pid
|
59
|
+
puts old_pid
|
60
|
+
puts '---------------------'
|
61
|
+
|
62
|
+
if old_pid != server.pid
|
63
|
+
begin
|
64
|
+
sig = (worker.nr + 1) >= server.worker_processes ? :QUIT : :TTOU
|
65
|
+
Process.kill(sig, File.read(old_pid).to_i)
|
66
|
+
rescue Errno::ENOENT, Errno::ESRCH
|
67
|
+
end
|
68
|
+
end
|
69
|
+
#
|
70
|
+
# # *optionally* throttle the master from forking too quickly by sleeping
|
71
|
+
sleep 1
|
72
|
+
end
|
73
|
+
|
74
|
+
after_fork do |server, worker|
|
75
|
+
# per-process listener ports for debugging/admin/migrations
|
76
|
+
# addr = "127.0.0.1:#{9293 + worker.nr}"
|
77
|
+
# server.listen(addr, :tries => -1, :delay => 5, :tcp_nopush => true)
|
78
|
+
|
79
|
+
# the following is *required* for Rails + "preload_app true",
|
80
|
+
# defined?(ActiveRecord::Base) and
|
81
|
+
# ActiveRecord::Base.establish_connection
|
82
|
+
|
83
|
+
# if preload_app is true, then you may also want to check and
|
84
|
+
# restart any other shared sockets/descriptors such as Memcached,
|
85
|
+
# and Redis. TokyoCabinet file handles are safe to reuse
|
86
|
+
# between any number of forked children (assuming your kernel
|
87
|
+
# correctly implements pread()/pwrite() system calls)
|
88
|
+
end
|
data/config.ru
ADDED
@@ -0,0 +1,47 @@
|
|
1
|
+
class CreateInitialStructure < ActiveRecord::Migration
|
2
|
+
def self.up
|
3
|
+
# Oracle table names cannot exceed 30 chars...
|
4
|
+
# See http://code.google.com/p/rubycas-server/issues/detail?id=15
|
5
|
+
create_table 'casserver_lt', :force => true do |t|
|
6
|
+
t.string 'ticket', :null => false
|
7
|
+
t.timestamp 'created_on', :null => false
|
8
|
+
t.datetime 'consumed', :null => true
|
9
|
+
t.string 'client_hostname', :null => false
|
10
|
+
end
|
11
|
+
|
12
|
+
create_table 'casserver_st', :force => true do |t|
|
13
|
+
t.string 'ticket', :null => false
|
14
|
+
t.text 'service', :null => false
|
15
|
+
t.timestamp 'created_on', :null => false
|
16
|
+
t.datetime 'consumed', :null => true
|
17
|
+
t.string 'client_hostname', :null => false
|
18
|
+
t.string 'username', :null => false
|
19
|
+
t.string 'type', :null => false
|
20
|
+
t.integer 'granted_by_pgt_id', :null => true
|
21
|
+
t.integer 'granted_by_tgt_id', :null => true
|
22
|
+
end
|
23
|
+
|
24
|
+
create_table 'casserver_tgt', :force => true do |t|
|
25
|
+
t.string 'ticket', :null => false
|
26
|
+
t.timestamp 'created_on', :null => false
|
27
|
+
t.string 'client_hostname', :null => false
|
28
|
+
t.string 'username', :null => false
|
29
|
+
t.text 'extra_attributes', :null => true
|
30
|
+
end
|
31
|
+
|
32
|
+
create_table 'casserver_pgt', :force => true do |t|
|
33
|
+
t.string 'ticket', :null => false
|
34
|
+
t.timestamp 'created_on', :null => false
|
35
|
+
t.string 'client_hostname', :null => false
|
36
|
+
t.string 'iou', :null => false
|
37
|
+
t.integer 'service_ticket_id', :null => false
|
38
|
+
end
|
39
|
+
end # self.up
|
40
|
+
|
41
|
+
def self.down
|
42
|
+
drop_table 'casserver_pgt'
|
43
|
+
drop_table 'casserver_tgt'
|
44
|
+
drop_table 'casserver_st'
|
45
|
+
drop_table 'casserver_lt'
|
46
|
+
end # self.down
|
47
|
+
end
|
@@ -25,9 +25,8 @@ module CASServer
|
|
25
25
|
class Identity < ActiveResource::Base
|
26
26
|
|
27
27
|
# define method_name accessor
|
28
|
-
cattr_accessor(:method_name)
|
29
|
-
|
30
|
-
end
|
28
|
+
cattr_accessor(:method_name)
|
29
|
+
self.method_name = :authenticate
|
31
30
|
|
32
31
|
def self.method_type
|
33
32
|
@@method_type ||= :post
|
@@ -82,6 +81,9 @@ module CASServer
|
|
82
81
|
extract_extra_attributes(result) if result
|
83
82
|
!!result
|
84
83
|
rescue ::ActiveResource::ConnectionError => e
|
84
|
+
if e.response.blank? # band-aid for ARes 2.3.x -- craps out if to_s is called without a response
|
85
|
+
e = e.class.to_s
|
86
|
+
end
|
85
87
|
$LOG.warn("Error during authentication: #{e}")
|
86
88
|
false
|
87
89
|
end
|
data/lib/casserver/server.rb
CHANGED
@@ -8,13 +8,19 @@ $LOG ||= Logger.new(STDOUT)
|
|
8
8
|
|
9
9
|
module CASServer
|
10
10
|
class Server < Sinatra::Base
|
11
|
-
|
11
|
+
if ENV['CONFIG_FILE']
|
12
|
+
CONFIG_FILE = ENV['CONFIG_FILE']
|
13
|
+
elsif !(c_file = File.dirname(__FILE__) + "/../../config.yml").nil? && File.exist?(c_file)
|
14
|
+
CONFIG_FILE = c_file
|
15
|
+
else
|
16
|
+
CONFIG_FILE = "/etc/rubycas-server/config.yml"
|
17
|
+
end
|
12
18
|
|
13
19
|
include CASServer::CAS # CAS protocol helpers
|
14
20
|
include Localization
|
15
21
|
|
16
22
|
set :app_file, __FILE__
|
17
|
-
set :
|
23
|
+
set :public_folder, Proc.new { settings.config[:public_dir] || File.join(root, "..", "..", "public") }
|
18
24
|
|
19
25
|
config = HashWithIndifferentAccess.new(
|
20
26
|
:maximum_unused_login_ticket_lifetime => 5.minutes,
|
@@ -32,7 +38,7 @@ module CASServer
|
|
32
38
|
# Strip the config.uri_path from the request.path_info...
|
33
39
|
# FIXME: do we really need to override all of Sinatra's #static! to make this happen?
|
34
40
|
def static!
|
35
|
-
return if (public_dir = settings.
|
41
|
+
return if (public_dir = settings.public_folder).nil?
|
36
42
|
public_dir = File.expand_path(public_dir)
|
37
43
|
|
38
44
|
path = File.expand_path(public_dir + unescape(request.path_info.gsub(/^#{settings.config[:uri_path]}/,'')))
|
@@ -627,6 +633,7 @@ module CASServer
|
|
627
633
|
@service = clean_service_url(params['service'])
|
628
634
|
@ticket = params['ticket']
|
629
635
|
# optional
|
636
|
+
@pgt_url = params['pgtUrl']
|
630
637
|
@renew = params['renew']
|
631
638
|
|
632
639
|
st, @error = validate_service_ticket(@service, @ticket)
|
@@ -742,4 +749,3 @@ module CASServer
|
|
742
749
|
end
|
743
750
|
end
|
744
751
|
end
|
745
|
-
|
data/rubycas-server.gemspec
CHANGED
@@ -1,7 +1,6 @@
|
|
1
|
-
|
2
1
|
$gemspec = Gem::Specification.new do |s|
|
3
2
|
s.name = 'rubycas-server'
|
4
|
-
s.version = '1.0'
|
3
|
+
s.version = '1.0.1'
|
5
4
|
s.authors = ["Matt Zukowski"]
|
6
5
|
s.email = ["matt@zukowski.ca"]
|
7
6
|
s.homepage = 'http://code.google.com/p/rubycas-server/'
|
@@ -11,8 +10,8 @@ $gemspec = Gem::Specification.new do |s|
|
|
11
10
|
|
12
11
|
s.files = [
|
13
12
|
"CHANGELOG", "LICENSE", "README.md", "Rakefile", "setup.rb",
|
14
|
-
"bin/*", "db
|
15
|
-
"tasks/**/*.rake", "vendor/**/*", "script/*", "lib/**/*.erb", "lib/**/*.builder",
|
13
|
+
"bin/*", "db/**/*", "lib/**/*.rb", "public/**/*", "po/**/*", "mo/**/*", "resources/*.*",
|
14
|
+
"config.ru", "config/**/*", "tasks/**/*.rake", "vendor/**/*", "script/*", "lib/**/*.erb", "lib/**/*.builder",
|
16
15
|
"Gemfile", "rubycas-server.gemspec"
|
17
16
|
].map{|p| Dir[p]}.flatten
|
18
17
|
|
@@ -25,17 +24,18 @@ $gemspec = Gem::Specification.new do |s|
|
|
25
24
|
s.extra_rdoc_files = ["CHANGELOG", "LICENSE", "README.md"]
|
26
25
|
|
27
26
|
s.has_rdoc = true
|
28
|
-
s.post_install_message =
|
27
|
+
s.post_install_message = "
|
29
28
|
For more information on RubyCAS-Server, see http://code.google.com/p/rubycas-server
|
30
29
|
|
31
30
|
If you plan on using RubyCAS-Server with languages other than English, please cd into the
|
32
|
-
RubyCAS-Server installation directory (where
|
31
|
+
RubyCAS-Server installation directory (where this gem is installed, for example:
|
32
|
+
'/usr/lib/ruby/gems/1.x/gems/rubycas-server-1.x.x/') and type `rake localization:mo`
|
33
33
|
to build the LOCALE_LC files.
|
34
34
|
|
35
|
-
|
35
|
+
"
|
36
36
|
|
37
|
-
s.add_dependency("activerecord", "
|
38
|
-
s.add_dependency("activesupport", "
|
37
|
+
s.add_dependency("activerecord", ">= 2.3.12", "< 3.1")
|
38
|
+
s.add_dependency("activesupport", ">= 2.3.12", "< 3.1")
|
39
39
|
s.add_dependency("sinatra", "~> 1.0")
|
40
40
|
s.add_dependency("gettext", "~> 2.1.0")
|
41
41
|
s.add_dependency("crypt-isaac", "~> 0.9.1")
|
@@ -48,7 +48,7 @@ to build the LOCALE_LC files.
|
|
48
48
|
|
49
49
|
# for authenticator specs
|
50
50
|
s.add_development_dependency("net-ldap", "~> 0.1.1")
|
51
|
-
s.add_development_dependency("activeresource", "
|
51
|
+
s.add_development_dependency("activeresource", ">= 2.3.12", "< 3.1")
|
52
52
|
|
53
53
|
s.rdoc_options = [
|
54
54
|
'--quiet', '--title', 'RubyCAS-Server Documentation', '--opname',
|
metadata
CHANGED
@@ -1,222 +1,177 @@
|
|
1
|
-
--- !ruby/object:Gem::Specification
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
2
|
name: rubycas-server
|
3
|
-
version: !ruby/object:Gem::Version
|
4
|
-
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 1.0.1
|
5
5
|
prerelease:
|
6
|
-
segments:
|
7
|
-
- 1
|
8
|
-
- 0
|
9
|
-
version: "1.0"
|
10
6
|
platform: ruby
|
11
|
-
authors:
|
7
|
+
authors:
|
12
8
|
- Matt Zukowski
|
13
9
|
autorequire:
|
14
10
|
bindir: bin
|
15
11
|
cert_chain: []
|
16
|
-
|
17
|
-
|
18
|
-
dependencies:
|
19
|
-
- !ruby/object:Gem::Dependency
|
12
|
+
date: 2011-11-22 00:00:00.000000000 -05:00
|
13
|
+
default_executable:
|
14
|
+
dependencies:
|
15
|
+
- !ruby/object:Gem::Dependency
|
20
16
|
name: activerecord
|
21
|
-
|
22
|
-
requirement: &id001 !ruby/object:Gem::Requirement
|
17
|
+
requirement: &79179110 !ruby/object:Gem::Requirement
|
23
18
|
none: false
|
24
|
-
requirements:
|
25
|
-
- -
|
26
|
-
- !ruby/object:Gem::Version
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
- 6
|
32
|
-
version: 2.3.6
|
19
|
+
requirements:
|
20
|
+
- - ! '>='
|
21
|
+
- !ruby/object:Gem::Version
|
22
|
+
version: 2.3.12
|
23
|
+
- - <
|
24
|
+
- !ruby/object:Gem::Version
|
25
|
+
version: '3.1'
|
33
26
|
type: :runtime
|
34
|
-
version_requirements: *id001
|
35
|
-
- !ruby/object:Gem::Dependency
|
36
|
-
name: activesupport
|
37
27
|
prerelease: false
|
38
|
-
|
28
|
+
version_requirements: *79179110
|
29
|
+
- !ruby/object:Gem::Dependency
|
30
|
+
name: activesupport
|
31
|
+
requirement: &79178640 !ruby/object:Gem::Requirement
|
39
32
|
none: false
|
40
|
-
requirements:
|
41
|
-
- -
|
42
|
-
- !ruby/object:Gem::Version
|
43
|
-
|
44
|
-
|
45
|
-
|
46
|
-
|
47
|
-
- 6
|
48
|
-
version: 2.3.6
|
33
|
+
requirements:
|
34
|
+
- - ! '>='
|
35
|
+
- !ruby/object:Gem::Version
|
36
|
+
version: 2.3.12
|
37
|
+
- - <
|
38
|
+
- !ruby/object:Gem::Version
|
39
|
+
version: '3.1'
|
49
40
|
type: :runtime
|
50
|
-
version_requirements: *id002
|
51
|
-
- !ruby/object:Gem::Dependency
|
52
|
-
name: sinatra
|
53
41
|
prerelease: false
|
54
|
-
|
42
|
+
version_requirements: *79178640
|
43
|
+
- !ruby/object:Gem::Dependency
|
44
|
+
name: sinatra
|
45
|
+
requirement: &79178260 !ruby/object:Gem::Requirement
|
55
46
|
none: false
|
56
|
-
requirements:
|
47
|
+
requirements:
|
57
48
|
- - ~>
|
58
|
-
- !ruby/object:Gem::Version
|
59
|
-
|
60
|
-
segments:
|
61
|
-
- 1
|
62
|
-
- 0
|
63
|
-
version: "1.0"
|
49
|
+
- !ruby/object:Gem::Version
|
50
|
+
version: '1.0'
|
64
51
|
type: :runtime
|
65
|
-
version_requirements: *id003
|
66
|
-
- !ruby/object:Gem::Dependency
|
67
|
-
name: gettext
|
68
52
|
prerelease: false
|
69
|
-
|
53
|
+
version_requirements: *79178260
|
54
|
+
- !ruby/object:Gem::Dependency
|
55
|
+
name: gettext
|
56
|
+
requirement: &79178020 !ruby/object:Gem::Requirement
|
70
57
|
none: false
|
71
|
-
requirements:
|
58
|
+
requirements:
|
72
59
|
- - ~>
|
73
|
-
- !ruby/object:Gem::Version
|
74
|
-
hash: 11
|
75
|
-
segments:
|
76
|
-
- 2
|
77
|
-
- 1
|
78
|
-
- 0
|
60
|
+
- !ruby/object:Gem::Version
|
79
61
|
version: 2.1.0
|
80
62
|
type: :runtime
|
81
|
-
version_requirements: *id004
|
82
|
-
- !ruby/object:Gem::Dependency
|
83
|
-
name: crypt-isaac
|
84
63
|
prerelease: false
|
85
|
-
|
64
|
+
version_requirements: *79178020
|
65
|
+
- !ruby/object:Gem::Dependency
|
66
|
+
name: crypt-isaac
|
67
|
+
requirement: &79177770 !ruby/object:Gem::Requirement
|
86
68
|
none: false
|
87
|
-
requirements:
|
69
|
+
requirements:
|
88
70
|
- - ~>
|
89
|
-
- !ruby/object:Gem::Version
|
90
|
-
hash: 57
|
91
|
-
segments:
|
92
|
-
- 0
|
93
|
-
- 9
|
94
|
-
- 1
|
71
|
+
- !ruby/object:Gem::Version
|
95
72
|
version: 0.9.1
|
96
73
|
type: :runtime
|
97
|
-
version_requirements: *id005
|
98
|
-
- !ruby/object:Gem::Dependency
|
99
|
-
name: rack-test
|
100
74
|
prerelease: false
|
101
|
-
|
75
|
+
version_requirements: *79177770
|
76
|
+
- !ruby/object:Gem::Dependency
|
77
|
+
name: rack-test
|
78
|
+
requirement: &79177550 !ruby/object:Gem::Requirement
|
102
79
|
none: false
|
103
|
-
requirements:
|
104
|
-
- -
|
105
|
-
- !ruby/object:Gem::Version
|
106
|
-
|
107
|
-
segments:
|
108
|
-
- 0
|
109
|
-
version: "0"
|
80
|
+
requirements:
|
81
|
+
- - ! '>='
|
82
|
+
- !ruby/object:Gem::Version
|
83
|
+
version: '0'
|
110
84
|
type: :development
|
111
|
-
version_requirements: *id006
|
112
|
-
- !ruby/object:Gem::Dependency
|
113
|
-
name: capybara
|
114
85
|
prerelease: false
|
115
|
-
|
86
|
+
version_requirements: *79177550
|
87
|
+
- !ruby/object:Gem::Dependency
|
88
|
+
name: capybara
|
89
|
+
requirement: &79177260 !ruby/object:Gem::Requirement
|
116
90
|
none: false
|
117
|
-
requirements:
|
118
|
-
- -
|
119
|
-
- !ruby/object:Gem::Version
|
120
|
-
|
121
|
-
segments:
|
122
|
-
- 0
|
123
|
-
version: "0"
|
91
|
+
requirements:
|
92
|
+
- - ! '>='
|
93
|
+
- !ruby/object:Gem::Version
|
94
|
+
version: '0'
|
124
95
|
type: :development
|
125
|
-
version_requirements: *id007
|
126
|
-
- !ruby/object:Gem::Dependency
|
127
|
-
name: rspec
|
128
96
|
prerelease: false
|
129
|
-
|
97
|
+
version_requirements: *79177260
|
98
|
+
- !ruby/object:Gem::Dependency
|
99
|
+
name: rspec
|
100
|
+
requirement: &79177020 !ruby/object:Gem::Requirement
|
130
101
|
none: false
|
131
|
-
requirements:
|
132
|
-
- -
|
133
|
-
- !ruby/object:Gem::Version
|
134
|
-
|
135
|
-
segments:
|
136
|
-
- 0
|
137
|
-
version: "0"
|
102
|
+
requirements:
|
103
|
+
- - ! '>='
|
104
|
+
- !ruby/object:Gem::Version
|
105
|
+
version: '0'
|
138
106
|
type: :development
|
139
|
-
version_requirements: *id008
|
140
|
-
- !ruby/object:Gem::Dependency
|
141
|
-
name: rspec-core
|
142
107
|
prerelease: false
|
143
|
-
|
108
|
+
version_requirements: *79177020
|
109
|
+
- !ruby/object:Gem::Dependency
|
110
|
+
name: rspec-core
|
111
|
+
requirement: &79176750 !ruby/object:Gem::Requirement
|
144
112
|
none: false
|
145
|
-
requirements:
|
146
|
-
- -
|
147
|
-
- !ruby/object:Gem::Version
|
148
|
-
|
149
|
-
segments:
|
150
|
-
- 0
|
151
|
-
version: "0"
|
113
|
+
requirements:
|
114
|
+
- - ! '>='
|
115
|
+
- !ruby/object:Gem::Version
|
116
|
+
version: '0'
|
152
117
|
type: :development
|
153
|
-
version_requirements: *id009
|
154
|
-
- !ruby/object:Gem::Dependency
|
155
|
-
name: sqlite3
|
156
118
|
prerelease: false
|
157
|
-
|
119
|
+
version_requirements: *79176750
|
120
|
+
- !ruby/object:Gem::Dependency
|
121
|
+
name: sqlite3
|
122
|
+
requirement: &79162830 !ruby/object:Gem::Requirement
|
158
123
|
none: false
|
159
|
-
requirements:
|
124
|
+
requirements:
|
160
125
|
- - ~>
|
161
|
-
- !ruby/object:Gem::Version
|
162
|
-
hash: 25
|
163
|
-
segments:
|
164
|
-
- 1
|
165
|
-
- 3
|
166
|
-
- 1
|
126
|
+
- !ruby/object:Gem::Version
|
167
127
|
version: 1.3.1
|
168
128
|
type: :development
|
169
|
-
version_requirements: *id010
|
170
|
-
- !ruby/object:Gem::Dependency
|
171
|
-
name: net-ldap
|
172
129
|
prerelease: false
|
173
|
-
|
130
|
+
version_requirements: *79162830
|
131
|
+
- !ruby/object:Gem::Dependency
|
132
|
+
name: net-ldap
|
133
|
+
requirement: &79162510 !ruby/object:Gem::Requirement
|
174
134
|
none: false
|
175
|
-
requirements:
|
135
|
+
requirements:
|
176
136
|
- - ~>
|
177
|
-
- !ruby/object:Gem::Version
|
178
|
-
hash: 25
|
179
|
-
segments:
|
180
|
-
- 0
|
181
|
-
- 1
|
182
|
-
- 1
|
137
|
+
- !ruby/object:Gem::Version
|
183
138
|
version: 0.1.1
|
184
139
|
type: :development
|
185
|
-
version_requirements: *id011
|
186
|
-
- !ruby/object:Gem::Dependency
|
187
|
-
name: activeresource
|
188
140
|
prerelease: false
|
189
|
-
|
141
|
+
version_requirements: *79162510
|
142
|
+
- !ruby/object:Gem::Dependency
|
143
|
+
name: activeresource
|
144
|
+
requirement: &79162220 !ruby/object:Gem::Requirement
|
190
145
|
none: false
|
191
|
-
requirements:
|
192
|
-
- -
|
193
|
-
- !ruby/object:Gem::Version
|
194
|
-
|
195
|
-
|
196
|
-
|
197
|
-
|
198
|
-
- 6
|
199
|
-
version: 2.3.6
|
146
|
+
requirements:
|
147
|
+
- - ! '>='
|
148
|
+
- !ruby/object:Gem::Version
|
149
|
+
version: 2.3.12
|
150
|
+
- - <
|
151
|
+
- !ruby/object:Gem::Version
|
152
|
+
version: '3.1'
|
200
153
|
type: :development
|
201
|
-
|
202
|
-
|
203
|
-
|
154
|
+
prerelease: false
|
155
|
+
version_requirements: *79162220
|
156
|
+
description: Provides single sign-on authentication for web applications using the
|
157
|
+
CAS protocol.
|
158
|
+
email:
|
204
159
|
- matt@zukowski.ca
|
205
|
-
executables:
|
160
|
+
executables:
|
206
161
|
- rubycas-server
|
207
162
|
extensions: []
|
208
|
-
|
209
|
-
extra_rdoc_files:
|
163
|
+
extra_rdoc_files:
|
210
164
|
- CHANGELOG
|
211
165
|
- LICENSE
|
212
166
|
- README.md
|
213
|
-
files:
|
167
|
+
files:
|
214
168
|
- CHANGELOG
|
215
169
|
- LICENSE
|
216
170
|
- README.md
|
217
171
|
- Rakefile
|
218
172
|
- setup.rb
|
219
173
|
- bin/rubycas-server
|
174
|
+
- db/migrate/001_create_initial_structure.rb
|
220
175
|
- lib/casserver.rb
|
221
176
|
- lib/casserver/localization.rb
|
222
177
|
- lib/casserver/utils.rb
|
@@ -266,6 +221,9 @@ files:
|
|
266
221
|
- po/pl_PL/rubycas-server.po
|
267
222
|
- po/fr_FR/rubycas-server.po
|
268
223
|
- resources/init.d.sh
|
224
|
+
- config.ru
|
225
|
+
- config/unicorn.rb
|
226
|
+
- config/config.example.yml
|
269
227
|
- tasks/spec.rake
|
270
228
|
- tasks/localization.rake
|
271
229
|
- tasks/bundler.rake
|
@@ -288,18 +246,15 @@ files:
|
|
288
246
|
- spec/spec.opts
|
289
247
|
- spec/spec_helper.rb
|
290
248
|
- spec/utils_spec.rb
|
249
|
+
has_rdoc: true
|
291
250
|
homepage: http://code.google.com/p/rubycas-server/
|
292
251
|
licenses: []
|
293
|
-
|
294
|
-
|
295
|
-
|
296
|
-
|
297
|
-
|
298
|
-
|
299
|
-
RubyCAS-Server installation directory (where the gem is installed) and type `rake localization:mo`
|
300
|
-
to build the LOCALE_LC files.
|
301
|
-
|
302
|
-
rdoc_options:
|
252
|
+
post_install_message: ! "\nFor more information on RubyCAS-Server, see http://code.google.com/p/rubycas-server\n\nIf
|
253
|
+
you plan on using RubyCAS-Server with languages other than English, please cd into
|
254
|
+
the\nRubyCAS-Server installation directory (where this gem is installed, for example:
|
255
|
+
\n'/usr/lib/ruby/gems/1.x/gems/rubycas-server-1.x.x/') and type `rake localization:mo`\nto
|
256
|
+
build the LOCALE_LC files.\n\n"
|
257
|
+
rdoc_options:
|
303
258
|
- --quiet
|
304
259
|
- --title
|
305
260
|
- RubyCAS-Server Documentation
|
@@ -309,34 +264,28 @@ rdoc_options:
|
|
309
264
|
- --main
|
310
265
|
- README.md
|
311
266
|
- --inline-source
|
312
|
-
require_paths:
|
267
|
+
require_paths:
|
313
268
|
- lib
|
314
|
-
required_ruby_version: !ruby/object:Gem::Requirement
|
269
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
315
270
|
none: false
|
316
|
-
requirements:
|
317
|
-
- -
|
318
|
-
- !ruby/object:Gem::Version
|
319
|
-
|
320
|
-
|
321
|
-
- 0
|
322
|
-
version: "0"
|
323
|
-
required_rubygems_version: !ruby/object:Gem::Requirement
|
271
|
+
requirements:
|
272
|
+
- - ! '>='
|
273
|
+
- !ruby/object:Gem::Version
|
274
|
+
version: '0'
|
275
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
324
276
|
none: false
|
325
|
-
requirements:
|
326
|
-
- -
|
327
|
-
- !ruby/object:Gem::Version
|
328
|
-
|
329
|
-
segments:
|
330
|
-
- 0
|
331
|
-
version: "0"
|
277
|
+
requirements:
|
278
|
+
- - ! '>='
|
279
|
+
- !ruby/object:Gem::Version
|
280
|
+
version: '0'
|
332
281
|
requirements: []
|
333
|
-
|
334
282
|
rubyforge_project:
|
335
|
-
rubygems_version: 1.
|
283
|
+
rubygems_version: 1.6.2
|
336
284
|
signing_key:
|
337
285
|
specification_version: 3
|
338
|
-
summary: Provides single sign-on authentication for web applications using the CAS
|
339
|
-
|
286
|
+
summary: Provides single sign-on authentication for web applications using the CAS
|
287
|
+
protocol.
|
288
|
+
test_files:
|
340
289
|
- spec/alt_config.yml
|
341
290
|
- spec/authenticators/active_resource_spec.rb
|
342
291
|
- spec/authenticators/ldap_spec.rb
|