I just finished creating a demo install of a suite of Single Sign On capabale Rails apps for a customer. We decided to go with CAS for the authentication management, largely because it is OSS but also because install is just dead easy (copy cas.war into the /webapps folder under Tomcat, restart Tomcat).
Likewise, installing the Ruby client for CAS was just as easy: ` >sudo gem install rubycas-client `. Once that was taken care of, I just had to configure the individual Rails apps to use CAS for authentication. According to the docs for the client, you just have to add some metadata to `environment.rb` that tells CAS where to go for authentication, and a filter to `application.rb` to launch the process. I found that there were a couple of really important things missing from the instructions, especially if you want to test locally.
- You have to include the following line in the environment file to get the CAS username to show up in
request.username: `CAS::Filter.wrap_request = true`.
- Don't use `CAS::Filter.cas_base_url = "your_CAS_url"` unless you already have SSL set up and working. If you are trying to test against an non-SSL setup, it won't work becase CAS will automatically assume SSL for the validation step. Instead, use: `CAS::Filter.login_url = "your_CAS_login_url"` and `CAS::Filter.validate_url = "your_CAS_validation_url"`.
- Always supply the `CAS::Filter.server_name = "your_domain:your_port"` declaration. Without this, it kept using the app's domain but stripping the port on the redirect after authentication, thus leaving me with a 404 error after successful login.
That's not a lot of gotchas for such a great piece of functionality. I'll post more details as we roll the implementation forward and if we see any other issues, but for now, we're very please with how easy it is to get CAS set up and working with our multiple Rails apps. Go Yale!