Single Sign On (SSO) CAS

CAS merupakan Single Sign On (SSO) untuk kepentingan otentikasi dan otorisasi yang bersifat open source. Di dalam CAS ini juga terdapat fitur Multi-factor Authentication, Trusted Device, Geo Tracking, IP Intelligence, Password Management, reCAPTCHA dan fitur lainnya.

Single Sign On CAS

Single Sign On (SSO) CAS

— Single Sign On (SSO) CAS

https://bptsi.unisayogya.ac.id/single-sign-on-sso-cas/ 2023-11-01 21:05:05

CAS Melakukan Otentikasi Melalui API

Sisi CAS

Otentikasi REST diaktifkan dengan menambahkan salah satu dari depensi:

<dependency>
    <groupId>org.apereo.cas</groupId>
    <artifactId>cas-server-support-rest-authentication</artifactId>
    <version>${cas.version}</version>
</dependency>

implementation "org.apereo.cas:cas-server-support-rest-authentication:${project.'cas.version'}"

dependencyManagement {
    imports {
        mavenBom "org.apereo.cas:cas-server-support-bom:${project.'cas.version'}"
    }
}

dependencies {
    implementation "org.apereo.cas:cas-server-support-rest-authentication"
}

dependencies {
    /*
    The following platform references should be included automatically and are listed here for reference only.
            
    implementation enforcedPlatform("org.apereo.cas:cas-server-support-bom:${project.'cas.version'}")
    implementation platform(org.springframework.boot.gradle.plugin.SpringBootPlugin.BOM_COORDINATES)
    */

    implementation "org.apereo.cas:cas-server-support-rest-authentication"
}

Konfigurasi koneksi berupa:

cas.authn.rest.uri=https://<source rest api uri>
cas.authn.rest.passwordEncoder.type=NONE

Kredensial akan dikirimkan oleh CAS melalui header Authorization yang bernilai Basic XYZ, di mana XYZ merupakan versi Base64 dari kredensial seperti di bawah ini:

#format: 'Authorization: Basic ' + base64_encode(<userName> + ':' + <password>)
#contoh header:
#user: test
#pass: sample
#header plain : Authorization: Basic test:sample
#header base64: Authorization: Basic dGVzdDpzYW1wbGU=

Kode respon yang dapat diterima oleh CAS:

Bodi respon dapat berupa:

{
  "@class": "org.apereo.cas.authentication.principal.SimplePrincipal",
  "id": "casuser",
  "attributes": {
    "@class": "java.util.LinkedHashMap",
    "names": [
      "java.util.List", ["cas", "user"]
    ]
  }
}

Sisi Server API Otentikasi

Contoh kode pada server API:

<?php
define('SuccessfulAuthentication', 200);
define('AccountDisabledException', 403);
define('AccountNotFoundException', 404);
define('AccountLockedException', 423);
define('AccountExpiredException', 412);
define('AccountPasswordMustChangeException', 428);
define('FailedLoginException', 430);

$code    = FailedLoginException;
$headers = apache_request_headers();
if (isset($headers['Authorization'])) {
  $token      = explode(' ', $headers['Authorization']);
  if (sizeof($token) == 2) {
    $credential = explode(':', base64_decode($token[1]));
    if (sizeof($credential) == 2) {
      $user = $credential[0];
      $pass = $credential[1];
      // ... proses otentikasi
      // alternatif error jika otentikasi gagal
      // ... $code = AccountDisabledException;
      // ... $code = AccountNotFoundException;
      // ... $code = AccountLockedException;
      // ... $code = AccountExpiredException;
      // ... $code = AccountPasswordMustChangeException;
      // jika otentikasi berhasil
      // ... $code = SuccessfulAuthentication;
    }
  }
}

header('Content-Type: application/json; charset=utf-8');
http_response_code($code);

$body = (object) [ '@class'     => 'org.apereo.cas.authentication.principal.SimplePrincipal',
                  'id'         => 'casuser',
                  'attributes' => (object) [ '@class' => 'java.util.LinkedHashMap' ]
                ];
$body->attributes->names = ['java.util.List', ['cas', 'user']];
echo json_encode($body);

Demikian, semoga bermanfaat. [bst]

Sumber:

• https://apereo.github.io/cas/6.6.x/authentication/Rest-Authentication.html