The file lib/casserver/views/layout.erb has the login layout html. This is based on the main site, but it is modified, so must be maintained separately.
The public/ folder has image and css assets brought off the main site. These are simply downloaded from the production site and renamed - to do this, load the join.bebraven.org site in your browser, view source and find the link rel=styleshet near the top. Download that file and save it in here as public/beyondz.css. They do NOT need to be maintained separately at this time. Currently required are the logo, favicon, and stylesheet.
The file lib/beyondz.rb holds our authenticator. It uses a cooperative check_credentials http api on the public site to check against the main database. It is configured via config.yml for server (string), port (integer), ssl (boolean), and allow_self_signed (boolean) to know where to connect. The default ssl options is production-ready - it will verify certificates and use SSL. For development purposes, you may turn these options off with ssl: false.
The end user should always go to the service they want to use (portal.bebraven.org for example). The service then redirects them to the single sign on server, with a service parameter telling it to redirect them back once login is complete.
user goes to canvas -> canvas sends them to sso -> sso sends back to canvas
On the backend, the SSO server talks to the public site server and the service (canvas) server talks to the SSO server to validate login tickets. This should be SSL secured in production so the sso and canvas servers both need working client certificates, and the sso and public site servers need to be running https.
The user master record is stored on the public site. User records also need to exist on the service - so a bz.org and canvas user need to exist with the same email address for the login to succeed end to end.
Portions contributed by Matt Zukowski are copyright (c) 2011 Urbacon Ltd. Other portions are copyright of their respective authors.
Example with mysql database:
git clone git://github.com/rubycas/rubycas-server.gitcd rubycas-servercp config/config.example.yml config.yml- Customize your server by modifying the
config.ymlfile. It is well commented but make sure that you take care of the following:- Change the database driver to
mysql2 - Configure at least one authenticator
- You might want to change
log.fileto something local, so that you don't need root. For example justcasserver.log - You might also want to disable SSL for now by commenting out the
ssl_certline and changing the port to something like8888
- Change the database driver to
- Create the database (i.e.
mysqladmin -u root create casserveror whatever you have inconfig.yml) - Modify the existing Gemfile by adding drivers for your database server. For example, if you configured
mysql2in config.yml, add this to the Gemfile:gem "mysql2" - Run
bundle install bundle exec rubycas-server -c config.yml
Your RubyCAS-Server should now be running. Once you've confirmed that everything looks good, try switching to a Passenger deployment. You should be able to point Apache (or whatever) to the rubycas-server/public directory, and everything should just work.
Some more info is available at the RubyCAS-Server Wiki.
If you have questions, try the RubyCAS Google Group or #rubycas on freenode.
RubyCAS-Server is licensed for use under the terms of the MIT License. See the LICENSE file bundled with the official RubyCAS-Server distribution for details.
to run this on docker need to expose below variables as env variabels
DATABASE_NAME
DATABASE_USER
DATABASE_PASSWORD
DATABASE_URL
default values are set in docker-compose.yml file
docker-compose/scripts/run.sh script will pass those variables in to the yaml app config file
to start in local
docker-compose up -d
application will be availabe on http://localhost:3002
to change application config update docker-compose/config/config.yml with config you need and
docker-compose down -v
docker-compose up -d