Skip to end of metadata
Go to start of metadata
Table of Contents

The aim of the CASBar is to provide a toolbar to enable better integration of the Firefox 2 browser with a CAS server instance and associate CASified web applications.

Preparation

Important! This toolbar is early test code and therefore has the potential to mess up your existing Firefox browser settings. I would strongly advise that if you want to try it out then install it into a standalone instance of Portable Firefox.

The toolbar is currently hardcoded to look for a CAS server at https://localhost:8443/cas.  This will be changed in a future release.

The full source of the toolbar and ant build file is located in JA-SIG subversion.  To build the toolbar, checkout the source code:

svn co https://developer.ja-sig.org/svn/cas-clients/casbar/trunk/

and then run ant.  Firefox extensions have the XPI extension and to install them you just need to unzip the file somewhere, locate the relevant XPI file and load it into the browser.

Some screenshots of the Toolbar in action


Before CAS login


Once CAS login is pressed you will be redirected to the CAS login screen


Once logged in you should see the user details and a CAS Logout button

How it works

The toolbar relies on browser cookies being enabled.

The key to this toolbar is that it implements the XPCOM nsIObserver and listens for the creation and deletion of the CAS ticket grant cookie (CASTGC). When the CASTGC is created the user is logged in and when it is deleted the user has logged out.

For reasons that I have not quite worked out the plugin only seems to work when CAS is accessed over HTTPS.

I have only recently started writing toolbars so unfortunately the CAS server settings etc are currently hard coded in the JavaScript (this could be a user definable preference). The toolbar code is a bit messy and needs to be properly organized into classes and should also contain a lot more exception handling and error checking than it does currently.

Since as a toolbar the code has all the security privileges that the browser has, once a user has logged into CAS the toolbar can obtain the value of the CAS ticket granting cookies and use this (with a dummy service name) to obtain the logged in user details.

Obviously, in the current state the CAS login/logout toolbar is not particularly useful. This toolbar could easily be extended to dynamically add toolbar buttons for CAS aware services once the user has logged in. Potentially the toolbar could act like a CAS proxy and display things like recent email messages from CAS enabled IMAP servers and the like.

I am keen to get feedback if you find this useful and if you happen to have written something similar for IE then I would be very interested indeed.


Mark McLaren

  • No labels