Skip to end of metadata
Go to start of metadata
Table of Contents

How to integrate CAS in symfony 1.X

To secure a symfony application, there are two possibilities.

  1. You want to secure only somes pages, or even to be able to acces the same page been authenticated or not.
  2. You want to completely secure the access, and refuse anybody that are not logged in.

According to your needs, just follow the appropriate howto: 

1. Partially secure an application

To partially secure an application, just use the symfony plugin sfCASPlugin. Downloadable here: http://www.symfony-project.org/plugins/sfCasPlugin

2. Completely secure an application

To CASify a Symfonyapplication, first install phpCAS.  Then, in your application's lib folder, create sfCASRequiredFilter.class.php with this:





 Then in your app's config/filters.yml we need to add and configure this CAS filter.  In filters.yml before the 'security' filter, add the following (using the appropriate params for the CAS server you authenticate to):

 In config/security.yml we enter the following

 In config/settings.yml make sure that use_security is not set to off.  The default is on, which is good.

Finally, the secureSuccess.php template is used when authorization is not given (the user authenticates, but is not in our list of users).  However the symfony packaged secureSuccess.php says login required, instead of permissions required (which doesn't make sense.. it seems like they got secureSuccess.php and loginSuccess.php reversed).  Anyway, you'll want to customize secureSuccess.php so that when unauthorized users reach it they see your logo not symfony's logo.  To do that, go to your app's modules/ folder.  Create a default/ folder if one doesn't exist, and within that a templates/ folder.  Then create a secureSuccess.php in it.  You can use $PEAR_HOME/data/symfony/modules/default/templates/loginSuccess.php as a base if you want.

To access a user name in your code:

  • No labels