Casrack the Authenticator is a Rack middleware that provides CAS support.

As of the current version, Casrack the Authenticator only supports the most basic of CAS scenarios: it requires CAS authentication if it receives a 401 Unauthorized response from lower-down in the Rack stack, and it stores the authentication token in the session (so logout happens when users close their browers). Casrack the Authenticator is a very open-minded beast, though, so please contribute (well-tested) additions to do proxy-authentication and single-sign-out, or for anything else you desire.

How-To

1: install

[sudo] gem install casrack_the_authenticator

2: set up the middleware:

# in your rackup:
use CasrackTheAuthenticator::Simple, :cas_server => "http://cas.mycompany.com/cas"
# or "config.middleware.use" if you're on Rails

See CasrackTheAuthenticator::Configuration for specifics on that Hash argument.

3: optionally install CasrackTheAuthenticator::RequireCAS if you want every request to require CAS authentication:

# in your rackup:
use CasrackTheAuthenticator::Simple, :cas_server => ...
use CasrackTheAuthenticator::RequireCAS
# or "config.middleware.use" if you're on Rails

4: pull the authenticated CAS username out of the Rack session:

# in a Rack app:
def call(env)
  user = cas_user(env)
  ...
end

def cas_user(env)
  username = Rack::Request.new(env).session[CasrackTheAuthenticator::USERNAME_PARAM]
  User.find_by_username(username)
end

# or, in a Rails controller:

def cas_user
  username = Rack::Request.new(request.env).session[CasrackTheAuthenticator::USERNAME_PARAM]
  User.find_by_username(username)
end