[squid-users] Squid CAS integration

[Amos Jeffries]

On 6/09/19 7:50 pm, Dario Basset wrote:
> My institution has been asked to integrate Squid and CAS. We want to
> integrate Squid and CAS in its simplest way, that is:

Details about this CAS ?
 Does it have a specific name?
  "CAS" is like saying "proxy" - it is a type.

 What type(s) of authentication is it doing?
 What APIs does it provide for checking credentials validity?
 What APIs does it provide for initial user login?

Note that all of those 'What ...' questions are plural. Authenticators
tend to have multiple APIs for each activity.


> 1) redirect the navigation to the CAS site,
> 2) let the user input login/password,
> 3) then, after successfull login, check with PHP all nnecessary
> permissions,

FWIW: my advice is to avoid PHP for Squid helpers. That language has
problems keeping helpers running long-term.
 <https://wiki.squid-cache.org/Features/AddonHelpers#What_language_are_helper_meant_to_be_written_in.3F>



> 4) proceed with Squid Proxy.
> 
> I can't understand how to code Squid configuration and PHP helpers.
> I have seen here
> http://squid-web-proxy-cache.1019090.n4.nabble.com/Need-help-for-ACL-Authentication-web-Form-Cookies-td4555576.html
> 
> But I cannot understand how to make it work. Can you please show me a
> link to simple example?

All the helpers called "fake" are examples of how to write helpers for
their Squid helper interface. Which is essentially the same these days
with a (somewhat) unified protocol they all speak.


> Or tell me where are samples sources with PHP
> helpers and SQUID configuration in order ro have the full example working?
> 

Not without the details asked for above. The conversation you found
David and I are mentioning BerkleyDB and SQL helpers. Those are the
"CAS" we use. The squid.conf part is essentially what you see in that
thread.

You will need a helper to access whatever the CAS database is (via any
API it provides for that access).


Amos