Trying to implement authentication using CAS

I'm trying to implement a scheme of split authentication vs authorization. I want my Phalcon app to handle authorization but hand off authentication to https://github.com/Jasig/phpCAS

I've never done anything with authentication in Phalcon before and just want to get an idea of where to start. I am using the directory structure generated by phalcon-devtools. I assume I have to create an app/plugins/Security.php and then load it into app/config/services.php ? How do I redirect anyone without a valid session to the login controller? Thanks!

Redirecting someone to the login controller if they don't have a session is the responsibility for authorization, not authentication. If you've done authorization before, you should have a handle on how to redirect someone.

As far as authentication goes, Phalcon doesn't really have anything built-in for authentication because it can be so varied. It's hard to tell you the best way to handle phpCAS without me digging into it, but likely what I'd do is build a Phalcon component wrapper around the library. You could then either include it as a service in your DI or - if you've already set up auto-loading for your components, just create a new instance of the component when needed in your login controller.



14.3k

I am a phalcon noob, I have not implemented either one yet. I have extensive experience using phpCAS in vanilla PHP applications, so that's not an issue. My question was just generally how to implement an auth scheme involving an external authentication. Basically what I want to do is this:

Keep track of the list of users (based on CAS single sign-on ID) who are allowed to access my application, but hand off password authentication to CAS, so if the user doesn't authenticate they never end up back in Phalcon but if they do, I have a user ID from CAS and know they successfully logged in.

I guess the easiest way to ask my question is "how do I create a basic authentication system in Phalcon" since the CAS part shouldn't be too hard. I looked at the vokuro one and it a) deviates from the phalcon-devtools structure too much for me to really reuse it and b) uses ACL's which I don't really need and seem way too complex.