need some help understanding what to do next with CAS

Well, normally you wouldn't. The ticket is a one time thing that each application must request. After the cas module validates it, it's of no use anymore, because it's a one time ticket. Once all the apps that you need are casified, then you don't need to do anything special in order for the user to be transfered to the site. We use this at our college, as drupal is the portal system. The main student registration system has been cas integrated and so when the user transfers to that app, that app gets its own tickets and validates, directly from the cas server. The user isn't prompted for login cause they've already been logged into the cas server when they hit our drupal site. Now this behavior is the hormal behavior of most of the CAS client code out there, so if you use one of those to "CAS enable" your third party product, you should be good as gold. If you need more info on this, let me know and I'll try and contact you via a more direct channel.

Dave

Dave,

Are you saying that your users log into one CASified system and then can use Drupal without logging in again? I understand that's how CAS is supposed to work, but unfortunately, this functionality seems to be missing from the Drupal 6 version of the CAS module! As the release notes state:

"Stay tuned for a future release that supports checking to see if a user is logged in via cas, rather than forcing a cas login for a session."

I am starting to regret going with Drupal 6!

-Bill

In the current cas module, if you protect a page by indicating that a cas login is required for a specific path (or all paths except....), and you've already logged into CAS, then you won't be prompted for login. Also if you click on a CAS Login link, and you've already logged into the cas server, you won't be prompted to for your user name and password again, but rather be logged in immediately.

The new functionality proposed (I have some code for it but it needs reworking). Would automatically check to see if a user has been logged in. If they are logged in at the cas server then they'll be logged into the drupal site, but if they aren't then it would leave them as an anonymous user.

I hope that clarifies things.

Thanks. I think something may not be working right in my setup.

I've protected a page by indicating cas login is required for a specific path. I've also indicated that a user must be a certain role to view that path/content type.

I log into my CAS server (using SunGard's Luminis as the CAS server). When I then try to navigate to the Drupal path, I get:

Access denied
You are not authorized to access this page.

**However, I can click on the CAs login link in drupal (block) and I get in without logging in and can view the content.

Again, this is with Drupal 6, and not the version indicated in this issue.

Wow, I just have to say this would be an awesome piece of functionality.

I would love to know when it would be available and if I could help w/ testing, etc.

(I am not an expert on CAS, PHP or Drupal module building . . . but whatever I can do, I will.)

Might like to double check your cache settings and see how this affects the behavior. I'll double check the 6.x version to make sure the require auth for specific pages piece is still working correctly, but it was certainly my impression that it was when I last did the testing.

I'll get back to you on this part.

Dave

Thank you for the help and explaination. I was able to figure out my issues based on your help. I have a link that points to the third-party app after they have been authenticated to Drupal. No need to pass the token in the url...

Thanks,
G