08 April 2012

Integrate Vtiger with CAS

Few months ago, I had a project, where I had to integrate Vtiger with CAS i.e Centralized Authentication Service For more information on CAS, Please refer this link CAS
After long time research, I successfully managed to make it work with Vtiger.

Use following simple steps to integrate it

Download Php - PEAR classClick here
Download CAS module from - Here
Edit file: /vtiger530/modules/Users/Authenticate.php

Replace lines 28-37

global $mod_strings, $default_charset;
$focus = new Users();
// Add in defensive code here.
$focus->column_fields["user_name"] = to_html($_REQUEST['user_name']);
$user_password = vtlib_purify($_REQUEST['user_password']);
$focus->load_user($user_password);

With following Code(change bold items):

global $mod_strings, $default_charset;
require_once('modules/CAS.php');
phpCAS::setDebug();
phpCAS::client(CAS_VERSION_2_0,'CAS_SERVER_IP_HERE',CAS_SERVER_PORT_HERE,
'CAS_SERVER_WEBFOLDER_HERE',FALSE);
phpCAS::setNoCasServerValidation();
phpCAS::forceAuthentication();
$focus = new Users();
$focus->column_fields["user_name"] = phpCAS::getUser();
$user_password = "no_use";
$focus->load_user_cas($user_password);

Edit file: /vtiger530/modules/Users/Users.php
Add this function into class User
function load_user_cas($user_password) {
 $usr_name = $this->column_fields["user_name"];
 if(isset($_SESSION['loginattempts'])){
  $_SESSION['loginattempts'] += 1;
 } else{
  $_SESSION['loginattempts'] = 1;
 }
if($_SESSION['loginattempts'] > 5){
   $this->log->warn("security: " . $usr_name . " has attempted to login ".
$_SESSION['loginattempts'] . " times.");
   }
   $this->log->debug("starting user load for $usr_name");
   $validation = 0;
   unset($_SESSION['validation']);
   if( !isset($this->column_fields["user_name"]) || $this->column_fields["user_name"] 
== "" || !isset($user_password) || $user_password == "") return null;
   if($this->validation_check('aw5jbhvkzs9pbwfnzxmvc3vnyxjzywxlc19tzc5nawy=',
'1a44d4ab8f2d
6e15e0ff6ac1c2c87e6f', '866bba5ae0a15180e8613d33b0acc6bd') == -1)
$validation = -1;
  if($this->validation_check('aw5jbhvkzs9pbwfnzxmvcg93zxjlzf9iev9zdwdhcmnybs5nawy=' 
,'3d49c9768de467925daabf242fe93cce') == -1)
                $validation = -1;
   if($this->authorization_check('aw5kzxgucghw' ,
'peegahjlzj0nahr0cdovl3d3dy5zdwdhcmnybs5jb20nihrhcmdldd0nx2jsyw5rjz48aw
1nigjvcmrlcj0nmccgc3jjpsdpbmnsdwrll2ltywdlcy9wb3dlcmvkx2j5x3n1z2fyy
3jtlmdpzicgywx0psdqb3dlcmvkiej5ifn1z2fyq1jnjz48l2e+', 1)
 == -1)
                $validation = -1;
   $encrypted_password = $this->encrypt_password($user_password);
   $authcheck = true;

   if(!$authcheck){
                $this->log->warn("user authentication for $usr_name failed");
                return null;
   }
   $query = "select * from $this->table_name where user_name='$usr_name'";

   $result = $this->db->requiresingleresult($query, false);

   $row = $this->db->fetchbyassoc($result);
   echo $this->id = $row['id'];
   $user_hash = strtolower(md5($user_password));

   // if there is no user_hash is not present or is out of date, then create a new one.
   if(!isset($row['user_hash']) || $row['user_hash'] != $user_hash){
                $query = "update $this->table_name set user_hash='$user_hash' where id='{$row['id']}'";
                $this->db->query($query, true, "error setting new hash for {$row['user_name']}: ");
   }
   $this->loadpreferencesfromdb($row['user_preferences']);
   if ($row['status'] != "inactive")
                $this->authenticated = true;
   unset($_SESSION['loginattempts']);
   return $this;
  }

Till this step, You will be able to able to authenticate your self in CAS, Now we need to validate ticket received from CAS server and prepare session of CAS in order to authenticate user for accessing application
For this add following line of code , inside index.php in root folder

If(isset($_GET[‘ticket’]) && $_GET[‘ticket’] != ‘’ && !
isset($_SESSION[‘phpCAS’])){
  include_once(‘modules/Users/Authenticate.php’);
}


Now we will be able to validate our ticket from CAS server and prepare sessions in order to authenticate in Vtiger.

Changes for Logout from CAS from Vitger
Edit :- Logout.php

Added Following Line of Code to enable logout from CAS session in vtiger

require_once('modules/CAS.php');
phpCAS::client(CAS_VERSION_2_0,'CAS Server',8443,
'cas-web',FALSE);
phpCAS::logoutWithRedirectService('Your Site Name');


I hope these steps will help you in your Projects
If still have any doubts , feel free to put your doubts here