[idea] use passportjs as auth plugin

[sbechet]

It can be interesting to create a passportjs auth plugin for cas-server.

[jsumners]

I agree. In fact, I started writing one a few months ago. But I need to figure out a proper API for supporting alternate authentication mechanisms. My idea is that plugins will get an instance of https://github.com/jscas/cas-server/blob/master/lib/casInterface.js so that they can fully handle everything that is necessary (generate tickets, create user sessions, etc). I just haven't had time to solidify that idea and implement it.

Do you have any ideas?

[sbechet]

Hello James,

I tried my own implementation here with the following constraints:

1. Use loopback framework to implement logic account (acl, role...)
2. Same for Applications access
3. Full share between loopback accessToken and TGT so we can use all framwork logic: CAS is a protocol among others
4. Full separation between Visual Parts and CAS part.

Now we can use passport.js using loopback-component-passport

I implemented SAML 1.1 you can recover the necessary for your own implementation (templates here and here).

Thank you for your work.

[jsumners]

Awesome. SAML support is definitely something JSCAS is missing. I sort of have a need for it, but haven't been able to determine how to make it work as I need. Your example will certainly be a great help.