I realized from a previous question that I had been asking the wrong question...I would like to turn my application into a CAS server so that admins of the application may use this same authentication mechanism to log into other applications that we develop for the organization.
Have you done this before? Is there a plugin which adds the ability to Devise to be able to act as a CAS server? What do I need to change/add in order to turn the app into a CAS server?
Check this similar question, that explains rails 4 issues with devise_cas_authenticatable gem.
For the Server, you may use CASino for the server, it looks very clean. Check its installation guide.
OR
An Alternative solution, if both apps are on the same domain and they share the same database, you can simply modify the session cookie to be universal for all subdomains on your specified domain.
Related
We have a monolithic Rails 3 (Ruby 1.9) server that does everything for us, including Devise session authentication.
We have recently decided to introduce a new Rails 5 server (built from scratch) which will serve as an API server and slowly replace existing capabilities in the old server.
Our problem is that session authentication happens against the old rails server and we want to include session authentication in the new Rails 5 server.
Does anyone have experience or suggestions on how to use new rails servers authenticate sessions against an existing rails server which has session information?
Needless to say, my main focus is on Front End development - server side authentication is not my forte.
You can have multiple Rails applications that share the same database and that use Device to authenticate users. But you need to ensure the same input / algorithm is used when encrypting passwords.
For Devise this has been BCrypt by default for quite some time, you also need to ensure that the config.stretches setting matches for both apps. The implementation has changed a bit over the years through and your milage may vary.
The key concept here is that you´re not authenticating against an application - you're authenticating that the result of encrypting the password provided by the user matches the digest in the database.
But you should also start by recognising that the apps might not have the same authentication requirements at all. Most API's (at least good ones) use token based authentication which is stateless.
One major issue with session based authentication is that cookies normally work on a single domain or subdomains and they are normally disabled by browser if they work cross-domain (3rd party cookies) which means that your will have issues if your api and the legacy app are not on the same subdomain. Cookies are also a feature only available in browsers while token based authentication works in any kind of client.
And while you could have your new application query the legacy application over HTTP tinkering with this might actually be a a waste of time since the new application will need its own authentication solution anyways.
There are multiple gems that provide token based authentication for Devise.
I'm current designing a Rails application that uses a form for user login, then persists session information in a cookie. However, I plan on a bulk of the interaction with the Rails application to be via a mobile app instead of a web browser.
What is the best way to accomplish user auth? I suppose I could save a cookie with my app. Or perhaps authenticate with every request. Perhaps there's a gem for this?
Check out the Devise gem.
It's REALLY good, supported by people that really know about Rails, and I guess I could say it's become the "industry standard" for these matters.
Devise on GitHub
I have been trying to figure out how to integrate a node.js app into a rails app and having them share sessions. I've so far only been able to dig up sharing sessions between sinatra and ruby on rails via rack middleware. Is it possible to to do this?
I thought of a workaround involving the ror implementing a rest service that "poops" out a guid that node.js can use to create its own session. This solution however requires having model validations ad such stored in two seperate apps.
just wondering if there was a way to integrate them.
and while using a js based webframework like geddy or express is cool, I have alot of existing rails code and 3rd party libraries such as active merchant that I would have to reinvent.
how about using something like memcached to share a validation mechanism, for example set a session in rails and for every message to the nodeJs server a token is given, nodeJs checks on memcached if the token exists and grants or denies based on that. You would of course add the record on memcached from the rails app
Isn't that the same as sharing authentication between two different domains like openid, facebook connect, twitter sign-in.
from rails site do an openid like redirect to node.js with the authentication information encrypted inside the url and vica versa?
I am wondering if it is not possible to use Custom OAuth Provider Strategy from connect-auth and vica versa because connect-auth is "Authentication middleware for connect". I haven't figured the complete details out, but this might be an option?
Im trying to allow users to login to a website by verifying if they are registered users of a sister website. Im not really sure what is the best way to implement this. The website which is referred to uses authlogic authentication, so would it be wise to have a REST method that the new website calls to obtain a session token of some sort.
Thanks in advance.
Do you want to check credentials only or sync sessions too? --i.e., if I'm logged in website A, I'm also logged in website B. If it's the second case, you need some sort of single-sign-on solution. CAS seems to be a protocol with solid Ruby implentations (see Ruby CAS Server and Ruby CAS client. Keep in mind that you'd have to rewrite both apps if you decide to go this way.
If the database is setup to accept external connections, you can access the user info directly that way.
I'm building some applications using rails.
All apps using restful auth plugin for User base and declarative authorization plugin for authorization rules.
But I need to merge all site's User accounts to one User base for providing login for all sites.
I.e like 37signals working on. Here is their work ;
http://37signals.com/accounts
How can I archieve this, any suggestions are welcome.
Thanks
A.Karr
From studying how 37signals was doing stuff - I think they're using RubyCAS http://github.com/gunark/rubycas-server
It's perfect for single sign-on, single sign-off and other related stuff - when you have multiple independent applications. Also, because CAS is a generic protocol, it exists for non-ruby/rails applications too. SO you can integrate legacy systems or client applications in Java etc.
I started building a set of how-tos on the subject here:
http://rubyglasses.blogspot.com/2009/12/rails-single-sign-on-with-rubycas.html
Have you thought about using open id?
If all your apps run on the same domain you shouldn't have any problems accessing the authentication cookie in all the apps, but you'll need to store the authentication state somewhere where all the applications can access it.