Posts Tagged ‘Devise’

Single Sign-On In Rails Application

Single sign-on (SSO) is a property of access control of multiple related, but independent software systems. With this property a user logs in once and gains access to all systems without being prompted to log in again at each of them. Such as we once log in to google, we are permitted to access the Youtube, Docs, Google Drive etc. dnd1999110501 We may think about sharing the session cookies among the all domains but its generally not a good idea. One can steal cookies to sign in from other system or browser. Single SignOn Helps us in getting around this problem and implement a much robust system. How do we implement Single Sign-On in Rails App? We will try to get our hand around on how to build a prototype around a rails app to implement single sign-on. We will be looking a sample rails application powered by CASino gem Why we are using CASino ?
  1. Distributed under MIT LIcense
  2. Active Development since
  3. External authentication sources (LDAP, SQL)
  4. Two-factor authentication
  5. Session-overview for logged-in users
  6. Full localization support
  7. REST-API
So what is CASino exactly? CASino is a simple Single sign-on server application. It supports the CAS protocol and can therefore be used in combination with almost every web programming language out there. CAS is an authentication system originally created by Yale University to provide a trusted way for an application to authenticate a user. CAS centralizes authentication: It allows all your applications to ask users to login to a single sign-on server The implementation. Here we have two apps client and server. We assume that the app is using devise for the demonstration purposes. The Logic can easily be extended to other authentication methods though. The app is as simple as configuring a few variables in the CASino gem.
  1. user request to client domain .
  2. it redirects to the server if not authorised.
  3. Start with adding the gems client app
  4. redirects to back url to whichever client request url is
Step #1 Implementing the client application. Gemfile # If You face some compatability issues then use ruby 2.1

gem 'devise_cas_authenticatable', git: '<a href="https://github.com/jpamaya/devise_cas_authenticatable">https://github.com/jpamaya/devise_cas_authenticatable</a>'

routes.rb

devise_for :users, skip: [:sessions], controllers: { cas_sessions: 'sso_cas' }

devise_scope :user do

get "sign_in", to: "devise/cas_sessions#new"

delete "sign_out", to: "devise/cas_sessions#destroy"

end

devise.rb # ==> Configuration for SSO server authentication

config.cas_base_url = "http://localhost:4000/"

config.cas_create_user = false

config.cas_destination_logout_param_name = 'service'

config.cas_enable_single_sign_out = true

User.rb

devise :cas_authenticatable

Now run client application on localhost:3000 and begin with typing users/sign_in Since we overwrote devise’s sign in mechanism, so instead of presenting devise’s normal sign in page, we are redirected to localhost:4000 which is the backend app to authenticate the users. Lets prepare the backend app to authenticate the users.  Step #2 Start with implementing code in server app limitation use ruby ruby “2.1.5” and rails “3.2.11” check rails -v ‘~>(‘ 3.2.11’). for server app Gemfile #It users these db to store sessions and some tokens. casino will take care all about these

gem 'sqlite3'   # for sqlite support

gem 'mysql2'    # for mysql support

gem 'pg'        # for postgresql support

gem 'casino'

Run bundle install and rails g casino:install The CAS configuration is stored under config/cas.yml. This is where you configure how your SSO handles logins. An example configuration can be found in the file config/cas.yml.example provide the valid db credentials and run the migrations. Run this app on localhost:4000 , Just follow the old steps
  1. Goto localhost:3000/users/sign_in
  2. You will redirected to localhost:4000 enter credentials click sign in
  3. You will be redirected back on successful login
In the links below you can find some ready made examples for you to clone these  apps and have better understanding of SSO.
Server exampleruby “2.1.5”git clone https://github.com/codescrum/casino-sso-server-example.gitRails 4 client examplegit clone https://github.com/codescrum/casino-sso-client-rails4-example.gitRails 3 client example git clone https://github.com/codescrum/casino-sso-client-rails3-example.git
Let us know in comments if you face any troubles in the implementation !! PS: Single Sign-out has been left as a thought for another day and we will discuss that in a follow up blog.