Authenticating via an external cookie

... from some form of single-sign-on service

Use C::A::Credential::Password as your credential class.

Configure the credential with password_type => 'none'.

To authenticate, call $c->authenticate(authcookie => $c->request->cookie('yourAuthCookie'));

SUBCLASS C::A::Store::Null as your realm store, and override the find_user() method with something like:

sub find_user {
    my ( $self, $userinfo, $c ) = @_;
    my $user = validate_authcookie($userinfo->{authcookie});
    # implementation of the above is left as an exercise for the reader
    return (defined $user) ?
       bless {userid =>$user}, 'Catalyst::Authentication::User::Hash' : undef;
}

To check the cookie on each request, you can add an auto method in your Root controller (see Catalyst::Manual::Tutorial::Authentication) to check for the presence of the cookie (and authenticate if necessary), or redirect to the SSO server if the cookie is not present.

my $cookie = $c->request->cookie("yourAuthCookie");
if (defined $cookie) {
   if ($c->user_exists()) {
        if (validate_authcookie($cookie)) eq $c->user->userid) {
            # valid cookie
            return 1;
        }
        else {
            # if we fall through to here, we have omeone else's cookie!
            $c->logout;
        }
    }
    else {
        # carry on if we have a valid cookie
        return 1 if $c->authenticate(authcookie
             => $cookie);
    }
# fall through to here, return 0 to cancel further request handling
my $url = uri_escape($c->request->uri);
$c->response->redirect("http://yourauthserver?url=$url);
return 0;

Et voila.

My tags:
 
Popular tags:
 
Powered by Catalyst
Powered by MojoMojo Hosted by Shadowcat - Managed by Nordaaker