search

compdemocracy / polis

:milky_way: Open Source AI for large scale open ended feedback
https://pol.is
GNU Affero General Public License v3.0
739 stars 172 forks source link

CAS Authentication? #638

Open edsu opened 3 years ago

edsu commented 3 years ago

This question might be wrongheaded as I am brand new to Polis. A group of students at my university is considering bringing up an instance of Polis to help in student governance. The university provide a Central Authentication Service (CAS) service for single sign on. We were wondering if it was possible to have Polis use CAS for logging in? Has anyone tried anything like that before?

metasoarous commented 3 years ago

Hi @edsu. Thanks for posting this issue! Great to hear that your school is looking to do this.

We have been talking about setting up OpenAuth configuration for Polis. Would your CAS work with OpenAuth? If so that would seem to be the most straightforward path there.

Thanks again!

patcon commented 3 years ago

Maybe relevant? Though maybe very CAS-server-specific https://apereo.github.io/cas/5.1.x/protocol/OAuth-Protocol.html

Also, hi @edsu 👋

edsu commented 3 years ago

Thanks for these suggestions! I'm going to inquire if our CAS service (Shibboleth IdP v3.3.1) supports OAuth. But it looks like the answer at the moment is no if this is correct:

https://wiki.shibboleth.net/confluence/display/DEV/Supported+Protocols

patcon commented 3 years ago

If you look up "xid" in knowledge base, there should general context on how to create a generalized wrapper around polis embeds, which could use any login system one cares to write code for.

patcon commented 3 years ago

If it does support oauth, this is a project I've followed for awhile: Lightweight proxy to sit in front of random simple pages: https://github.com/bitly/oauth2_proxy (current activity is now in forks, explained in readme)

Perhaps worth someone rigging up a generalized example and upstreaming it into https://github.com/pol-is/polis-examples :)

patcon commented 3 years ago

Related: https://github.com/compdemocracy/polis-examples/issues/2#issuecomment-907884261

tl;dr - not a fully integrated solution, but as a workaround, added example of how to use any arbitrary auth provider for gating polis convo access (via Auth0 SaaS provider) by using a simple HTML website functioning as a wrapper app around a polis embed :)

According to this support doc from auth0, CAS (assuming it's using SAML) might be supported through this Auth0 approach to authentication: https://community.auth0.com/t/how-to-connect-to-cas-identity-provider/6247 (I have no experience and can't offer any support except a link... sorry!)

MauiJerry commented 8 months ago

There is no such repository as 'polis-examples' as of Dec 2023.