NAME
    Lemonldap::Handlers::CAS - Perl extension for Lemonldap webSSO

SYNOPSIS
      use Lemonldap::Handlers::Validate   ### Validate service ticket 
      use Lemonldap::Handlers::LoginCASFake  ###  Fake login : user must be egal to password (like CAS server demo) 
      use Lemonldap::Handlers::LogoutCAS ### logout SSO
  
DESCRIPTION
      Lemonldap is a  Reverse-proxy webSSO  and CAS (Central Authentification Service) is an another websso from Yales university .
      CAS acts like Authentification service NOT for authorization service .
  
      These modules give the capacity at a lemonldap to become CAS server.
      So ,  an user will be  authenticate on CAS server AND on lemonldap.
      Then the service ticket is send to serviceValidate the lemonldap can retrieve  all session for user and process to authorization like a lemonldap .
  
Compatibility with CAS protocol.
    Lemonldap manages those parameters :

    service
    renew
    gateway

INSTALLATION
     You must have an lemonldap websso installed (see doc on lemonldap.objectweb.org)  

     Configures your Apache like this :   
   
      <virtualhost 192.168.204.100>
      servername authen.demo.net
      loglevel debug
      documentroot /usr/local/apache2/htdocs
      alias /portal /usr/local/monapache/portal/
      ErrorLog logs/error_log
      <location /cas/login>
      setHandler modperl
      perlresponsehandler Lemonldap::Handlers::LoginCASFake
      PerlSetVar Domain demo.net
      PerlSetVar Configfile /usr/local/monapache/conf/application.xml
      PerlOptions +GlobalRequest
      </location>
      <location /cas/serviceValidate>
      setHandler modperl
      perlresponsehandler Lemonldap::Handlers::ValidateCAS
      PerlSetVar Domain demo.net
      PerlSetVar HandlerID validate
      PerlSetVar Configfile /usr/local/monapache/conf/application.xml
      PerlOptions +GlobalRequest
      </location>
      <location /cas/logout>
      setHandler modperl
      perlresponsehandler Lemonldap::Handlers::LogoutCAS
      PerlSetVar Domain demo.net
      PerlSetVar Configfile /usr/local/monapache/conf/application.xml
      PerlOptions +GlobalRequest
      </location>
      </virtualhost>

     YOU CAN MIXED lemonldap handler et CAS server 
  
      Your application.xml is like this 
        <domain    id="demo.net"
               Cookie="lemondemo"
               Sessionstore="memcached"
               portal= "http://authen.demo.net/portail/accueil.pl"
               LoginCASPage="/tmp/login.htmlcas"
               LogoutCASPage="/tmp/logout.htmlcas"
               LoginPage="/tmp/login.html"
               ldap_server="192.168.247.30"
               ldap_branch_people="ou=personnes,dc=demo,dc=net"    
             >
             <handler 
                    id="validate"
                    MultiHoming="pied,tete" 
                  />
            <handler id="pied"
                 MotifIn="/192.168.204.108\/caspied"
                 applcode= "mail"
                 pluginpolicy="Lemonldap::Handlers::RowPolicy"
              />
             <handler id="tete"
                 MotifIn="/192.168.204.108\/castete"
                 disableaccessControl="1"
              />
    #### here normal lemonldap application ##### 
            <handler 
                    id="appli1" 
                    applcode= "APT"
                    pluginpolicy="Lemonldap::Handlers::RowPolicy"
                    enableLWP="1"
                    basepub="http://myappli.demo.net"
                    basepriv="http://www.eyrolles.com"
                    >
            </handler>

       etc..

        Put your login.html and logout.cas in the good directory (here /tmp) and the right name (here /tmp/login.htmlcas ) 

        See the caspied and castete php examples  (basic and standard CAS  application) 
    
NOTES
    Lemonldapcas is just an emulation of CAS server , use the real CAS
    server if you have only CAS application .
    Lemonldap provides CAS version 1 and version 2 protocol ,if your
    location of validation contents the word 'Validate' (eg
    serviceValidation) the hanlder will use CAS version 2 overwise (eg
    service) it's CAS version 1
    Lemonlap DOESN'T provide 'proxycas' service (in process) .
    Lemonldap shares its sessions with other lemonldap (unlike CAS server) .
    YOU MUST use HTTPS (by mod_ssl) in your apache server

  EXPORT
    None by default.

SEE ALSO
    Mention other useful documentation such as the documentation of related
    modules or operating system documentation (such as man pages in UNIX),
    or any relevant external documentation such as RFCs or standards.

AUTHOR
    root, <germanlinux@yahoo.fr>

COPYRIGHT AND LICENSE
    Copyright (C) 2007 by germanlinux at yahoo.fr

    This library is free software; you can redistribute it and/or modify it
    under the same terms as Perl itself, either Perl version 5.8.5 or, at
    your option, any later version of Perl 5 you may have available.