CakePHP and Kerberos

Question

I have a web app built upon CakePHP. Currently it is doing user authentication / Access Control with the built-in AuthComponent and the ACL functionality.

Throughout our organization, we have MANY applications (web and otherwise) that all require their own user/pass combo. Our company is looking to migrate as many of our internal apps to 'single signon' functionality, and the hope is to use Kerberos for the central user-store.

I'm wondering if someone might have attacked this by modifying the AuthComponent to validate against an application-level database of users permitted to use app itself, but then communicate with Kerberos (assuming the user is found) to authenticate the user's uname/pwd combo.

Any advice would be appreciated.

Answer 1

You can create a new Component which extends the original AuthComponent. Then you override the login method and add your other authentication there. This solution is very convenient and not too intrusive, even if the AuthComponent is not designed to be extended like this.

App::import('Core', 'Auth');
class AuthenticationComponent extends AuthComponent {
    public $components = array('Session', 'RequestHandler', 'Sso');
    public $loginRedirect = array('controller' => 'frontpage');
    public $Controller = null;
    public $loginAction = array('controller' => 'login');
    public $authorize = 'actions';
    public $loginError = Notifications::LOGIN_FAILED;
    public $authError = Notifications::ACTION_NOT_ALLOWED;

    public function login($data) {
     if(parent::login($data)) {
      // OTHER AUTHENTICATION HERE
      return true;
     }
     else {
      // stuff
     }
     return false;
    }
}