How to use "CAS Jasig" to authenticate users in Vanilla2 forum ?

The goal is to integrate your existing SSO (based on CAS) in a Vanilla2 based forum.

Vanilla2 ProxyConnect plugin

First of all, you need to install the ProxyConnect plugin. Then you have to enable it from the dashboard.

Finally, configure it like that:

Now, you have to setup these "sso scripts".

Scripts contents

The two more importants are sso/authenticate.php and sso/signin.php. These scripts will share some parameters that will be stored in sso/config.php.


  • $secret is a private key, it is used to secure the cookie between signin.php and authenticate.php.
  • getMailFromLogin($login) is used to return the mail address corresponding to the login (write your own)
  • getUserIDFromLogin($login) is used to return a unique id to identified your login in the vanilla2 bdd
$secret = "zef43kjdf657kjdf243";
function getMailFromLogin($login) {
    // TODO: write your own code to search the Mail
    //       corresponding to $login
    // for example, connect to your BDD or LDAP and search in it.
function getUserIDFromLogin($login) {
    // TODO: write your own code to associate 
    //       a unique numerical id for $login
    // for example, connect to your BDD or LDAP and search in it.
    // Or use this very simple code to handle unique id in flat file
    $dbfile = dirname(__FILE__).'/';
    $users = array();
    if (!file_exists($dbfile)) {
        file_put_contents($dbfile, '<?php $users = '.var_export($users, true).';');
    include $dbfile;
    if (!isset($users[$login])) {
        $maxid = array_pop(array_values(array_slice($users, 1)));
        $users[$login] = $maxid+1;
    file_put_contents($dbfile, '<?php $users = '.var_export($users, true).';');
    return $users[$login];


This one will redirect user to your SSO in order to get the authenticated login, then it will setup a cookie to communicate this login to the sso/authenticate.php script. It supposes that you have the phpCAS library (CAS client) installed and accessible through your PHP include_path.

include dirname(__FILE__).'/config.php';
$login = phpCAS::getUser();
// setup a secure cookie for login communication to sso-authenticate.php
$hash = base64_encode(sha1($login.$secret).'/'.$login);
setcookie("SSO_ID", $hash, 0, '/');
// redirect to the vanilla 2 forum
$url = ($_SERVER['HTTPS'] == 'on' ? 'https' : 'http').'://'.$_SERVER['HTTP_HOST'].'/'.(isset($_GET['r'])?$_GET['r']:'/');
$url = rtrim($url, '/');
header('Location: '.$url);


This script get the cookie previously setup by sso/signin.php to extract the login value. Then it searches for a unique id and for the user's mail. And finally it returns result as vanilla2 is waiting for.

Notice : this script will be called directly by vanilla after sso/signin.php is called. This script is never loaded be the user's browser.

include dirname(__FILE__).'/config.php';
if (!isset($_COOKIE['SSO_ID'])) {
$hash   = explode('/',base64_decode($_COOKIE['SSO_ID']));
if ($hash[0] == sha1($hash[1].$secret)) {
    $login  = $hash[1];
} else {
$login  = strtolower($login);
$id     = getUserIDFromLogin($login);
$mail   = getMailFromLogin($login);
if (!$login || !$mail || !$id) {
UniqueID=<?php echo $id; ?> 
Name=<?php echo $login; ?> 
Email=<?php echo $mail; ?> 


This script will just destroy the vanilla cookie and the SSO cookie.

setcookie('Vanilla', ' ', time() - 3600, '/');
setcookie('SSO_ID', ' ', time() - 3600, '/');
// redirect to the vanilla home
header('Location: '.($_SERVER['HTTPS'] == 'on' ? 'https' : 'http').'://'.$_SERVER['HTTP_HOST'].'/');

Attention: create a blank file favicon.ico in your vanilla root directory if you want to be able to logout.


This script should redirect to your centralized user registration url…

header('Location: http://your-registration-url');


Enter your comment

Recent changes RSS feed Valid XHTML 1.0 Valid CSS Driven by DokuWiki