<?xml version="1.0" encoding="utf-8"?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="fr" xml:lang="fr"> <head> <meta name="generator" content= "HTML Tidy for Linux/x86 (vers 7 December 2008), see www.w3.org" /> <title>Lemonldap::NG documentation: 4.5-CAS-authentication-backend.html</title> <meta http-equiv="Content-Type" content="text/html; charset=us-ascii" /> <style type="text/css"> /*<![CDATA[*/ body{ background: #ddd; font-family: sans-serif; font-size: 11pt; padding: 0 50px; } div.main-content{ padding: 10px; background: #fff; border: 2px #ccc solid; } a{ text-decoration: none; } p.footer{ text-align: center; margin: 5px 0 0 0; } .heading-1{ text-align: center; color: orange; font-variant: small-caps; font-size: 20pt; } .heading-1-1{ color: orange; font-size: 14pt; border-bottom: 2px #ccc solid; } pre{ background: #eee; border: 2px #ccc solid; padding: 5px; border-left: 10px #ccc solid; } ul.star li{ list-style-type: square; } /*]]>*/ </style> </head> <body> <div class="main-content"> <h2 class="heading-1"><span id="HCASauthenticationbackend">CAS authentication backend</span></h2> <p class="paragraph"></p> <ul> <li><a href="#HPresentation">Presentation</a></li> <li><a href="#HConfiguration">Configuration</a></li> <li><a href="#HSeealso">See also</a></li> </ul> <h3 class="heading-1-1"><span id="HPresentation">Presentation</span></h3> <p class="paragraph"></p>This backend allows you to use a CAS server as primary SSO provider. This require the <span class= "wikiexternallink"><a href= "http://sourcesup.cru.fr/projects/perlcas/">AuthCAS Perl module</a></span>. <p class="paragraph"></p>To work, your CAS server need to use HTTPS (CAS cookies are only sent over SSL connections) <h3 class="heading-1-1"><span id= "HConfiguration">Configuration</span></h3> <p class="paragraph"></p>Edit portal/index.pl and add those parameters in constructor: <div class="code"> <pre> authentication => 'CAS', CAS_url => 'https://cas.example.com', #CAS_CAFile => '/etc/httpd/conf/ssl.crt/ca-bundle.crt', CAS_loginUrl => 'http://auth.example.com', CAS_validationUrl => 'http://auth.example.com', </pre> </div> <p class="paragraph"></p>Parameters explanations: <ul class="star"> <li>CAS_url: this is the login URL on your CAS server. This has to use HTTPS.</li> <li>CAS_CAFile: only use to verify CAS server certificate, not mandatory.</li> <li>CAS_loginUrl: where CAS redirect the user after CAS authentication, this is the portal.</li> <li>CAS_validationUrl: where the service ticket (ST) is checked, this is the portal.</li> </ul>Of course the CAS user must exists in your UserDB backend. You can rely just on CAS authentication by using the <span class= "wikilink"><a href="4.6-Null-user-backend.html">Null UserDB backend</a></span> <h3 class="heading-1-1"><span id="HSeealso">See also</span></h3> <ul class="star"> <li><span class="wikilink"><a href= "4.1-Configuration-parameter-list.html">Config Parameter List</a></span></li> </ul> </div> <p class="footer"><a href="index.html">Index</a></p> </body> </html>