documentation:1.0:idpcas

CAS server

LL::NG can act as an CAS server, that can allow to federate LL::NG with:

LL::NG is compatible with the CAS protocol versions 1.0 and 2.0. This protocol does not define any attributes exchange mechanism, so only authentication is managed.

In the Manager, go in General Parameters » Issuer modules » CAS and configure:

  • Activation: set to On.
  • Path: keep ^/cas/ unless you have change Apache portal configuration file.
  • Use rule: a rule to allow user to use this module, set to 1 to always allow.
For example, to allow only users with a strong authentication level:
$authenticationLevel > 2
Apache rewrite rules must have been activated in Apache portal configuration:
    <IfModule mod_rewrite.c>
        RewriteEngine On
        RewriteRule ^/cas/.* /index.pl
    </IfModule>

Then go in Options to define:

  • CAS login: the session key used to fill user login (value will be transmitted to CAS clients).
  • CAS session module name and options: choose a specific module if you do not want to mix CAS sessions and normal sessions (see why).
If CAS login is not set, it uses General Parameters » Logs » REMOTE_USER data, which is set to uid by default