CAS¶
Authentication |
Users |
Password |
|---|---|---|
✔ |
Presentation¶
LL::NG can delegate authentication to a CAS server. This requires Perl CAS module.
Tip
LL::NG can also act as CAS server, that allows one to interconnect two LL::NG systems.
LL::NG can also request proxy tickets for its protected services. Proxy tickets will be collected at authentication phase and stored in user session under the form:
_casPT<serviceID> = Proxy ticket value
They can then be forwarded to applications through HTTP headers.
Tip
CAS authentication will automatically add a logout forward rule on CAS server logout URL in order to close CAS session on LL::NG logout.
Configuration¶
In Manager, go in General Parameters > Authentication modules
and choose CAS for authentication.
Tip
You can then choose any other module for users and password.
Attention
Browser implementations of formAction directive are inconsistent (e.g. Firefox doesn’t block the redirects whereas Chrome does). Administrators may have to modify formAction value with wildcard likes *.
In Manager, go in :
General Parameters > Advanced Parameters > Security >
Content Security Policy > Form destination
Then, go in CAS parameters:
Authentication level: authentication level for this module.
Then create the list of CAS servers in the manager. For each, set:
Server URL (required): CAS server URL (must use https://)
Renew authentication (default: disabled): force authentication renewal on CAS server
Gateways authentication (default: disabled): force transparent authentication on CAS server
Display Name: Name to display. Required if you have more than 1 CAS server declared
Icon: Path to CAS Server icon. Used only if you have more than 1 CAS server declared
Order: Number to sort CAS Servers display
Proxied services: list of services for which a proxy ticket is requested:
Key: Service ID
Value Service URL (CAS service identifier)
Tip
If no proxied services defined, CAS authentication will not activate the CAS proxy mode with this CAS server.