Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Last revision Both sides next revision
documentation:latest:idpcas [2019/01/24 17:07]
127.0.0.1 external edit
documentation:latest:idpcas [2019/04/30 20:20]
127.0.0.1 external edit
Line 1: Line 1:
-AS server ======+====== CAS server ======
  
 ===== Presentation ===== ===== Presentation =====
Line 16: Line 16:
   * **Activation**:​ set to ''​On''​.   * **Activation**:​ set to ''​On''​.
   * **Path**: it is recommended to keep the default value (''​^/​cas/''​)   * **Path**: it is recommended to keep the default value (''​^/​cas/''​)
 +  * **Use rule**: a rule to allow user to use this module, set to ''​1''​ to always allow.
 +
 +<note tip>
 +For example, to allow only users with a strong authentication level:
 +<​code>​
 +$authenticationLevel > 2
 +</​code>​
 +</​note>​
  
 ==== Configuring the CAS Service ==== ==== Configuring the CAS Service ====
  
 Then go in ''​CAS Service''​ to define: Then go in ''​CAS Service''​ to define:
-  * **CAS login**: the session key transmitted to CAS client as the main identifier (CAS Principal)+  * **CAS login**: the session key transmitted to CAS client as the main identifier (CAS Principal). This setting can be overriden per-application.
   * **CAS attributes**:​ list of attributes that will be transmitted by default in the validate response. Keys are the name of attribute in the CAS response, values are the name of session key.    * **CAS attributes**:​ list of attributes that will be transmitted by default in the validate response. Keys are the name of attribute in the CAS response, values are the name of session key. 
   * **Access control policy**: define if access control should be done on CAS service. Three options:   * **Access control policy**: define if access control should be done on CAS service. Three options:
Line 41: Line 49:
  
   * **Service URL** : the service (user-facing) URL of the CAS-enabled application.   * **Service URL** : the service (user-facing) URL of the CAS-enabled application.
 +  * **User attribute** : session field that will be used as main identifier.
   * **Rule** : The access control rule to enforce on this application. If left blank, access will be allowed for everyone.   * **Rule** : The access control rule to enforce on this application. If left blank, access will be allowed for everyone.