Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
documentation:latest:idpcas [2019/01/24 17:07]
127.0.0.1 external edit
documentation:latest:idpcas [2019/04/30 20:20] (current)
Line 1: Line 1:
-AS server ======+====== CAS server ======
  
 ===== Presentation ===== ===== Presentation =====
Line 16: Line 16:
   * **Activation**:​ set to ''​On''​.   * **Activation**:​ set to ''​On''​.
   * **Path**: it is recommended to keep the default value (''​^/​cas/''​)   * **Path**: it is recommended to keep the default value (''​^/​cas/''​)
 +  * **Use rule**: a rule to allow user to use this module, set to ''​1''​ to always allow.
 +
 +<note tip>
 +For example, to allow only users with a strong authentication level:
 +<​code>​
 +$authenticationLevel > 2
 +</​code>​
 +</​note>​
  
 ==== Configuring the CAS Service ==== ==== Configuring the CAS Service ====
  
 Then go in ''​CAS Service''​ to define: Then go in ''​CAS Service''​ to define:
-  * **CAS login**: the session key transmitted to CAS client as the main identifier (CAS Principal)+  * **CAS login**: the session key transmitted to CAS client as the main identifier (CAS Principal). This setting can be overriden per-application.
   * **CAS attributes**:​ list of attributes that will be transmitted by default in the validate response. Keys are the name of attribute in the CAS response, values are the name of session key.    * **CAS attributes**:​ list of attributes that will be transmitted by default in the validate response. Keys are the name of attribute in the CAS response, values are the name of session key. 
   * **Access control policy**: define if access control should be done on CAS service. Three options:   * **Access control policy**: define if access control should be done on CAS service. Three options:
Line 41: Line 49:
  
   * **Service URL** : the service (user-facing) URL of the CAS-enabled application.   * **Service URL** : the service (user-facing) URL of the CAS-enabled application.
 +  * **User attribute** : session field that will be used as main identifier.
   * **Rule** : The access control rule to enforce on this application. If left blank, access will be allowed for everyone.   * **Rule** : The access control rule to enforce on this application. If left blank, access will be allowed for everyone.