Single Sign-On-CAS
1. CAS Overview
CAS is an open-source enterprise-level SSO project based on the B/S architecture, supporting multiple communication protocols. It mainly consists of CAS server and CAS client, and the main authentication process is as follows:
Guandata Data product acts as the CAS Client.
2. CAS Standard Configuration
(1) Function path: Management Center > System Settings > Login Settings > Single Sign-On configuration page, select SSO method: CAS
(2) Configuration items overview
| Config Name | Attribute | Description | Example |
|---|---|---|---|
| Authentication Protocol | Required | Select the CAS protocol version, supports 1.0, 2.0, 3.0 | CAS 3.0 |
| CAS Server Address | Required | CAS authentication service address, i.e., the request address in steps 2, 3, 5 of the authentication process. | https://portal.xxx.com/cas |
| CAS Login Address | Recommended | As the CAS login address, after the user accesses Guandata platform, if not logged in, Guandata will redirect to this address, i.e., step 2 request address. If not configured, defaults to CAS Server address. Note: If there are issues with service, redirectUrl, etc., usually configuring the Login address can solve them. | |
| User Info Field | Required | The field in the CAS returned user info used to match with BI users, i.e., the field that can uniquely identify the user and is bound to the BI user account. It is recommended to use the same field as the account in Guandata platform to reduce extra configuration and binding. | username |
| Default Login Address | Optional | When not logged in, will redirect to this address for login authentication | ${BI service address}/sso/cas-sign-in |
| Logout Redirect | Optional | After logging out from Guandata platform, the user's browser will redirect to this address. |
If the CAS authentication server requires the application (Guandata Data) to provide relevant information, refer to the following:
- Callback address: ${BI service address}/sso/cas-sign-in
- Service address: ${BI service address}
