Skip to main content

Single Sign-On-CAS

1. CAS Overview

CAS is an open-source enterprise-level SSO project based on the B/S architecture, supporting multiple communication protocols. It mainly consists of CAS server and CAS client, and the main authentication process is as follows:

1.png

Guandata Data product acts as the CAS Client.

2. CAS Standard Configuration

(1) Function path: Management Center > System Settings > Login Settings > Single Sign-On configuration page, select SSO method: CAS

(2) Configuration items overview

Config NameAttributeDescriptionExample
Authentication ProtocolRequiredSelect the CAS protocol version, supports 1.0, 2.0, 3.0CAS 3.0
CAS Server AddressRequiredCAS authentication service address, i.e., the request address in steps 2, 3, 5 of the authentication process.https://portal.xxx.com/cas
CAS Login AddressRecommendedAs the CAS login address, after the user accesses Guandata platform, if not logged in, Guandata will redirect to this address, i.e., step 2 request address. If not configured, defaults to CAS Server address. Note: If there are issues with service, redirectUrl, etc., usually configuring the Login address can solve them.
User Info FieldRequiredThe field in the CAS returned user info used to match with BI users, i.e., the field that can uniquely identify the user and is bound to the BI user account. It is recommended to use the same field as the account in Guandata platform to reduce extra configuration and binding.username
Default Login AddressOptionalWhen not logged in, will redirect to this address for login authentication${BI service address}/sso/cas-sign-in
Logout RedirectOptionalAfter logging out from Guandata platform, the user's browser will redirect to this address.

If the CAS authentication server requires the application (Guandata Data) to provide relevant information, refer to the following:

  • Callback address: ${BI service address}/sso/cas-sign-in
  • Service address: ${BI service address}

image.png