CAS server (SSO) authentication test setup: Difference between revisions
David Mudrak (talk | contribs) (Copying useful info from MDL-63994 for later reference) |
David Mudrak (talk | contribs) mNo edit summary |
||
| (One intermediate revision by the same user not shown) | |||
| Line 1: | Line 1: | ||
The CAS authentication in Moodle can be tested with a public CAS demo server operated by Apereo. It is way easier than configuring an own one. See below for more info if you still need to run own CAS server. | The CAS authentication in Moodle can be tested with a public CAS demo server operated by Apereo. It is way easier than configuring an own one. See below for more info if you still need to run own CAS server. | ||
=== CAS and LDAP === | |||
In a normal production setup, the CAS authentication would be typically used together with an LDAP server where the user data (such as name and email) would be loaded from. This is optional though and not needed for this test. | In a normal production setup, the CAS authentication would be typically used together with an LDAP server where the user data (such as name and email) would be loaded from. This is optional though and not needed for this test. | ||
=== CAS demo server === | |||
1. Log in as admin | 1. Log in as admin | ||
| Line 19: | Line 23: | ||
| casserver.herokuapp.com | | casserver.herokuapp.com | ||
|- | |- | ||
| Base URI auth_cas / baseuri | | Base URI (auth_cas / baseuri) | ||
| cas/ | | cas/ | ||
|- | |- | ||
| Port auth_cas / port | | Port (auth_cas / port) | ||
| 443 | | 443 | ||
|- | |- | ||
| CAS protocol version auth_cas / casversion | | CAS protocol version (auth_cas / casversion) | ||
| CAS 2.0 | | CAS 2.0 | ||
|- | |- | ||
| CAS logout option auth_cas / logoutcas | | CAS logout option (auth_cas / logoutcas) | ||
| Yes | | Yes | ||
|- | |- | ||
| Multi-authentication auth_cas / multiauth | | Multi-authentication (auth_cas / multiauth) | ||
| Yes | | Yes | ||
|} | |} | ||
| Line 48: | Line 52: | ||
10. You are redirected back to Moodle and authenticated as a new user. You are now asked to fill the empty user profile form. If you had the LDAP configured on the CAS settings page, it would now load user details for the user with the identifier "casuser". | 10. You are redirected back to Moodle and authenticated as a new user. You are now asked to fill the empty user profile form. If you had the LDAP configured on the CAS settings page, it would now load user details for the user with the identifier "casuser". | ||
=== Additional resources === | |||
* https://apereo.github.io/cas/ | |||
* https://github.com/apereo/cas-webapp-docker/issues/26 | |||
Latest revision as of 21:23, 15 November 2018
The CAS authentication in Moodle can be tested with a public CAS demo server operated by Apereo. It is way easier than configuring an own one. See below for more info if you still need to run own CAS server.
CAS and LDAP
In a normal production setup, the CAS authentication would be typically used together with an LDAP server where the user data (such as name and email) would be loaded from. This is optional though and not needed for this test.
CAS demo server
1. Log in as admin
2. Go to Site administration > Plugins > Authentication
3. Enable CAS server (SSO) and click its Settings link
4. Fill the form with the following values, leaving default ones in the rest:
| Field | Value |
|---|---|
| Hostname (auth_cas / hostname) | casserver.herokuapp.com |
| Base URI (auth_cas / baseuri) | cas/ |
| Port (auth_cas / port) | 443 |
| CAS protocol version (auth_cas / casversion) | CAS 2.0 |
| CAS logout option (auth_cas / logoutcas) | Yes |
| Multi-authentication (auth_cas / multiauth) | Yes |
5. Log out
6. Click the Log in link
7. Follow the "CAS users" link
8. You should be at casserver.herokuapp.com demo login page now. Fill the following demo credentials:
- Username: casuser
- Password: Mellon
9. Click "LOGIN"
10. You are redirected back to Moodle and authenticated as a new user. You are now asked to fill the empty user profile form. If you had the LDAP configured on the CAS settings page, it would now load user details for the user with the identifier "casuser".
