...
To enable CAS/SAML Authentication, you must ensure the org.dspace.authenticate.CASAuthentication
class is listed as one of the AuthenticationMethods in the following configuration:
Configuration File: |
| |
---|---|---|
Property: |
| |
Example Value: |
|
Configuring CAS/SAML Authentication
Anchor | ||||
---|---|---|---|---|
|
...
Here is an explanation of each of the different CAS/SAML configuration parameters:
Configuration File: |
|
---|---|
Property: |
|
Example Value: |
|
Informational Note: | Full url of CAS login address that users will be redirected to upon login attempt. Only used when authenticating using pure CAS 2.0 protocol ( |
Property: |
|
Example Value: |
|
Informational Note: | Full url of CAS ticket validation service. This address will be called by DSpace to verify validity of users token and whether the DSpace instance has permissions to authenticate users against CAS server. Only used when authenticating using pure CAS 2.0 protocol ( |
Property: |
|
Example Value: |
|
Informational Note: | Full url of CAS server logout service. The user will be redirected to this address when trying to logout from DSpace. Only used when authenticating using pure CAS 2.0 protocol ( |
Property: |
|
Example Value: |
|
Explanation: | This setting will enable usage of SAML 1.0 protocol. When this is enabled user name, surname and email address will be copied from CAS server using SAML 1.0 protocol. |
Property: |
|
Example Value: |
|
Informational Note: | The basic url (protocol and domain) of CAS server. Only used when SAM 1.0 is enabled (cas.use.saml = true). |
Property: |
|
Example Value: |
|
Informational Note: | SAML attribute name holding user first name. Only used when SAM 1.0 is enabled ( |
Property: |
|
Example Value: |
|
Informational Note: | SAML attribute name holding user last name. Only used when SAM 1.0 is enabled ( |
Property: |
|
Example Value: |
|
Informational Note: | SAML attribute name holding user email. When a list is returned the first address is being used. Only used when SAM 1.0 is enabled ( |
Property: |
|
Example Value: |
|
Informational Note: | This property controls whether user can auto register upon first login. If set to false, no new users will be allowed to create account on first authentication. |
Property: | webui.cas.enable |
Example Value: |
|
Informational Note: | This property controls whether user can edit his or hers username on the EPerson page. If set to true the user can edit the CAS username. |
Enabling user attribute lookup
...
If you have a SAML 1.0 compatible authentication server you can read user attributes during authentication automatically. For that you need to enable cas.use.saml property in the configuration file, provide general CAS server perfix prefix instead of direct links to login, logout and validation services and provide attribute names holding first name, last name and email (usually you can leave default settings) as described in Configuring CAS/SAML Authentication. After that user info will be read from the server.