| title | up |
|---|---|
CAS single sign-on |
../customize.md#web-interface-optional-features |
See also "Authentication on web interface".
CAS is the Apero CAS SSO software (originally developed by the Yale University). Sympa's web interface (WWSympa) provides authentication mechanism to use the CAS authentication service.
If a CAS server redirects the user to WWSympa with a valid ticket, WWSympa receives a user ID from the CAS server. Then, it connects to the related LDAP directory to get the user email address. If no CAS server returns a valid user ID, WWSympa will let the user either select a CAS server to login or perform another authentication mechanism.
-
CAS authentication server is running and accessible from users' local network.
-
AuthCAS Perl module has to be installed.
Listmasters should define one or more
cas paragraph in auth.conf
configuration file. Below is an example of the paragraph:
cas
base_url https://sso-cas.renater.fr
non_blocking_redirection on
auth_service_name cas-cru
ldap_host ldap.renater.fr:389
ldap_get_email_by_uid_filter (uid=[uid])
ldap_timeout 7
ldap_suffix dc=cru,dc=fr
ldap_scope sub
ldap_email_attribute mail
Note:
-
base_urlspecifies base URL of CAS server. -
If the
non_blocking_redirectionparameter was set for a CAS server, then WWSympa will try a transparent login on this server when the user accesses the web interface. -
ldap_*parameters defines how to map CAS user IDs to email addresses of Sympa users. The variable[uid]inldap_get_email_by_uid_filterparameter will be replaced with CAS user ID.