2021-01-29 00:20:46 +05:30
---
2022-07-16 23:28:13 +05:30
stage: Manage
group: Authentication and Authorization
2021-02-22 17:27:13 +05:30
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
2021-01-29 00:20:46 +05:30
---
2022-08-27 11:52:29 +05:30
# CAS OmniAuth provider (deprecated) **(FREE SELF)**
WARNING:
This feature was [deprecated ](https://gitlab.com/gitlab-org/gitlab/-/issues/369127 ) in GitLab 15.3 and is planned for
removal in 16.0.
2016-01-14 18:37:52 +05:30
2021-11-11 11:23:49 +05:30
To enable the CAS OmniAuth provider you must register your application with your
CAS instance. This requires the service URL GitLab supplies to CAS. It should be
something like: `https://gitlab.example.com:443/users/auth/cas3/callback?url` .
Handling for Single Logout (SLO) is enabled by default, so you only have to
configure CAS for back-channel logout.
2016-01-14 18:37:52 +05:30
2019-09-30 21:07:59 +05:30
1. On your GitLab server, open the configuration file.
2016-01-14 18:37:52 +05:30
2019-12-04 20:38:33 +05:30
For Omnibus package:
2016-01-14 18:37:52 +05:30
2020-03-13 15:44:24 +05:30
```shell
2019-09-30 21:07:59 +05:30
sudo editor /etc/gitlab/gitlab.rb
```
2016-01-14 18:37:52 +05:30
2019-09-30 21:07:59 +05:30
For installations from source:
2016-01-14 18:37:52 +05:30
2020-03-13 15:44:24 +05:30
```shell
2019-09-30 21:07:59 +05:30
cd /home/git/gitlab
2016-01-14 18:37:52 +05:30
2019-09-30 21:07:59 +05:30
sudo -u git -H editor config/gitlab.yml
```
2016-01-14 18:37:52 +05:30
2021-12-11 22:18:48 +05:30
1. See [Configure initial settings ](omniauth.md#configure-initial-settings ) for initial settings.
2016-01-14 18:37:52 +05:30
2019-09-30 21:07:59 +05:30
1. Add the provider configuration:
2016-01-14 18:37:52 +05:30
2019-12-04 20:38:33 +05:30
For Omnibus package:
2016-01-14 18:37:52 +05:30
2019-09-30 21:07:59 +05:30
```ruby
gitlab_rails['omniauth_providers'] = [
{
2022-01-26 12:08:38 +05:30
name: "cas3",
label: "Provider name", # optional label for login button, defaults to "Cas3"
args: {
url: "CAS_SERVER",
login_url: "/CAS_PATH/login",
service_validate_url: "/CAS_PATH/p3/serviceValidate",
logout_url: "/CAS_PATH/logout"
}
2019-09-30 21:07:59 +05:30
}
]
```
2016-01-14 18:37:52 +05:30
2019-09-30 21:07:59 +05:30
For installations from source:
2016-01-14 18:37:52 +05:30
2020-04-22 19:07:51 +05:30
```yaml
2019-09-30 21:07:59 +05:30
- { name: 'cas3',
2022-01-26 12:08:38 +05:30
label: 'Provider name', # optional label for login button, defaults to "Cas3"
2019-09-30 21:07:59 +05:30
args: {
2021-01-03 14:25:43 +05:30
url: 'CAS_SERVER',
login_url: '/CAS_PATH/login',
service_validate_url: '/CAS_PATH/p3/serviceValidate',
logout_url: '/CAS_PATH/logout' } }
2019-09-30 21:07:59 +05:30
```
2016-01-14 18:37:52 +05:30
2021-03-11 19:13:27 +05:30
1. Change 'CAS_PATH' to the root of your CAS instance (such as `cas` ).
2016-01-14 18:37:52 +05:30
2019-09-30 21:07:59 +05:30
1. If your CAS instance does not use default TGC lifetimes, update the `cas3.session_duration` to at least the current TGC maximum lifetime. To explicitly disable SLO, regardless of CAS settings, set this to 0.
2016-01-14 18:37:52 +05:30
2019-09-30 21:07:59 +05:30
1. Save the configuration file.
2016-01-14 18:37:52 +05:30
2022-10-11 01:57:18 +05:30
1. For the changes to take effect:
- If you installed via Omnibus, [reconfigure GitLab ](../administration/restart_gitlab.md#omnibus-gitlab-reconfigure ).
- If you installed from source, [restart GitLab ](../administration/restart_gitlab.md#installations-from-source ).
2016-01-14 18:37:52 +05:30
On the sign in page there should now be a CAS tab in the sign in form.