debian-mirror-gitlab/doc/integration/cas.md
2023-04-23 21:23:45 +05:30

80 lines
2.7 KiB
Markdown

---
stage: Manage
group: Authentication and Authorization
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
---
# CAS OmniAuth provider (deprecated) **(FREE SELF)**
WARNING:
This feature was [deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/369127) in GitLab 15.3 and is planned for
removal in 16.0.
To enable the CAS OmniAuth provider you must register your application with your
CAS instance. This requires the service URL GitLab supplies to CAS. It should be
something like: `https://gitlab.example.com:443/users/auth/cas3/callback?url`.
Handling for Single Logout (SLO) is enabled by default, so you only have to
configure CAS for back-channel logout.
1. On your GitLab server, open the configuration file.
For Omnibus package:
```shell
sudo editor /etc/gitlab/gitlab.rb
```
For installations from source:
```shell
cd /home/git/gitlab
sudo -u git -H editor config/gitlab.yml
```
1. Edit the [common configuration file settings](omniauth.md#configure-common-settings)
to add `cas3` as a single sign-on provider. This enables Just-In-Time
account provisioning for users who do not have an existing GitLab account.
1. Add the provider configuration:
For Omnibus package:
```ruby
gitlab_rails['omniauth_providers'] = [
{
name: "cas3",
label: "Provider name", # optional label for login button, defaults to "Cas3"
args: {
url: "CAS_SERVER",
login_url: "/CAS_PATH/login",
service_validate_url: "/CAS_PATH/p3/serviceValidate",
logout_url: "/CAS_PATH/logout"
}
}
]
```
For installations from source:
```yaml
- { name: 'cas3',
label: 'Provider name', # optional label for login button, defaults to "Cas3"
args: {
url: 'CAS_SERVER',
login_url: '/CAS_PATH/login',
service_validate_url: '/CAS_PATH/p3/serviceValidate',
logout_url: '/CAS_PATH/logout' } }
```
1. Change 'CAS_PATH' to the root of your CAS instance (such as `cas`).
1. If your CAS instance does not use default TGC lifetimes, update the `cas3.session_duration` to at least the current TGC maximum lifetime. To explicitly disable SLO, regardless of CAS settings, set this to 0.
1. Save the configuration file.
1. For the changes to take effect:
- If you installed via Omnibus, [reconfigure GitLab](../administration/restart_gitlab.md#omnibus-gitlab-reconfigure).
- If you installed from source, [restart GitLab](../administration/restart_gitlab.md#installations-from-source).
On the sign in page there should now be a CAS tab in the sign in form.