CAS Authentication with Mindbreeze

Installation and Configuration

Copyright ©

Mindbreeze GmbH, A-4020 Linz, 2018.

All rights reserved. All hardware and software names are brand names and/or trademarks of their respective manufacturers.

These documents are strictly confidential. The submission and presentation of these documents does not confer any rights to our software, our services, and service outcomes, or other protected rights.

The dissemination, publication, or reproduction hereof is prohibited.

For ease of readability, gender differentiation has been waived. Corresponding terms and definitions apply within the meaning and intent of the equal treatment principle for both sexes.

CAS Authentication with MindbreezePermanent link for this heading

CAS (Central Authentication Service) is an SSO (single sign-on) protocol for web applications. With CAS, the user only needs to provide their login information (user name and password) once to receive access to multiple applications. Versions 2 and 3 are supported.

Configuring CAS in MindbreezePermanent link for this heading

You can configure CAS in Mindbreeze with the following steps:

  • Add a CAS server URL
  • Enable/disable CAS for single services
  • Optional: Add principal attributes

The configuration is done in the "Authentication" tab.

Server URLPermanent link for this heading

The server URL is entered in the section "Add New CAS Server Configuration"; click on "Add".

Enabling/Disabling CAS for single servicesPermanent link for this heading

For Web Client Services, the use of CAS can be enabled and disabled using the checkboxes in the section "Enable / Disable CAS Authentication". For each activated client service, select the corresponding "Authenticator" in the selection box. It is important that related services have the same setting.

CAS principal attributesPermanent link for this heading

All CAS principal attributes are added to the Mindbreeze Identity automatically.

Group memberships (included in Mindbreeze under “Principals”) can also be transferred directly from CAS tickets.

Note: In order to have the attributes available in CAS tickets, CAS 3 (/cas/p3) is the CAS service URL that should be used.

A comma-separated list of CAS attributes is entered into the section "Additional principal attributes"; this list of attributes is taken directly from the CAS ticket and made available as Mindbreeze Principals in the Identity.