BigW Consortium Gitlab

cas.md 1.99 KB
Newer Older
1 2
# CAS OmniAuth Provider

Douwe Maan committed
3
To enable the CAS OmniAuth provider you must register your application with your CAS instance. This requires the service URL GitLab will supply to CAS. It should be something like: `https://gitlab.example.com:443/users/auth/cas3/callback?url`. By default handling for SLO is enabled, you only need to configure CAS for backchannel logout.
4 5 6 7 8 9 10 11 12

1.  On your GitLab server, open the configuration file.

    For omnibus package:

    ```sh
      sudo editor /etc/gitlab/gitlab.rb
    ```

Douwe Maan committed
13
    For installations from source:
14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29

    ```sh
      cd /home/git/gitlab

      sudo -u git -H editor config/gitlab.yml
    ```

1.  See [Initial OmniAuth Configuration](omniauth.md#initial-omniauth-configuration) for initial settings.

1.  Add the provider configuration:

    For omnibus package:

    ```ruby
      gitlab_rails['omniauth_providers'] = [
        {
30 31 32 33 34 35 36 37
            "name"=> "cas3",
            "label"=> "cas",
            "args"=> {
                "url"=> 'CAS_SERVER',
                "login_url"=> '/CAS_PATH/login',
                "service_validate_url"=> '/CAS_PATH/p3/serviceValidate',
                "logout_url"=> '/CAS_PATH/logout'
            }
38 39 40
        }
      ]
    ```
41
    
42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60

    For installations from source:

    ```
      - { name: 'cas3',
          label: 'cas',
          args: {
                  url: 'CAS_SERVER',
                  login_url: '/CAS_PATH/login',
                  service_validate_url: '/CAS_PATH/p3/serviceValidate',
                  logout_url: '/CAS_PATH/logout'} }
    ```

1.  Change 'CAS_PATH' to the root of your CAS instance (ie. `cas`).

1.  If your CAS instance does not use default TGC lifetimes, update the `cas3.session_duration` to at least the current TGC maximum lifetime. To explicitly disable SLO, regardless of CAS settings, set this to 0.

1.  Save the configuration file.

61 62
1.  Run `gitlab-ctl reconfigure` for the omnibus package.

63 64
1.  Restart GitLab for the changes to take effect.

Douwe Maan committed
65
On the sign in page there should now be a CAS tab in the sign in form.