mirror of https://github.com/jacekkow/keycloak-protocol-cas
| commit | author | age | ||
| 0cc9a0 | 1 | # keycloak-protocol-cas |
| MP | 2 | This plugin for Keycloak Identity and Access Management (http://www.keycloak.org) adds the CAS 3.0 SSO protocol as an available client protocol to the Keycloak system. It implements the required Service Provider Interfaces (SPIs) for a Login Protocol and will be picked up and made available by Keycloak automatically once installed. |
| 3 | ||
| 4 | # Features | |
| 5 | The following CAS features are currently implemented: | |
| 6 | * CAS 1.0/2.0/3.0 compliant Login/Logout and Service Ticket Validation | |
| 7 | * Filtering of provided `service` against configured redirect URIs | |
| 8 | * JSON and XML response types | |
| 9 | * Mapping of custom user attributes to CAS assertion attributes | |
| 10 | ||
| 11 | The following features are **curently missing**: | |
| 12 | * Proxy ticket service and proxy ticket validation [CAS 2.0] | |
| 13 | * Long-Term Tickets - Remember-Me [CAS 3.0 - optional] | |
| 14 | * SAML request/response [CAS 3.0 - optional] | |
| 15 | ||
| 16 | # Installation | |
| 17 | 1. Clone or download this repository (pre-compiled releases will follow!) | |
| 18 | 2. Run `mvn package` to build the plugin JAR | |
| 19 | 3. Copy the JAR file generated in the `target` folder into the `providers` directory in your Keycloak server's root | |
| 20 | 4. Restart Keycloak | |
| 21 | ||
| 22 | # Configuration | |
| 23 | To use the new protocol, you have to create a client within Keycloak as usual. | |
| 24 | **Important: Due to [KEYCLOAK-4270](https://issues.jboss.org/browse/KEYCLOAK-4270), you have to select the `openid-connect` protocol when creating the client and change it after saving.** | |
| 25 | As the CAS protocol does not transmit a client ID, the client will be identified by the redirect URIs (mapped to CAS service). No further configuration is necessary. | |
| 26 | ||
| 27 | Enter `https://your.keycloak.host/auth/realms/master/protocol/cas` as the CAS URL into your SP. | |
| 28 | ||
| 29 | # Disclaimer | |
| 30 | This plugin was implemented from scratch to comply to the official CAS protocol specification, and is based heavily on the OpenID Connect implementation in Keycloak. | |
| 31 | It is licensed under the Apache License 2.0. | |
| 32 | ||
| 33 | # References | |
| 34 | [1] http://www.keycloak.org | |
| 35 | [2] https://issues.jboss.org/browse/KEYCLOAK-1047 (Support CAS 2.0 SSO protocol) | |
| 36 | [3] https://apereo.github.io/cas/4.2.x/protocol/CAS-Protocol-Specification.html | |
| 37 | [4] https://keycloak.gitbooks.io/server-developer-guide/content/topics/providers.html | |
