mirror of https://github.com/jacekkow/keycloak-protocol-cas
| commit | author | age | ||
| 0cc9a0 | 1 | # keycloak-protocol-cas |
| MP | 2 | |
| 5dc37d | 3 | This plugin for Keycloak Identity and Access Management (http://www.keycloak.org) adds the CAS 3.0 SSO protocol |
| JK | 4 | as an available client protocol to the Keycloak system. It implements the required Service Provider Interfaces (SPIs) |
| 5 | for a Login Protocol and will be picked up and made available by Keycloak automatically once installed. | |
| 6 | ||
| 7 |  | |
| b8c874 | 8 | |
| 1482f2 | 9 | ## Features |
| 5dc37d | 10 | |
| 0cc9a0 | 11 | The following CAS features are currently implemented: |
| MP | 12 | * CAS 1.0/2.0/3.0 compliant Login/Logout and Service Ticket Validation |
| b8c874 | 13 | * Single Logout (SLO) |
| 0cc9a0 | 14 | * Filtering of provided `service` against configured redirect URIs |
| MP | 15 | * JSON and XML response types |
| 16 | * Mapping of custom user attributes to CAS assertion attributes | |
| 17 | ||
| 5dc37d | 18 | The following features are **missing**: |
| JK | 19 | * SAML request/response [CAS 3.0 - optional] |
| 20 | * Proxy ticket service and proxy ticket validation [CAS 2.0] | |
| 4e2fd6 | 21 | |
| D | 22 | The following features are out of scope: |
| 0cc9a0 | 23 | * Long-Term Tickets - Remember-Me [CAS 3.0 - optional] |
| MP | 24 | |
| 3f0be1 | 25 | ## Compatibility |
| ea64d6 | 26 | |
| 5dc37d | 27 | The CAS plugin has been tested against the same Keycloak version as the plugin version. |
| JK | 28 | |
| 29 | As a rule of thumb plugin version should **match your Keycloak version**. | |
| 3f0be1 | 30 | |
| D | 31 | ## Installation |
| 5dc37d | 32 | |
| 3f0be1 | 33 | Installation of a compatible plugin version is simple and can be done without a Keycloak server restart. |
| ea64d6 | 34 | |
| 5dc37d | 35 | 1. Download the latest release compatible with your Keycloak version from the [releases page](https://github.com/jacekkow/keycloak-protocol-cas/releases). |
| JK | 36 | 2. Copy the JAR file into the `standalone/deployments` directory in your Keycloak server's root. |
| 37 | ||
| 38 | Remember to update plugin artifact with each Keycloak server upgrade! | |
| 0cc9a0 | 39 | |
| 1482f2 | 40 | ## Configuration |
| 5dc37d | 41 | |
| JK | 42 | To use the new protocol, you have to create a client within Keycloak as usual, selecting `cas` as protocol. |
| 43 | As there is no client ID indication in protocol, the client will be identified by the redirect URIs | |
| 44 | configured in Keycloak. | |
| 0cc9a0 | 45 | |
| MP | 46 | Enter `https://your.keycloak.host/auth/realms/master/protocol/cas` as the CAS URL into your SP. |
| 47 | ||
| 1482f2 | 48 | ## Disclaimer |
| 5dc37d | 49 | |
| JK | 50 | This plugin was implemented from scratch to comply to the official CAS protocol specification, |
| 51 | and is based heavily on the OpenID Connect implementation in Keycloak. | |
| 0cc9a0 | 52 | It is licensed under the Apache License 2.0. |
| MP | 53 | |
| 5dc37d | 54 | This repo is a fork of https://github.com/Doccrazy/keycloak-protocol-cas |
| JK | 55 | and includes changes for Keycloak 8 and newer that were not merged by the owner for half a year. |
| 56 | ||
| 1482f2 | 57 | ## References |
| 5dc37d | 58 | [1] http://www.keycloak.org |
| JK | 59 | [2] https://issues.jboss.org/browse/KEYCLOAK-1047 (Support CAS 2.0 SSO protocol) |
| 60 | [3] https://apereo.github.io/cas/4.2.x/protocol/CAS-Protocol-Specification.html | |
| 0cc9a0 | 61 | [4] https://keycloak.gitbooks.io/server-developer-guide/content/topics/providers.html |
