mirror of https://github.com/jacekkow/keycloak-protocol-cas
| commit | author | age | ||
| 0cc9a0 | 1 | # keycloak-protocol-cas |
| MP | 2 | This plugin for Keycloak Identity and Access Management (http://www.keycloak.org) adds the CAS 3.0 SSO protocol as an available client protocol to the Keycloak system. It implements the required Service Provider Interfaces (SPIs) for a Login Protocol and will be picked up and made available by Keycloak automatically once installed. |
| 3 | ||
| b8c874 | 4 | [](https://travis-ci.org/Doccrazy/keycloak-protocol-cas) |
| MP | 5 | |
| 1482f2 | 6 | ## Features |
| 0cc9a0 | 7 | The following CAS features are currently implemented: |
| MP | 8 | * CAS 1.0/2.0/3.0 compliant Login/Logout and Service Ticket Validation |
| b8c874 | 9 | * Single Logout (SLO) |
| 0cc9a0 | 10 | * Filtering of provided `service` against configured redirect URIs |
| MP | 11 | * JSON and XML response types |
| 12 | * Mapping of custom user attributes to CAS assertion attributes | |
| 13 | ||
| b8c874 | 14 | The following features are **currently missing**: |
| 4e2fd6 | 15 | * #2: Proxy ticket service and proxy ticket validation [CAS 2.0] |
| D | 16 | * #1: SAML request/response [CAS 3.0 - optional] |
| 17 | ||
| 18 | The following features are out of scope: | |
| 0cc9a0 | 19 | * Long-Term Tickets - Remember-Me [CAS 3.0 - optional] |
| MP | 20 | |
| 1482f2 | 21 | ## Installation |
| ea64d6 | 22 | The CAS plugin has been tested against the following Keycloak versions. Please ensure your version is compatible before deploying. |
| D | 23 | Please report test results with other versions! |
| 24 | ||
| 25 | Plugin version | Keycloak 2.5.x | Keycloak 3.0.x | Keycloak 3.1.x | Keycloak 3.2.x | |
| 26 | ------------ | ------------- | ------------- | ------------- | ------------- | |
| 27 | 1.0.0 | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | |
| 28 | ||
| 29 | 1. Download the latest release compatible with your Keycloak version from the [releases page](https://github.com/Doccrazy/keycloak-protocol-cas/releases) | |
| 30 | 2. Copy the JAR file into the `standalone/deployments` directory in your Keycloak server's root | |
| 31 | 3. Restart Keycloak (optional, hot deployment should work) | |
| 0cc9a0 | 32 | |
| 1482f2 | 33 | ## Configuration |
| D | 34 | To use the new protocol, you have to create a client within Keycloak as usual. |
| ea64d6 | 35 | **Important: Due to [KEYCLOAK-4270](https://issues.jboss.org/browse/KEYCLOAK-4270), you may have to select the `openid-connect` protocol when creating the client and change it after saving. This has been fixed in Keycloak 3.0.0.** |
| 0cc9a0 | 36 | As the CAS protocol does not transmit a client ID, the client will be identified by the redirect URIs (mapped to CAS service). No further configuration is necessary. |
| MP | 37 | |
| 38 | Enter `https://your.keycloak.host/auth/realms/master/protocol/cas` as the CAS URL into your SP. | |
| 39 | ||
| 1482f2 | 40 | ## Disclaimer |
| D | 41 | This plugin was implemented from scratch to comply to the official CAS protocol specification, and is based heavily on the OpenID Connect implementation in Keycloak. |
| 0cc9a0 | 42 | It is licensed under the Apache License 2.0. |
| MP | 43 | |
| 1482f2 | 44 | ## References |
| D | 45 | [1] http://www.keycloak.org |
| 46 | [2] https://issues.jboss.org/browse/KEYCLOAK-1047 (Support CAS 2.0 SSO protocol) | |
| 47 | [3] https://apereo.github.io/cas/4.2.x/protocol/CAS-Protocol-Specification.html | |
| 0cc9a0 | 48 | [4] https://keycloak.gitbooks.io/server-developer-guide/content/topics/providers.html |
