| | |
| | | |
| | | The following features are **missing**: |
| | | * SAML request/response [CAS 3.0 - optional] |
| | | * Proxy ticket service and proxy ticket validation [CAS 2.0] |
| | | |
| | | The following features are out of scope: |
| | | * Long-Term Tickets - Remember-Me [CAS 3.0 - optional] |
| | |
| | | |
| | | ## Installation |
| | | |
| | | Installation of a compatible plugin version is simple and can be done without a Keycloak server restart. |
| | | Quarkus is the default distribution method of Keycloak 17.0.0 and newer. For legacy installations using WildFly, please refer to the [old README](https://github.com/jacekkow/keycloak-protocol-cas/blob/16.1.1/README.md). |
| | | |
| | | 1. Download the latest release compatible with your Keycloak version from the [releases page](https://github.com/jacekkow/keycloak-protocol-cas/releases). |
| | | 2. Copy the JAR file into the `standalone/deployments` directory in your Keycloak server's root. |
| | | 2. Put the downloaded JAR file into the `providers/` directory inside Keycloak installation folder. If necessary, adjust the permissions/ownership so that the user Keycloak runs as is able to read this file. |
| | | 3. Stop the Keycloak server. |
| | | 4. (Re-)build the installation using `kc.sh build` command. |
| | | 5. Start the Keycloak: `kc.sh start` |
| | | |
| | | Remember to update plugin artifact with each Keycloak server upgrade! |
| | | |
| | |
| | | As there is no client ID indication in protocol, the client will be identified by the redirect URIs |
| | | configured in Keycloak. |
| | | |
| | | Enter `https://your.keycloak.host/auth/realms/master/protocol/cas` as the CAS URL into your SP. |
| | | Enter `https://your.keycloak.host/realms/master/protocol/cas` as the CAS URL into your SP. |
| | | This assumes that you use the default `master` realm - if not, modify the URL accordingly. |
| | | |
| | | Note that some client implementations require you to enter login and validate URLs, not CAS URL! |
| | | This manifests with "Page Not Found" error on login attempt |
| | | (see [issue #27](https://github.com/jacekkow/keycloak-protocol-cas/issues/27) for example). |
| | | In such case append `/login` to the CAS URL to get the "login URL". |
| | | Similarly append `/serviceValidate` to get the "validate URL". |
| | | |
| | | ## Disclaimer |
| | | |
| | |
| | | and includes changes for Keycloak 8 and newer that were not merged by the owner for half a year. |
| | | |
| | | ## References |
| | | [1] http://www.keycloak.org |
| | | |
| | | [1] https://www.keycloak.org/ |
| | | [2] https://issues.jboss.org/browse/KEYCLOAK-1047 (Support CAS 2.0 SSO protocol) |
| | | [3] https://apereo.github.io/cas/4.2.x/protocol/CAS-Protocol-Specification.html |
| | | [4] https://keycloak.gitbooks.io/server-developer-guide/content/topics/providers.html |