From 1cf376b3768c36548320e52b0d08391d75833af0 Mon Sep 17 00:00:00 2001 From: Matthias Piepkorn <mpiepk@gmail.com> Date: Tue, 14 Nov 2017 19:53:17 +0000 Subject: [PATCH] prepare next development version --- README.md | 47 +++++++++++++++++++++++++++++------------------ 1 files changed, 29 insertions(+), 18 deletions(-) diff --git a/README.md b/README.md index 528d7d0..75d085e 100644 --- a/README.md +++ b/README.md @@ -1,37 +1,48 @@ # keycloak-protocol-cas This plugin for Keycloak Identity and Access Management (http://www.keycloak.org) adds the CAS 3.0 SSO protocol as an available client protocol to the Keycloak system. It implements the required Service Provider Interfaces (SPIs) for a Login Protocol and will be picked up and made available by Keycloak automatically once installed. -# Features +[![Build Status](https://travis-ci.org/Doccrazy/keycloak-protocol-cas.svg?branch=master)](https://travis-ci.org/Doccrazy/keycloak-protocol-cas) + +## Features The following CAS features are currently implemented: * CAS 1.0/2.0/3.0 compliant Login/Logout and Service Ticket Validation +* Single Logout (SLO) * Filtering of provided `service` against configured redirect URIs * JSON and XML response types * Mapping of custom user attributes to CAS assertion attributes -The following features are **curently missing**: -* Proxy ticket service and proxy ticket validation [CAS 2.0] +The following features are **currently missing**: +* #2: Proxy ticket service and proxy ticket validation [CAS 2.0] +* #1: SAML request/response [CAS 3.0 - optional] + +The following features are out of scope: * Long-Term Tickets - Remember-Me [CAS 3.0 - optional] -* SAML request/response [CAS 3.0 - optional] -# Installation -1. Clone or download this repository (pre-compiled releases will follow!) -2. Run `mvn package` to build the plugin JAR -3. Copy the JAR file generated in the `target` folder into the `providers` directory in your Keycloak server's root -4. Restart Keycloak +## Installation +The CAS plugin has been tested against the following Keycloak versions. Please ensure your version is compatible before deploying. +Please report test results with other versions! -# Configuration -To use the new protocol, you have to create a client within Keycloak as usual. -**Important: Due to [KEYCLOAK-4270](https://issues.jboss.org/browse/KEYCLOAK-4270), you have to select the `openid-connect` protocol when creating the client and change it after saving.** +Plugin version | Keycloak 2.5.x | Keycloak 3.0.x | Keycloak 3.1.x | Keycloak 3.2.x +------------ | ------------- | ------------- | ------------- | ------------- +1.0.0 | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: + +1. Download the latest release compatible with your Keycloak version from the [releases page](https://github.com/Doccrazy/keycloak-protocol-cas/releases) +2. Copy the JAR file into the `standalone/deployments` directory in your Keycloak server's root +3. Restart Keycloak (optional, hot deployment should work) + +## Configuration +To use the new protocol, you have to create a client within Keycloak as usual. +**Important: Due to [KEYCLOAK-4270](https://issues.jboss.org/browse/KEYCLOAK-4270), you may have to select the `openid-connect` protocol when creating the client and change it after saving. This has been fixed in Keycloak 3.0.0.** As the CAS protocol does not transmit a client ID, the client will be identified by the redirect URIs (mapped to CAS service). No further configuration is necessary. Enter `https://your.keycloak.host/auth/realms/master/protocol/cas` as the CAS URL into your SP. -# Disclaimer -This plugin was implemented from scratch to comply to the official CAS protocol specification, and is based heavily on the OpenID Connect implementation in Keycloak. +## Disclaimer +This plugin was implemented from scratch to comply to the official CAS protocol specification, and is based heavily on the OpenID Connect implementation in Keycloak. It is licensed under the Apache License 2.0. -# References -[1] http://www.keycloak.org -[2] https://issues.jboss.org/browse/KEYCLOAK-1047 (Support CAS 2.0 SSO protocol) -[3] https://apereo.github.io/cas/4.2.x/protocol/CAS-Protocol-Specification.html +## References +[1] http://www.keycloak.org +[2] https://issues.jboss.org/browse/KEYCLOAK-1047 (Support CAS 2.0 SSO protocol) +[3] https://apereo.github.io/cas/4.2.x/protocol/CAS-Protocol-Specification.html [4] https://keycloak.gitbooks.io/server-developer-guide/content/topics/providers.html -- Gitblit v1.9.1