From 5dc37d4fb29bf999476e3f6c22a5d1b30c2e1d0a Mon Sep 17 00:00:00 2001 From: Jacek Kowalski <Jacek@jacekk.info> Date: Wed, 06 May 2020 01:35:43 +0000 Subject: [PATCH] Update README to match forked repo URLs, remove outdated text --- README.md | 58 +++++++++++++++++++++++++++++++++++++++++----------------- 1 files changed, 41 insertions(+), 17 deletions(-) diff --git a/README.md b/README.md index 528d7d0..87b69d4 100644 --- a/README.md +++ b/README.md @@ -1,36 +1,60 @@ # keycloak-protocol-cas -This plugin for Keycloak Identity and Access Management (http://www.keycloak.org) adds the CAS 3.0 SSO protocol as an available client protocol to the Keycloak system. It implements the required Service Provider Interfaces (SPIs) for a Login Protocol and will be picked up and made available by Keycloak automatically once installed. -# Features +This plugin for Keycloak Identity and Access Management (http://www.keycloak.org) adds the CAS 3.0 SSO protocol +as an available client protocol to the Keycloak system. It implements the required Service Provider Interfaces (SPIs) +for a Login Protocol and will be picked up and made available by Keycloak automatically once installed. + + + +## Features + The following CAS features are currently implemented: * CAS 1.0/2.0/3.0 compliant Login/Logout and Service Ticket Validation +* Single Logout (SLO) * Filtering of provided `service` against configured redirect URIs * JSON and XML response types * Mapping of custom user attributes to CAS assertion attributes -The following features are **curently missing**: -* Proxy ticket service and proxy ticket validation [CAS 2.0] -* Long-Term Tickets - Remember-Me [CAS 3.0 - optional] +The following features are **missing**: * SAML request/response [CAS 3.0 - optional] +* Proxy ticket service and proxy ticket validation [CAS 2.0] -# Installation -1. Clone or download this repository (pre-compiled releases will follow!) -2. Run `mvn package` to build the plugin JAR -3. Copy the JAR file generated in the `target` folder into the `providers` directory in your Keycloak server's root -4. Restart Keycloak +The following features are out of scope: +* Long-Term Tickets - Remember-Me [CAS 3.0 - optional] -# Configuration -To use the new protocol, you have to create a client within Keycloak as usual. -**Important: Due to [KEYCLOAK-4270](https://issues.jboss.org/browse/KEYCLOAK-4270), you have to select the `openid-connect` protocol when creating the client and change it after saving.** -As the CAS protocol does not transmit a client ID, the client will be identified by the redirect URIs (mapped to CAS service). No further configuration is necessary. +## Compatibility + +The CAS plugin has been tested against the same Keycloak version as the plugin version. + +As a rule of thumb plugin version should **match your Keycloak version**. + +## Installation + +Installation of a compatible plugin version is simple and can be done without a Keycloak server restart. + +1. Download the latest release compatible with your Keycloak version from the [releases page](https://github.com/jacekkow/keycloak-protocol-cas/releases). +2. Copy the JAR file into the `standalone/deployments` directory in your Keycloak server's root. + +Remember to update plugin artifact with each Keycloak server upgrade! + +## Configuration + +To use the new protocol, you have to create a client within Keycloak as usual, selecting `cas` as protocol. +As there is no client ID indication in protocol, the client will be identified by the redirect URIs +configured in Keycloak. Enter `https://your.keycloak.host/auth/realms/master/protocol/cas` as the CAS URL into your SP. -# Disclaimer -This plugin was implemented from scratch to comply to the official CAS protocol specification, and is based heavily on the OpenID Connect implementation in Keycloak. +## Disclaimer + +This plugin was implemented from scratch to comply to the official CAS protocol specification, +and is based heavily on the OpenID Connect implementation in Keycloak. It is licensed under the Apache License 2.0. -# References +This repo is a fork of https://github.com/Doccrazy/keycloak-protocol-cas +and includes changes for Keycloak 8 and newer that were not merged by the owner for half a year. + +## References [1] http://www.keycloak.org [2] https://issues.jboss.org/browse/KEYCLOAK-1047 (Support CAS 2.0 SSO protocol) [3] https://apereo.github.io/cas/4.2.x/protocol/CAS-Protocol-Specification.html -- Gitblit v1.9.1