From a3c58cbb53ee7ff752659de63118a17133be7e2b Mon Sep 17 00:00:00 2001 From: Matthias Piepkorn <mpiepk@gmail.com> Date: Tue, 25 Jul 2017 23:35:40 +0000 Subject: [PATCH] add docker-based integration test to travis (see #5) --- README.md | 43 ++++++++++++++++++++++++++++++++++++++++++- 1 files changed, 42 insertions(+), 1 deletions(-) diff --git a/README.md b/README.md index ea133ff..77bd12b 100644 --- a/README.md +++ b/README.md @@ -1 +1,42 @@ -# keycloak-protocol-cas \ No newline at end of file +# keycloak-protocol-cas +This plugin for Keycloak Identity and Access Management (http://www.keycloak.org) adds the CAS 3.0 SSO protocol as an available client protocol to the Keycloak system. It implements the required Service Provider Interfaces (SPIs) for a Login Protocol and will be picked up and made available by Keycloak automatically once installed. + +[![Build Status](https://travis-ci.org/Doccrazy/keycloak-protocol-cas.svg?branch=master)](https://travis-ci.org/Doccrazy/keycloak-protocol-cas) + +## Features +The following CAS features are currently implemented: +* CAS 1.0/2.0/3.0 compliant Login/Logout and Service Ticket Validation +* Single Logout (SLO) +* Filtering of provided `service` against configured redirect URIs +* JSON and XML response types +* Mapping of custom user attributes to CAS assertion attributes + +The following features are **currently missing**: +* #2: Proxy ticket service and proxy ticket validation [CAS 2.0] +* #1: SAML request/response [CAS 3.0 - optional] + +The following features are out of scope: +* Long-Term Tickets - Remember-Me [CAS 3.0 - optional] + +## Installation +1. Clone or download this repository (pre-compiled releases will follow!) +2. Run `mvn package` to build the plugin JAR +3. Copy the JAR file generated in the `target` folder into the `standalone/deployments` directory in your Keycloak server's root +4. Restart Keycloak (optional, hot deployment should work) + +## Configuration +To use the new protocol, you have to create a client within Keycloak as usual. +**Important: Due to [KEYCLOAK-4270](https://issues.jboss.org/browse/KEYCLOAK-4270), you have to select the `openid-connect` protocol when creating the client and change it after saving.** +As the CAS protocol does not transmit a client ID, the client will be identified by the redirect URIs (mapped to CAS service). No further configuration is necessary. + +Enter `https://your.keycloak.host/auth/realms/master/protocol/cas` as the CAS URL into your SP. + +## Disclaimer +This plugin was implemented from scratch to comply to the official CAS protocol specification, and is based heavily on the OpenID Connect implementation in Keycloak. +It is licensed under the Apache License 2.0. + +## References +[1] http://www.keycloak.org +[2] https://issues.jboss.org/browse/KEYCLOAK-1047 (Support CAS 2.0 SSO protocol) +[3] https://apereo.github.io/cas/4.2.x/protocol/CAS-Protocol-Specification.html +[4] https://keycloak.gitbooks.io/server-developer-guide/content/topics/providers.html -- Gitblit v1.9.1