cas.md 2.29 KB
Newer Older
Craig Norris's avatar
Craig Norris committed
1
---
Kati Paizee's avatar
Kati Paizee committed
2 3
stage: Ecosystem
group: Integrations
4
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
Craig Norris's avatar
Craig Norris committed
5 6
---

7
# CAS OmniAuth Provider **(FREE)**
tduehr's avatar
tduehr committed
8

Mike Russo's avatar
Mike Russo committed
9 10 11 12 13
To enable the CAS OmniAuth provider you must register your application with your
CAS instance. This requires the service URL GitLab supplies to CAS. It should be
something like: `https://gitlab.example.com:443/users/auth/cas3/callback?url`.
Handling for Single Logout (SLO) is enabled by default, so you only have to
configure CAS for back-channel logout.
tduehr's avatar
tduehr committed
14

15
1. On your GitLab server, open the configuration file.
tduehr's avatar
tduehr committed
16

17
   For Omnibus package:
tduehr's avatar
tduehr committed
18

19
   ```shell
20 21
   sudo editor /etc/gitlab/gitlab.rb
   ```
tduehr's avatar
tduehr committed
22

23
   For installations from source:
tduehr's avatar
tduehr committed
24

25
   ```shell
26
   cd /home/git/gitlab
tduehr's avatar
tduehr committed
27

28 29
   sudo -u git -H editor config/gitlab.yml
   ```
tduehr's avatar
tduehr committed
30

31
1. See [Initial OmniAuth Configuration](omniauth.md#initial-omniauth-configuration) for initial settings.
tduehr's avatar
tduehr committed
32

33
1. Add the provider configuration:
tduehr's avatar
tduehr committed
34

35
   For Omnibus package:
tduehr's avatar
tduehr committed
36

37 38 39 40 41 42 43 44 45 46 47 48 49 50
   ```ruby
   gitlab_rails['omniauth_providers'] = [
     {
         "name"=> "cas3",
         "label"=> "cas",
         "args"=> {
             "url"=> 'CAS_SERVER',
             "login_url"=> '/CAS_PATH/login',
             "service_validate_url"=> '/CAS_PATH/p3/serviceValidate',
             "logout_url"=> '/CAS_PATH/logout'
         }
     }
   ]
   ```
tduehr's avatar
tduehr committed
51

52
   For installations from source:
tduehr's avatar
tduehr committed
53

54
   ```yaml
55 56 57
   - { name: 'cas3',
       label: 'cas',
       args: {
58 59 60 61
         url: 'CAS_SERVER',
         login_url: '/CAS_PATH/login',
         service_validate_url: '/CAS_PATH/p3/serviceValidate',
         logout_url: '/CAS_PATH/logout' } }
62
   ```
tduehr's avatar
tduehr committed
63

Amy Qualls's avatar
Amy Qualls committed
64
1. Change 'CAS_PATH' to the root of your CAS instance (such as `cas`).
tduehr's avatar
tduehr committed
65

66
1. If your CAS instance does not use default TGC lifetimes, update the `cas3.session_duration` to at least the current TGC maximum lifetime. To explicitly disable SLO, regardless of CAS settings, set this to 0.
tduehr's avatar
tduehr committed
67

68
1. Save the configuration file.
tduehr's avatar
tduehr committed
69

70 71 72
1. [Reconfigure](../administration/restart_gitlab.md#omnibus-gitlab-reconfigure) or
   [restart GitLab](../administration/restart_gitlab.md#installations-from-source) for the changes to
   take effect if you installed GitLab via Omnibus or from source respectively.
tduehr's avatar
tduehr committed
73

Douwe Maan's avatar
Douwe Maan committed
74
On the sign in page there should now be a CAS tab in the sign in form.