Tutorial
CAS SSO
iManager supports CAS single sign on. CAS (Central Authentication Service) is a Java Open-source project launched by the University of Yale to build Web SSO. When you configure single sign-on, you need to set up CAS authentication server, which is responsible for the completion of user information identification and can be configured in the configuration file.
CAS SSO Introduction
In a perfect GIS system, there may be many servers working together, with iportal and multiple iserver nodes. While accessing to these GIS service nodes, it requires frequent switching between products and nodes. Typically, the accounts of the various GIS server nodes are different, and it is very difficult to remember these usernames and passwords. If you deliberately set the same password for these different GIS server nodes, then the security is further reduced. Moreover, switching among nodes frequently is a waste of time.
Single sign-on is designed to solve these problems. The Single Sign On, SSO refers to Web SSO.
Configure CAS SSO
In the iManager package, configure the .env configuration file in the/opt/imanager directory to add the following configuration information.
CAS_LOGIN_URL=http://demo.cubic.com:8088/cas/login
CAS_ROLE_ATTRIBUTES=role
CAS_PROTOCOL=SAML
CAS_ADMIN_ROLES=cas_SYSTEM
CAS_LOGIN_ENABLE=true
Note:
Add the above configuration information (for example), restart iManager to enable CAS authentication login for iManager. If CAS login validation passed, it will automatically jump to the iManager interface.
- CAS_LOGIN_URL: The configured CAS server address. For example:
http://demo.cubic.com:8088/cas/login
. - CAS_ROLE_ATTRIBUTES: CAS user property field, which is the identity field for the user identity in CAS. It can be set by users, such as role.
- CAS_PROTOCOL: CAS authentication protocol. The default is SAML, and if no special requirement are required, no modification is recommended. Supported protocols: CAS10, CAS20, CAS20_PROXY, CAS30, CAS30_PROXY and SAML.
- CAS_ADMIN_ROLES: If the value for “role” is cas_SYSTEM, the user has iManager administrator permissions; if the value of “role” is not cas_SYSTEM, then the user has normal user permissions for iManager. Here cas_SYSTEM is an example.
- CAS_LOGIN_ENABLE: Whether to start CAS single sign-on, and the default is False. When set to True, click the “Use CAS login” button to jump to the CAS login page.
Use CAS SSO
When you start iManager again, the login page will display the “Use CAS Login” button as shown in the figure.
Click the “Use CAS Login” button to enter the CAS login page, enter a username and password to successfully login the iManager interface.