Employee Management
Configure Authentication Methods
Single Sign-On Integration
Manage Enterprise Device Login
User Authorization
Permission Review
Data Sync
Cloud Bridge Agent
Customize Login/Registration Pages
Customize Notification Methods and Templates
Configure Security Information
Develop Dynamic Scripts in Mapping Definitions
Todo/Notification Integration
Approval Flow Configuration
Monitoring & Maintenance
Plugin Installation
Automation
Application Security Gateway
Third-party Platform SSO to IDaaS

Configuring CAS Authentication Source

Authentication Source

# Overview

To facilitate authentication and login for enterprise users, the IDaaS platform supports configuring the CAS protocol as an authentication source. Users can authenticate and log in to various application systems via the CAS protocol and achieve single sign-on (SSO) between application systems, providing enterprise users with a simpler and more convenient login method and a better user experience.

This section introduces the relevant operations for configuring a CAS authentication source.

# Prerequisites

Have permissions for the application system of a third-party Identity Provider (IDP), and that identity provider supports CAS authentication.
Have administrator permissions for the IDaaS Enterprise Center platform.

# Steps

# Third-party CAS Authentication Platform Configuration

Create an application with the CAS access method on the third-party platform, and complete the basic information of the application. For detailed operations, please refer to the relevant documentation of each platform.
Configure the application's callback address. Please obtain the service address from the "CAS Authentication Source" in the IDaaS Enterprise Center platform.
Grant users access permissions to the newly created application.

# Configuring CAS Authentication Source on IDaaS Platform

Log in to the IDaaS Enterprise Center platform, select "Authentication > Authentication Source Management" from the top navigation bar, go to the CAS authentication source page, and click "Add Authentication Source".
Configure the CAS authentication source parameters according to the interface prompts. Key parameter descriptions are as follows.
- Validation Address: The validation address varies depending on the protocol version. It should start with http or https.
  - For CAS1.0, the validation address is: https://xxx.xxx.xxx/validate
  - For CAS2.0, the validation address is: https://xxx.xxx.xxx/serviceValidate
  - For CAS3.0, the validation address is: https://xxx.xxx.xxx/p3/serviceValidate
- When No User is Associated: This refers to when the authentication source attributes of the user information returned by the third-party platform do not match the associated user attributes in IDaaS, and no system user is associated. The available configuration options are as follows.
  - Fail: Set to "Fail", meaning this user is not allowed to pass authentication.
  - Automatically Create User: Set to "Automatically Create User". You can choose whether to update existing attributes. Simultaneously, click "Add Mapping" to map user attributes from the third-party platform to IDaaS user attributes according to mapping rules and associated attributes, and create the user, allowing this user to pass authentication.
    
    Mapping attribute descriptions are as follows:
    - User Attribute Name: Select the user attribute in IDaaS from the dropdown.
    - Mapping Type: Select Authentication Source Attribute.
    - Authentication Source Attribute Name: The user attribute from the third-party platform.

Configure OIDC Authentication Login Configure CAS Authentication Login