cas.md 2.17 KB
Newer Older
tduehr's avatar
tduehr committed
1 2
# CAS OmniAuth Provider

Douwe Maan's avatar
Douwe Maan committed
3
To enable the CAS OmniAuth provider you must register your application with your CAS instance. This requires the service URL GitLab will supply to CAS. It should be something like: `https://gitlab.example.com:443/users/auth/cas3/callback?url`. By default handling for SLO is enabled, you only need to configure CAS for backchannel logout.
tduehr's avatar
tduehr committed
4 5 6 7 8 9 10 11 12

1.  On your GitLab server, open the configuration file.

    For omnibus package:

    ```sh
      sudo editor /etc/gitlab/gitlab.rb
    ```

Douwe Maan's avatar
Douwe Maan committed
13
    For installations from source:
tduehr's avatar
tduehr committed
14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29

    ```sh
      cd /home/git/gitlab

      sudo -u git -H editor config/gitlab.yml
    ```

1.  See [Initial OmniAuth Configuration](omniauth.md#initial-omniauth-configuration) for initial settings.

1.  Add the provider configuration:

    For omnibus package:

    ```ruby
      gitlab_rails['omniauth_providers'] = [
        {
30 31 32 33 34 35 36 37
            "name"=> "cas3",
            "label"=> "cas",
            "args"=> {
                "url"=> 'CAS_SERVER',
                "login_url"=> '/CAS_PATH/login',
                "service_validate_url"=> '/CAS_PATH/p3/serviceValidate',
                "logout_url"=> '/CAS_PATH/logout'
            }
tduehr's avatar
tduehr committed
38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59
        }
      ]
    ```

    For installations from source:

    ```
      - { name: 'cas3',
          label: 'cas',
          args: {
                  url: 'CAS_SERVER',
                  login_url: '/CAS_PATH/login',
                  service_validate_url: '/CAS_PATH/p3/serviceValidate',
                  logout_url: '/CAS_PATH/logout'} }
    ```

1.  Change 'CAS_PATH' to the root of your CAS instance (ie. `cas`).

1.  If your CAS instance does not use default TGC lifetimes, update the `cas3.session_duration` to at least the current TGC maximum lifetime. To explicitly disable SLO, regardless of CAS settings, set this to 0.

1.  Save the configuration file.

60 61
1.  [Reconfigure][] or [restart GitLab][] for the changes to take effect if you
    installed GitLab via Omnibus or from source respectively.
tduehr's avatar
tduehr committed
62

Douwe Maan's avatar
Douwe Maan committed
63
On the sign in page there should now be a CAS tab in the sign in form.
64 65

[reconfigure]: ../administration/restart_gitlab.md#omnibus-gitlab-reconfigure
66
[restart GitLab]: ../administration/restart_gitlab.md#installations-from-source