diff options
| author | tduehr <tduehr@gmail.com> | 2015-11-11 22:25:31 -0600 |
|---|---|---|
| committer | tduehr <tduehr@gmail.com> | 2015-12-14 21:43:41 -0600 |
| commit | 8e3f1fa629a61741282214b293c1bc9438aada59 (patch) | |
| tree | 59b128b1297955f38e895be422c9362115fd13ef /doc | |
| parent | 2b4a3bc524c0db3f6e4e3d2b2f34ec29e358b240 (diff) | |
| download | gitlab-ce-8e3f1fa629a61741282214b293c1bc9438aada59.tar.gz | |
add CAS authentication support
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/integration/cas.md | 62 |
1 files changed, 62 insertions, 0 deletions
diff --git a/doc/integration/cas.md b/doc/integration/cas.md new file mode 100644 index 00000000000..3490f6a38e0 --- /dev/null +++ b/doc/integration/cas.md @@ -0,0 +1,62 @@ +# CAS OmniAuth Provider + +To enable the CAS OmniAuth provider you must register your application with your CAS instance. This requires the service URL gitlab will supply to CAS. It should be something like: `https://gitlab.example.com:443/users/auth/cas3/callback?url`. By default handling for SLO is enabled, you only need to configure CAS for backchannel logout. + +1. On your GitLab server, open the configuration file. + + For omnibus package: + + ```sh + sudo editor /etc/gitlab/gitlab.rb + ``` + + For instalations from source: + + ```sh + cd /home/git/gitlab + + sudo -u git -H editor config/gitlab.yml + ``` + +1. See [Initial OmniAuth Configuration](omniauth.md#initial-omniauth-configuration) for initial settings. + +1. Add the provider configuration: + + For omnibus package: + + ```ruby + gitlab_rails['omniauth_providers'] = [ + { + name: "cas3", + label: "cas", + args: { + url: 'CAS_SERVER', + login_url: '/CAS_PATH/login', + service_validate_url: '/CAS_PATH/p3/serviceValidate', + logout_url: '/CAS_PATH/logout'} } + } + } + ] + ``` + + For installations from source: + + ``` + - { name: 'cas3', + label: 'cas', + args: { + url: 'CAS_SERVER', + login_url: '/CAS_PATH/login', + service_validate_url: '/CAS_PATH/p3/serviceValidate', + logout_url: '/CAS_PATH/logout'} } + ``` + +1. Change 'CAS_PATH' to the root of your CAS instance (ie. `cas`). + +1. If your CAS instance does not use default TGC lifetimes, update the `cas3.session_duration` to at least the current TGC maximum lifetime. To explicitly disable SLO, regardless of CAS settings, set this to 0. + +1. Save the configuration file. + +1. Restart GitLab for the changes to take effect. + +On the sign in page there should now be a CAS tab in the sign in form.
\ No newline at end of file |