Configure CAS Single Sign On Authentication (SSO)

Documentation
Premium Feature — Available in the Professional, Professional Plus, and Enterprise Editions. Learn more or contact LabKey.

Central Authentication Service (CAS) is an open-source authentication server that lets a user sign on to multiple applications while providing their credentials only once to a centralized CAS Server. Enabling CAS authentication lets LabKey Server authenticate users using a CAS server, without users providing their credentials directly to LabKey Server. CAS integration currently supports CAS Protocol 3.0 and requires an email attribute returned in the validation response XML.

You can also configure LabKey Server as a CAS Identity Provider, to which other servers can delegate authentication. For details see Configure CAS Identity Provider.

Note that netrc authentication and basic HTTP authentication are disabled if SSO authentication is enabled. API session keys are required for using the LabKey APIs when SSO is enabled.

Enable CAS Single Sign On

To enable CAS single sign on:

  • Select (Admin) > Site > Admin Console.
  • Click the Admin Console Links tab.
  • Under Configuration, click Authentication.
  • On the Authentication page, next to CAS, click Enable.

To complete the setup for CAS single sign on authentication, you need to provide a URL to a pre-existing CAS server and sign on logos. These steps are described below.

Specify a CAS Server

To specify a CAS single sign on server:

  • If you are not still on the authentication page, select (Admin) > Site > Admin Console, click the Admin Console Links tab, and click Authentication.
  • On the Authentication page, next to CAS, click Configure.
  • Next to CAS Server URL, enter a pre-existing CAS server URL. The URL should start with "https://" and end with "/cas"
  • Click Save.

Single Sign On Logo

The logos, which can be displayed on either the header area or on the login page, signals to users that single sign on is available. When the logo is clicked, LabKey Server will attempt to authenticate the user against the CAS server.

To upload logos:

  • If you are not still on the authentication page, select (Admin) > Site > Admin Console, click the Admin Console Links tab, and click Authentication.
  • On the Authentication page, next to CAS, click Pick Logos.
  • Click Choose File to upload header and login page logos.
  • Click Save.

Click Done when you have completed CAS configuration.

Related Topics

Discussion

previousnext
 
expand all collapse all