Table of Contents
Advertisement
Once primary authentication is complete, the CAS redirects the user's browser back to
the application from which it came adding the ticket as a request parameter.
The application service just needs to validate the ticket once it receives it. It does so by
passing it as the ticket parameter to the validation URL. Users can log out using the
optional logout URL.
Note: You may need to set up the BSC to communicate with a CAS authentication server
over Secure Sockets Layer (SSL). To do so, you must first upload the appropriate
certificate(s) to the BSC as described in "Configuring External Server Authentication Over
SSL" on page 10-21 before following the steps in this section to set up the CAS
authentication server.
To configure an external CAS authentication server and define the rules used for
authentication:
Displaying the
Click the User authentication tab in the BSC administrator console.
1.
New CAS
Select External CAS Authentication from the Create drop-down list on the User
2.
server page
authentication page.
The New CAS server page appears as shown in Figure 6-12.
Enable server
The Enable checkbox is marked by default to make the server available for user
authentication.
Name
Enter a meaningful name for the external CAS authentication server.
CAS server
CAS login only (Optional): Mark this checkbox to present users with the CAS login
1.
settings
screen.
Leave this option unchecked to present users with a customized login screen.
Login URL: Enter the complete URL of the login server for the CAS server.
2.
Logout URL: Enter the complete logout URL for the CAS server.
3.
Server address: Enter the CAS key server IP address.
4.
Port: Enter port on which the CAS key server is communicating.
5.
The default value is 443.
Enter the CAS server validation URL in the Validate URL field.
6.
7.
Trusted CA certificates: Add the trusted certificate authority certificate(s) the BSC is to
use from the Available CA certificates list.
Note: See "Digital Certificates" on page 10-20 for information about uploading
digital certificates to the BSC.
Accounting
To enable RADIUS accounting for this server, select the name of the external RADIUS
accounting server from the Accounting server drop-down list.
See "RADIUS Accounting" on page 7-1 to configure a new RADIUS accounting server for
selection in the drop-down list.
Alternatively, you can select the Create... option to open a window that enables you to
configure a new RADIUS accounting server. After you save the server information, you
are returned to the New CAS server page where you can select the RADIUS accounting
server from the drop-down list.
Mapping CAS
Define the rules to determine if the user is authenticated.For each rule:
1.
attributes to
a)
roles
b)
BlueSecure™ Controller Setup and Administration Guide
Enter the appropriate CAS attribute in the Attribute field.
Select the appropriate logic operator (equal to, not equal to, starts with, ends
with, contains, or [is a role]) from the Logic drop-down list.
CAS Authentication
6-31
Advertisement
Table of Contents
