SCM-Manager CAS Plugin
CAS, the "Central Authentication Service", is an authentication server based on secured communication. It can be used in two different ways: as an authentication server, or as a SingleSignOn (SSO) server. If you use it as a "simple" authentication server it works just like "LDAP" or "Active Directory". In case you use it as a SSO server, it can be the key stone to your SSO system. We developed the plugin for the SSO system of SCM-Manager Universe
A SSO system allows users to access multiple applications by providing login credentials just once. After the initial login a token for this user is being created. If the user invokes another tool this token is being recognized and he or she is being logged in automatically. After logging out of one of the connected tools this token gets destroyed, therefore providing login credentials is necessary again. The CAS server can be configured to use other authentication servers for authentication. Hence you can implement a SSO system on top of your existing authentication system. The following image shows the process in general:
After installing the scm-cas-plugin you have to configure it in the "Config > General" screen. There you need to provide these information.
If checked, the plugin is activated. In case it is active SCM-Manager uses the CAS login screen for authentication.
Allowed time difference in miliseconds between CAS server time and system time.
CAS Server URL
Location of your CAS server.
The name of the attributes "Username", "Display name", "Email" and "Group" that are configured in CAS. In these four fields you can perform the mapping between SCM-Manager and CAS.
If the CAS plugin is used with SCM-Manager versions prior to 1.36 a conflict in the authentication chain can occur. In this case it is recommended to deactivate all other authentication plugins and to configure the used CAS server to use multiple authentication sources. From SCM-Manager 1.36 on it is recommended to use the SCM-Manager option for skipping an authentication source after an unsuccessful login attempt.