Clone wiki

scm-manager-plugins / CAS

SCM-Manager CAS Plugin

General Information

CAS, the "Central Authentication Service", is an authentication server based on secured communication. It can be used in two different ways: as an authentication server, or as a SingleSignOn (SSO) server. If you use it as a "simple" authentication server it works just like "LDAP" or "Active Directory". In case you use it as a SSO server, it can be the key stone to your SSO system. We developed the plugin for the SSO system of SCM-Manager Universe

SingleSignOn (SSO)

A SSO system allows users to access multiple applications by providing login credentials just once. After the initial login a token for this user is being created. If the user invokes another tool this token is being recognized and he or she is being logged in automatically. After logging out of one of the connected tools this token gets destroyed, therefore providing login credentials is necessary again. The CAS server can be configured to use other authentication servers for authentication. Hence you can implement a SSO system on top of your existing authentication system. The following image shows the process in general:

Login Mechanism

Configuration

After installing the scm-cas-plugin you have to configure it in the "Config > General" screen. There you need to provide these information. CAS Plugin config

Enabled

If checked, the plugin is activated. In case it is active SCM-Manager uses the CAS login screen for authentication.

Time Tolerance

Allowed time difference in miliseconds between CAS server time and system time.

CAS Server URL

Location of your CAS server.

CAS-Attributes

The name of the attributes "Username", "Display name", "Email" and "Group" that are configured in CAS. In these four fields you can perform the mapping between SCM-Manager and CAS.

Annotation

If the CAS plugin is used with SCM-Manager versions prior to 1.36 a conflict in the authentication chain can occur. In this case it is recommended to deactivate all other authentication plugins and to configure the used CAS server to use multiple authentication sources. From SCM-Manager 1.36 on it is recommended to use the SCM-Manager option for skipping an authentication source after an unsuccessful login attempt.

Updated