diff options
| author | Achilleas Pipinellis <axilleas@axilleas.me> | 2015-12-25 01:31:02 +0200 |
|---|---|---|
| committer | Achilleas Pipinellis <axilleas@axilleas.me> | 2015-12-25 01:31:02 +0200 |
| commit | d18fd3f6489ad2a8065f8ddd80ca51100eb50b5e (patch) | |
| tree | 1e809b9c4f694e20e9cc7dff06a9cb7f2f56aef2 /doc/integration/cas.md | |
| parent | e74affcfa84acaddc236d6dfed7be1a61470dc0e (diff) | |
| parent | 350d65503f0fa34ae397942578c5ea8b2a46a629 (diff) | |
| download | gitlab-ce-ci_triggers_docs.tar.gz | |
Merge branch 'master' into ci_triggers_docsci_triggers_docs
Diffstat (limited to 'doc/integration/cas.md')
| -rw-r--r-- | doc/integration/cas.md | 62 |
1 files changed, 62 insertions, 0 deletions
diff --git a/doc/integration/cas.md b/doc/integration/cas.md new file mode 100644 index 00000000000..e6b2071f193 --- /dev/null +++ b/doc/integration/cas.md @@ -0,0 +1,62 @@ +# CAS OmniAuth Provider + +To enable the CAS OmniAuth provider you must register your application with your CAS instance. This requires the service URL GitLab will supply to CAS. It should be something like: `https://gitlab.example.com:443/users/auth/cas3/callback?url`. By default handling for SLO is enabled, you only need to configure CAS for backchannel logout. + +1. On your GitLab server, open the configuration file. + + For omnibus package: + + ```sh + sudo editor /etc/gitlab/gitlab.rb + ``` + + For installations from source: + + ```sh + cd /home/git/gitlab + + sudo -u git -H editor config/gitlab.yml + ``` + +1. See [Initial OmniAuth Configuration](omniauth.md#initial-omniauth-configuration) for initial settings. + +1. Add the provider configuration: + + For omnibus package: + + ```ruby + gitlab_rails['omniauth_providers'] = [ + { + name: "cas3", + label: "cas", + args: { + url: 'CAS_SERVER', + login_url: '/CAS_PATH/login', + service_validate_url: '/CAS_PATH/p3/serviceValidate', + logout_url: '/CAS_PATH/logout'} } + } + } + ] + ``` + + For installations from source: + + ``` + - { name: 'cas3', + label: 'cas', + args: { + url: 'CAS_SERVER', + login_url: '/CAS_PATH/login', + service_validate_url: '/CAS_PATH/p3/serviceValidate', + logout_url: '/CAS_PATH/logout'} } + ``` + +1. Change 'CAS_PATH' to the root of your CAS instance (ie. `cas`). + +1. If your CAS instance does not use default TGC lifetimes, update the `cas3.session_duration` to at least the current TGC maximum lifetime. To explicitly disable SLO, regardless of CAS settings, set this to 0. + +1. Save the configuration file. + +1. Restart GitLab for the changes to take effect. + +On the sign in page there should now be a CAS tab in the sign in form. |