CAS Integration
Last update:2024-01-02 16:06:03
Content
1. Usage Scenario
ESA allows integration with third-party identity providers using the CAS protocol, such as Okta, OneLogin, Azure AD, Ping Identity, and Authing, etc. CAS integration allows organizations to delegate user authentication to third party IDP.
2. Operation Steps
Take ID provider Authing as example to show the whole process.
Step1: Obtain the Metadata file from the IDP management portal
1)Login to IDP management portal
2)Create a self-built app and name it “CDNetworks ESA”
3)Enable CAS IDP under Protocol Configuration and get Login Endpoint/Logout Endpoint/Validation Endpoint(CAS 2.0)
Step 2: Add IDP to ESA platform
4)Login to ESA management portal, go to ID Authentication->ID Provider-> Add IdP, select CAS.
5)Fill in the basic information and configure the addresses.
Note:
- Login with Authentication Only: means call CAS to login on ESA client
- SSO: means to jump to browser to call CAS login page
- We only support CAS 2.0
6)On the authentication configuration page, enable authentication and select the user account attribute to verify the user ID. Ensure that this attribute matches the configuration on the IDP. Refer to the IDP’s documentation for details.
For example, if you will verify user with user name, set Application Name=attributes.username, and Associated IdP field set to User Attribute
IDP been added successfully
Step 3: Fill in the callback URL back to IDP platform
Step 4: Try login ESA with CAS account
8)Launch the ESA client and enter the enterprise ID.
9)Select the configured IDP, which will launch a login page in the browser. Enter your CAS account credentials to log in.
10)After filling in the credentials, users will login and access authorized applications (ensure access permissions are configured).
The end of the configuration.