- Getting Started
-
Administration Guide
- Get Started with Administering Wyn Enterprise
- Configuration Settings
- Account Management
- Security Management
- System Management
- Document Management
- How To and Troubleshooting
- User Guide
- Developer Guide
CAS Authentication Server
CAS is a SSO protocol that permits a user to access multiple applications by providing their credentials (username and password) only once. CAS allows web applications to authenticate users without gaining access to the user's security credentials such as their password.
To enhance data security, on logging out from the CAS Authentication server, users are automatically logged out from the Wyn Enterprise application.
Note:
1. You need to manually assign the Organizations, Roles, and Permissions to your users logging in to the Wyn Enterprise application using SSO.
2. You cannot generate tokens for the users logging in using SSO.
Before configuring SSO, make sure that you have installed the Wyn Enterprise application version 6.0 or above and have access to the CAS Authentication Server.
Follow the below instructions to configure SSO with CAS Authentication Server,
Configuration Node Management
Add the SSO configuration node to the Wyn configuration file, Wyn.conf, and ensure the following,
AuthenticationProtocol option must be CAS.
Scheme is optional. If not specified in the configuration file, the value of the Scheme option will be set to CAS, by default.
Disabled option is used to disable the SSO function.
CasServerUrlBase option uses the base URL of the CAS server which is mandatory and must be provided by you.
<Server> <Authentication> <SSO> <AuthenticationProtocol>CAS</AuthenticationProtocol> <Scheme>GroupOA</Scheme> <Disabled>false</Disabled> <CasServerUrlBase>http://auth.groupa.net:****</CasServerUrlBase> <Scopes> <sys:string>openid</sys:string> </Scopes> <EnableSLO>true</EnableSLO> <ClaimMappings> <sys:Item> <Key>sub</Key> <Value>sub</Value> </sys:Item> <sys:Item> <Key>profile</Key> <Value>name</Value> </sys:Item> <sys:Item> <Key>email</Key> <Value>email_address</Value> </sys:Item> <sys:Item> <Key>phone</Key> <Value>phone_number</Value> </sys:Item> <sys:Item> <Key>address</Key> <Value>address</Value> </sys:Item> </ClaimMappings> </SSO> </Authentication> </Server>
Single Logout (SLO)
To disable SLO from CAS Authentication Server when users log out from the Wyn Enterprise application, set the SSO:EnableSLO property to False. By default, this value is set to True.
<Server>
<Authentication>
<SSO>
...
<EnableSLO>false</EnableSLO>
...
</SSO>
</Authentication>
</Server>
If you want your users to log out from the Wyn Enterprise application only when they log out from CAS Authentication Server, add the following configurations in CAS Server's Service Definition File (located in the CAS Authentication Server),
"logoutType": "BACK\_CHANNEL",
"logoutUrl": "{wyn\_url}/account/cas-slo"\
See the Additional SSO Settings section of the Configure Single sign-on help doc for information on configuring the cookies and incognizant user login options.
Note: If the logout URL is not set as the default value (SSO:CasServerUrlBase/logout)*, you need to specify the SSO:CasServerLogoutUrl.