GitSwarm-EE 2017.1-1 Documentation


CAS OmniAuth Provider

To enable the CAS OmniAuth provider you must register your application with your CAS instance. This requires the service URL GitSwarm will supply to CAS. It should be something like: https://gitswarm.example.com:443/users/auth/cas3/callback?url. By default handling for SLO is enabled, you only need to configure CAS for backchannel logout.

  1. On your GitSwarm server, open the configuration file.

    For package installation:

      sudo editor /etc/gitswarm/gitswarm.rb

    For source installations:

      cd /home/git/gitlab
    
      sudo -u git -H editor config/gitlab.yml
  2. See Initial OmniAuth Configuration for initial settings.

  3. Add the provider configuration:

    For package installation:

      gitlab_rails['omniauth_providers'] = [
        {
            "name"=> "cas3",
            "label"=> "cas",
            "args"=> {
                "url"=> 'CAS_SERVER',
                "login_url"=> '/CAS_PATH/login',
                "service_validate_url"=> '/CAS_PATH/p3/serviceValidate',
                "logout_url"=> '/CAS_PATH/logout'
            }
        }
      ]

    For source installations:

      - { name: 'cas3',
          label: 'cas',
          args: {
                  url: 'CAS_SERVER',
                  login_url: '/CAS_PATH/login',
                  service_validate_url: '/CAS_PATH/p3/serviceValidate',
                  logout_url: '/CAS_PATH/logout'} }
  4. Change 'CAS_PATH' to the root of your CAS instance (ie. cas).

  5. If your CAS instance does not use default TGC lifetimes, update the cas3.session_duration to at least the current TGC maximum lifetime. To explicitly disable SLO, regardless of CAS settings, set this to 0.

  6. Save the configuration file.

  7. Run gitswarm-ctl reconfigure for the package installation.

  8. Restart GitSwarm for the changes to take effect.

On the sign in page there should now be a CAS tab in the sign in form.