CAS Configuration

Follow

CAS (Central Authentication System) is an identity provider than can be integrated into Ensemble Video for a single sign-on user experience.

Prerequisites on CAS Server

  • SAML 11 Support is required
  • Must release attributes for givenName, surname, email, primary role

Prerequisites on Ensemble Server

  • Must have Ensemble 4.2 or higher

Ensemble 4.2 and higher will create a top level folder in IIS called “CAS”. This folder will contain a web.config file that will be used to configure CAS for your installation.

Web.Config Setup

Locate and edit the web.config file (i.e. C:\inetpub\wwwroot\ensemble\cas). Web.config contains CAS Auth Settings, at minimum you must configure:

  • casServerLoginUrl = "https://casserver.mydomain.edu:8443/cas/login" (url to login on cas server)
  • casServerUrlPrefix = "https://casserver.mydomain.edu:8443/cas" (root of cas server app)
  • serverName = "https://ensemble.mydomain.edu" (root of ensemble server)
  • ticketValidatorName = "SamIll" (Only SamIll will release attributes)

Application Settings in web.config:

  • ManualRedirectForTroubleshooting = If “true” system will display CAS information on the page and you must manually complete the transfer to ensemble (click a link).

casClientConfig casServerLoginUrl="https://casserver.mydomain.edu:8443/cas/login" casServerUrlPrefix="https://casserver.mydomain.edu:8443/cas" serverName="https://ensemble.mydomain.edu ticketValidatorName="Saml11"

Ensemble Setup 

  • Create CAS identity provider. Domain/CAS or wherever you setup the IIS application
  • Setup a least one provisioning rule so that the identity can be created in ensemble and set to a library
  • Brand home page to point to CAS auth (https://ensemble.mydomain.edu/cas)

Notes

  • Multiple-institution support comes from multiple copies of https://ensemble-root/cas https://ensemble-root/cas2 etc... Each would have a separate web.config and CAS settings in each, pointing back to their respective CAS server
  • Attribute support is required, which means CAS auth with Samlil protocol

Step by Step : How It Works

  1. Entry page (Institution Branded page, perhaps) redirects to https://ensemble.mydomain.edu/cas
  2. https://ensemble.mydomain.edu/cas starts CAS auth
    • Based on settings in web.config for the CAS application, redirects the institutional CAS server, as set in the web.config
  3. End-user authenticates to the institutional CAS server, and on auth success redirects back to https://ensemble.mydomain.edu/cas
  4. https://ensemble/cas
    • Groks the CAS attributes creating a CasAssertionModel, (required because ensemble needs provisioning)
    • Sets an ensemble authentication cookie
    • Redirects to https://ensemble.mydomain.edu/app/casauth/
  5. https://ensemble.mydomain.edu/app/casauth
    • Performs provisioning based on rules and the attributes in the CasAssertionModel
    • Sets an ensemble authentication cookie
    • Redirects to the user's default library
0 out of 0 found this helpful