CAS Configuration


CAS (Central Authentication System) is an identity provider than can be integrated into Ensemble Video for a single sign-on user experience.

Prerequisites on CAS Server

  • SAML 11 Support is required
  • Must release attributes for givenName, surname, email, primary role

Prerequisites on Ensemble Server

  • Must have Ensemble 4.2 or higher

Ensemble 4.2 and higher will create a top level folder in IIS called “CAS”. This folder will contain a web.config file that will be used to configure CAS for your installation.

Web.Config Setup

Locate and edit the web.config file (i.e. C:\inetpub\wwwroot\ensemble\cas). Web.config contains CAS Auth Settings, at minimum you must configure:

  • casServerLoginUrl = "" (url to login on cas server)
  • casServerUrlPrefix = "" (root of cas server app)
  • serverName = "" (root of ensemble server)
  • ticketValidatorName = "SamIll" (Only SamIll will release attributes)

Application Settings in web.config:

  • ManualRedirectForTroubleshooting = If “true” system will display CAS information on the page and you must manually complete the transfer to ensemble (click a link).

casClientConfig casServerLoginUrl="" casServerUrlPrefix="" serverName=" ticketValidatorName="Saml11"

Ensemble Setup 

  • Create CAS identity provider. Domain/CAS or wherever you setup the IIS application
  • Setup a least one provisioning rule so that the identity can be created in ensemble and set to a library
  • Brand home page to point to CAS auth (


  • Multiple-institution support comes from multiple copies of https://ensemble-root/cas https://ensemble-root/cas2 etc... Each would have a separate web.config and CAS settings in each, pointing back to their respective CAS server
  • Attribute support is required, which means CAS auth with Samlil protocol

Step by Step : How It Works

  1. Entry page (Institution Branded page, perhaps) redirects to
  2. starts CAS auth
    • Based on settings in web.config for the CAS application, redirects the institutional CAS server, as set in the web.config
  3. End-user authenticates to the institutional CAS server, and on auth success redirects back to
  4. https://ensemble/cas
    • Groks the CAS attributes creating a CasAssertionModel, (required because ensemble needs provisioning)
    • Sets an ensemble authentication cookie
    • Redirects to
    • Performs provisioning based on rules and the attributes in the CasAssertionModel
    • Sets an ensemble authentication cookie
    • Redirects to the user's default library
0 out of 0 found this helpful