Configure CAS Authentication Source
To facilitate enterprise user authentication login, the IDaaS platform supports configuring the CAS protocol as an authentication source. Users can authenticate and log in to various application systems through the CAS protocol, achieving single sign-on effects between application systems, bringing enterprise users a simpler and more convenient login method and better user experience.
This guide explains the related operations for configuring a CAS authentication source.
Prerequisites
- Permissions for the third-party identity provider (IDP) application system, and the IDP supports CAS authentication.
- Administrator permissions for the IDaaS Enterprise Center.
Procedure
Third-Party CAS Authentication Platform Configuration
On the third-party platform, create an application with CAS as the access method, and complete the application's basic information. For details, refer to the documentation of each platform.
Configure the application's callback URL. Obtain this from the service address in the CAS Authentication Source in the IDaaS Enterprise Center.

Grant users access to the newly created application.
Configure CAS Authentication Source in IDaaS
Log in to the IDaaS Enterprise Center, choose Authentication > Authentication Source Management from the top navigation bar, enter the CAS authentication source page, and click Add Authentication Source.

Configure the CAS authentication source parameters as prompted. Key parameters are described below.

TIP
- Validation Address: Different protocol versions correspond to different validation addresses. Must start with
httporhttps.- CAS 1.0 validation address:
https://xxx.xxx.xxx/validate - CAS 2.0 validation address:
https://xxx.xxx.xxx/serviceValidate - CAS 3.0 validation address:
https://xxx.xxx.xxx/p3/serviceValidate
- CAS 1.0 validation address:
- When User Not Associated: When the authentication source attributes of the user information returned by the third-party platform do not match the associated user attributes in IDaaS, and no system user is associated, the optional configurations are as follows.
Fail: Set to Fail, meaning the user is not allowed to pass authentication.
Auto Create User: Set to Auto Create User. You can choose whether to update existing attributes, and click Add Mapping to map user attributes from the third-party platform to IDaaS user attributes based on mapping rules and associated attributes, and create the user so that the user can pass authentication.
Mapping attribute descriptions are as follows:
- User Attribute Name: Select an IDaaS user attribute from the dropdown.
- Mapping Type: Select authentication source attribute.
- Authentication Source Attribute Name: Third-party platform user attribute.
- Validation Address: Different protocol versions correspond to different validation addresses. Must start with