System Configuration Questions

   Previous topic Next topic JavaScript is required for the print function Mail us feedback on this topic! Mail us feedback on this topic!  
hmtoggle_plus1How do I configure single sign-on using CAS?
 

Astra Schedule supports single sign-on using Central Authentication Service (CAS).  The following information will help in setting up Astra Schedule SSO using CAS.

 

NOTE:  The CAS server can be downloaded from http://www.jasig.org/cas.

 

SSO is configured using the Astra Schedule SystemSettings table.  The data must be entered manually or by executing an SQL statement. (see SQL statements below)

 

Configuration in SystemSettings Table:
 
The SQL statements displayed below are required to insert the records into the SystemSettings table.  You will need to update the value of the VALUE field (it’s commented) on the second INSERT statement to point to the CAS server.

 

security.sso.option – Disabled, CAS, CWL (case insensitive).  If this setting does not exist, it is the same as being set to Disabled.

security.sso.authenticationURL – Root URL for SSO service. Ex: http://casserver:8080/cas/

 

Passing CAS ticket from portal to Astra Schedule:
 
The portal can link to any Astra Schedule page.  It just needs to append the user’s ticket to the URL in the parameter named “ticket”.
 
Examples:
Link to Astra Schedule user’s portal page
http://astrawebserver/astraschedule/portal/default.aspx?ticket=798798SDF89009SDFSDF2JKI9F
 
Link to the Academics Main Page
http://astrawebserver/astraschedule/academics/default.aspx?ticket=798798SDF89009SDFSDF2JKI9F
 
Link to the Event List Page
http://astrawebserver/astraschedule/events/eventlist.aspx?ticket=798798SDF89009SDFSDF2JKI9F

 

General Notes:
 
The following URLs would be used by Astra Schedule to interface with CAS:
 
CAS_ticket is replaced with the ticket passed to Astra Schedule
ReturnURL is replaced with the Astra Schedule URL accessed by the user.
 
Validate Ticket Passed to Astra Schedule
http://casserver:8080/cas/serviceValidate?ticket=CAS_ticket&service=ReturnURL
 
CAS Login – if user attempt to access Astra Schedule without a CAS ticket
http://casserver:8080/cas/login?service=ReturnURL
 
If the user is authenticated by CAS but does not exist in Astra Schedule, the user allowed to access Astra Schedule as a guest user.
 
If the ticket passed to Astra Schedule is not valid, the user is directed to the Astra Schedule login page.
 
To bypass the single sign on mechanism for sites that are configured for SSO, the user may use the URL for the logon page with the nosso URL parameter.  This may be useful if there are internal users that do not use SSO.  Because of this feature, it is important to assign a strong password when creating users.
 
Ex: http://astrawebserver/Logon.aspx?nosso=

 

See below for MSSQL and Oracle versions of the SQL statements referenced above:

 

MSSQL SQL Statements

 

These SQL statements are for SQL Server and have a hard coded institution ID. The institution ID will need to be modified for your installation before using.

 

INSERT INTO SystemSettings

          (Id

          ,InstitutionId

          ,KeyName

          ,Value

          ,Description

          ,CreatedDate

          ,CreatedBy

          ,ModifiedDate

          ,ModifiedBy

          ,RowVersion

          ,IsDeleted)

    VALUES

          (newid()

          ,'580378FA-96FF-4045-A435-FCC991FF0E55'

          ,'security.sso.option'

          ,'CAS'

          ,'Single Sign On Provider'

          ,getdate()

          ,'F9817FE0-6034-44D6-8EB3-B7656EFD0AB8'

          ,getdate()

          ,'F9817FE0-6034-44D6-8EB3-B7656EFD0AB8'

          ,0

          ,0)

 

INSERT INTO SystemSettings

          (Id

          ,InstitutionId

          ,KeyName

          ,Value

          ,Description

          ,CreatedDate

          ,CreatedBy

          ,ModifiedDate

          ,ModifiedBy

          ,RowVersion

          ,IsDeleted)

    VALUES

          (newid()

          ,'580378FA-96FF-4045-A435-FCC991FF0E55'

          ,'security.sso.authenticationURL'

          ,'http://casserver/port/cas'  -- put the root url to your CAS server here

          ,'Single Sign On Authentication URL'

          ,getdate()

          ,'F9817FE0-6034-44D6-8EB3-B7656EFD0AB8'

          ,getdate()

          ,'F9817FE0-6034-44D6-8EB3-B7656EFD0AB8'

          ,0

          ,0)

 

Oracle SQL Statements

 

These SQL statements are for Oracle and have a hard coded institution ID. The institution ID will need to be modified for your installation before using.

 

INSERT INTO SystemSettings

          (Id

          ,InstitutionId

          ,KeyName

          ,Value

          ,Description

          ,CreatedDate

          ,CreatedBy

          ,ModifiedDate

          ,ModifiedBy

          ,RowVersion

          ,IsDeleted)

    VALUES

          (guid_pkg.formatted_guid()

          ,'580378fa-96ff-4045-a435-fcc991ff0e55'

          ,'security.sso.option'

          ,'CAS'

          ,'Single Sign On Provider'

          ,SYSDATE

          ,'f9817fe0-6034-44d6-8eb3-b7656efd0ab8'

          ,SYSDATE

          ,'f9817fe0-6034-44d6-8eb3-b7656efd0ab8'

          ,0

          ,0)

 

INSERT INTO SystemSettings

          (Id

          ,InstitutionId

          ,KeyName

          ,Value

          ,Description

          ,CreatedDate

          ,CreatedBy

          ,ModifiedDate

          ,ModifiedBy

          ,RowVersion

          ,IsDeleted)

    VALUES

          (guid_pkg.formatted_guid()

          ,'580378fa-96ff-4045-a435-fcc991ff0e55'

          ,'security.sso.authenticationURL'

          ,'http://casserver/port/cas'  -- put the root url to your CAS server here

          ,'Single Sign On Authentication URL'

          ,SYSDATE

          ,'f9817fe0-6034-44d6-8eb3-b7656efd0ab8'

          ,SYSDATE

          ,'f9817fe0-6034-44d6-8eb3-b7656efd0ab8'

          ,0

          ,0)

Page url: ?system_questions.htm