Hello! I'm installing Atom 2.8.1 and I'm having trouble with the CAS configuration. I've read
the documentation and I have some problems that need solving.
- My CAS server needs an username and a password for it to be able to be used in any application. Where can I configure that?
- I've followed the steps (ignoring the username and password needed for the CAS Server) and ended up enabling the CAS plugin. It
almost works: clicking on "Login with CAS" redirects you to the login page of the CAS server, but when the user prompts its credentials, and the CAS server redirects you back to the AtoM page, the user is not logged in.
My CAS plugin configuration looks like this:
all:
cas:
# Valid cas_version values: '1.0', '2.0', '3.0', 'S1'
# See: https://apereo.github.io/phpCAS/api/CAS_8php_source.html#l00082
# CAS version 3.0 is required for parsing CAS attributes into user groups.
cas_version: '3.0'
# Default to live demo server for testing and QA.
server_name: '(CAS Server URL)'
server_port: 443
server_path: '/cas'
# CAS server SSL certificate location for server validation.
# Accepts a filepath or false (to disable, e.g. for development).
# Examples
# --------
# Relative path to sf_root_dir: 'data/cas/cert/mycert.pem'
# Absolute path: '/usr/var/certif/xxx.pem'
# Disable server validation: false
server_cert: false
# Settings for parsing CAS attributes into AtoM group membership.
# Set set_groups_from_attributes to true to enable.
# attribute_key specifies which CAS attribute AtoM will check.
set_groups_from_attributes: false
attribute_key: 'name-of-attribute-to-check'
user_groups:
administrator:
attribute_value: 'atom-administrators'
group_id: 100
editor:
attribute_value: 'atom-editors'
group_id: 101
contributor:
attribute_value: 'atom-contributors'
group_id: 102
translator:
attribute_value: 'atom-translators'
group_id: 103
# Override default service URL.
# Needed when hostname does not match the host part of the AtoM
# instance URL
# e.g. https://atom.somedomain.org/cas/login
service_url: '(AtoM URL)'
I've figured it probably has to do with the fact that I'm not mapping any attribute obtained from the CAS Server to an AtoM user. Or maybe it has to do with the fact that i've haven't configured the username and password of the CAS Server. Either way, i'm at a loss.
Also: Is the service_url parameter callback URL?
Thanks in advance!