CAS SSO

You may want to log in to the decision-making platform with CAS (Central Authentication Service). This document describes how to configure single sign-on and sign-out with CAS.

CAS Introduction

The CAS structure contains the CAS server and CAS client.

The CAS server needs to be deployed independently to authenticate user information. Generally, the CAS server is set up by an enterprise, and the enterprise can connect to the database, create a CAS user table, and manage user information uniformly.

The CAS client processes resource access requests for web applications requiring SSO, for example, FineReport. You will be redirected to the CAS server if you need to log in to the decision-making platform.

CAS Login Principle

The steps you log in to the decision-making platform with CAS are shown as follows:

1. Access the decision-making platform through the browser. (That is, access the CAS client.)

2. The client redirects the user request to the CAS server.

3. The CAS server authenticates the user's CAS account and password.

4. If the authentication is passed, the ticket will be sent. You can jump to and access the decision-making platform through the ticket.

5. The decision-making platform authenticates the authenticity and expiration of the ticket with the CAS server.

6. If the authentication is passed, the CAS server returns the username of the ticket, and the decision-making platform further authenticates if the user with the returned username is a system user and available. If the authentication is passed, the login is successful, and you can log in to the decision-making platform.

This simple and convenient method can be implemented with a plugin, which does not need any codes. For details, see CAS Single Sign On Plugin.

Note:

This method provided in this document is unsupported on mobile terminals.

Single Sign-on with CAS

The following table shows the steps of CAS SSO.

Step	Description	Note
HTTPS Access by Configuring the SSL Certificate	You need to configure the HTTPS support before configuring the CAS SSO, or the CAS SSO cannot be utilized.	Mandatory
CAS Server Building	The CAS SSO requires information authentication through the CAS server. If you have a CAS server environment, you can ignore the operation.	Optional
Authentication Implementation Based on the Database	If the user information is stored in a certain table of the database, you can implementing the authentication based on the database by referring to this document. You can determine whether perform this operation as needed. Note: The default authentication of CAS is that the username is the same as the password. If you do not perform this operation, you can pass the CAS authentication when the username is the same as the password.	Optional
Configuring FineReport as the CAS Client	It describes how to integrate FineReport and CAS SSO.	Mandatory

CAS SLO

Assume that you do not configure CAS SSO, when you sign out of the platform, you only sign out of one client (the platform) but do not sign out of others.

Remote Design After CAS

After FineReport V11.0 is integrated with CAS, the remote design request will be intercepted by CAS. As a result, the remote design cannot be performed. For details about solutions, see Remote Design After CAS Integration in FR V11.0.

Solution to the Error Report

For details about related error reports and the corresponding solutions during CAS SSO, see CAS SSO FAQs.