cas-server
Advanced tools
Readme
This module provides a Node native implementation of a CAS server. It is extensible via a simple plugin interface, and will implement versions 1.0, 2.0, and 3.0 of the protocol. It currently supports the authentication and service validation mechanisms of all three versions; proxy support will be added later.
Protocol compatibility special note: this server will prefer adhering to the
latest version of the protocol when supporting all versions would be too
cumbersome. For example, the potential redirect on logout. In version 2.0 the
service could send a url parameter. In version 3.0, that was deprecated in
favor of a service parameter. This server does not recognize the url
parameter at all.
We are using Semantic Versioning. With this versioning scheme we are able to drastically change any aspect of the API, or the server itself, during the initial version 0 development (point 4).
Until version 1.0.0 anything about cas-server may change with any release.
Please keep up with the changelog. All important changes will be listed there.
These install instructions will guide you through installing the reference implementation of the server. You may use different plugins to provide functionality such as the ticket and service registries. In such a case, the installation requirements may vary.
The reference implementation uses a PostgreSQL database. Before starting the installation, you should have such a database setup.
$ git clone https://github.com/jscas/cas-server
$ cd cas-server
$ npm install --production # to install the base dependencies
$ npm install pg # for the service/ticket registries
$ npm install cas-server-pg-registries
$ npm install cas-server-auth-json
$ npm install cas-server-theme
$ cp settings.example.js settings.js
$ # edit the settings.js file according to the instructions within
The server has built-in support for OpBeat reporting. By default, this
is disabled. You can enable it within your settings.js file. Currently, this
server does not directly register any errors with the OpBeat client. This may
change in future versions.
Special note: when writing your settings.js script you must avoid requiring
any modules that the OpBeat client instruments. You can view the list of these
modules in the client's source code. We initialize the OpBeat
client after we load the settings.js script; thus the client would not
be able to hook into the instrumented modules if you require any there.
You must have a PostgreSQL database and user available. The user must be able to create tables and issue select, update, and insert queries.
See the cas-server-pg-registries readme for information on creating and configuring the database.
Once installed, running the server is as simple as:
$ node server.js -c ./settings.js
At the moment, you must add services by directly adding them to your database.
To do so, insert a record into the services table like so:
insert into services (id, name, url, comment) values (
'69B38CEA-6EAB-42CE-B254-81114DE6733D', -- this can be created with the cli tool `uuidgen`
'foo-service',
'https://app.example.com/cas-callback-endpoint',
'a simple service that authenticates via cas'
);
FAQs
An implementation of Apereo's CAS protocol
The npm package cas-server receives a total of 1 weekly downloads. As such, cas-server popularity was classified as not popular.
We found that cas-server demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
NIST's new AI Risk Management Framework aims to enhance the security and reliability of generative AI systems and address the unique challenges of malicious AI exploits.
Security News
This episode of the Risky Biz podcast discusses how the rise of small open source packages and the shift towards individual maintainers makes the ecosystem more vulnerable to supply chain attacks.
Product
Streamline your login process and enhance security by enabling Single Sign-On (SSO) on the Socket platform, now available for all customers on the Enterprise plan, supporting 20+ identity providers.