Table of Contents
CAS is an open-source Single Sign On (SSO) provider that allows multiple applications and services to authenticate against it and brokers those authentication requests to a back-end authentication provider. This module allows Guacamole to redirect to CAS for authentication and user services. This module must be layered on top of other authentication extensions that provide connection information, as it only provides user authentication.
The CAS authentication extension is available separately from the main
guacamole.war
. The link for this and all other
officially-supported and compatible extensions for a particular version of Guacamole are
provided on the release notes for that version. You can find the release notes for
current versions of Guacamole here: http://guacamole.incubator.apache.org/releases/.
The CAS authentication extension is packaged as a .tar.gz
file containing only the extension itself,
guacamole-auth-cas-0.9.13-incubating.jar
, which must
ultimately be placed in GUACAMOLE_HOME/extensions
.
Guacamole extensions are self-contained .jar
files which are
located within the GUACAMOLE_HOME/extensions
directory.
If you are unsure where GUACAMOLE_HOME
is located on
your system, please consult Chapter 5, Configuring Guacamole before
proceeding.
To install the CAS authentication extension, you must:
Create the
GUACAMOLE_HOME/extensions
directory, if it does not already exist.Copy
guacamole-auth-cas-0.9.13-incubating.jar
withinGUACAMOLE_HOME/extensions
.Configure Guacamole to use CAS authentication, as described below.
The CAS authentication extension provides two configuration properties, both of which are required.
- cas-authorization-endpoint
The URL of the CAS authentication server. This should be the full path to the base of the CAS installation.
- cas-redirect-uri
The URI to redirect back to upon successful authentication. Normally this will be the full URL of your Guacamole installation.
Guacamole will only reread guacamole.properties
and load
newly-installed extensions during startup, so your servlet container will need to be
restarted before CAS authentication can be used. Doing this will
disconnect all active users, so be sure that it is safe to do so prior to
attempting installation. When ready, restart your servlet container
and give the new authentication a try.