2020-10-29 11:09:12 -04:00
---
2022-05-12 23:08:13 -04:00
stage: Manage
group: Authentication and Authorization
2020-11-26 01:09:20 -05:00
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
2020-10-29 11:09:12 -04:00
---
2021-09-28 05:11:19 -04:00
# CAS OmniAuth Provider **(FREE SELF)**
2015-11-11 23:25:31 -05:00
2021-08-26 17:11:25 -04:00
To enable the CAS OmniAuth provider you must register your application with your
CAS instance. This requires the service URL GitLab supplies to CAS. It should be
something like: `https://gitlab.example.com:443/users/auth/cas3/callback?url` .
Handling for Single Logout (SLO) is enabled by default, so you only have to
configure CAS for back-channel logout.
2015-11-11 23:25:31 -05:00
2019-07-11 11:21:26 -04:00
1. On your GitLab server, open the configuration file.
2015-11-11 23:25:31 -05:00
2019-08-27 04:41:50 -04:00
For Omnibus package:
2015-11-11 23:25:31 -05:00
2020-01-30 10:09:15 -05:00
```shell
2019-07-11 11:21:26 -04:00
sudo editor /etc/gitlab/gitlab.rb
```
2015-11-11 23:25:31 -05:00
2019-07-11 11:21:26 -04:00
For installations from source:
2015-11-11 23:25:31 -05:00
2020-01-30 10:09:15 -05:00
```shell
2019-07-11 11:21:26 -04:00
cd /home/git/gitlab
2015-11-11 23:25:31 -05:00
2019-07-11 11:21:26 -04:00
sudo -u git -H editor config/gitlab.yml
```
2015-11-11 23:25:31 -05:00
2021-11-09 13:13:13 -05:00
1. See [Configure initial settings ](omniauth.md#configure-initial-settings ) for initial settings.
2015-11-11 23:25:31 -05:00
2019-07-11 11:21:26 -04:00
1. Add the provider configuration:
2015-11-11 23:25:31 -05:00
2019-08-27 04:41:50 -04:00
For Omnibus package:
2015-11-11 23:25:31 -05:00
2019-07-11 11:21:26 -04:00
```ruby
gitlab_rails['omniauth_providers'] = [
{
2021-11-19 04:13:48 -05:00
name: "cas3",
label: "Provider name", # optional label for login button, defaults to "Cas3"
args: {
url: "CAS_SERVER",
login_url: "/CAS_PATH/login",
service_validate_url: "/CAS_PATH/p3/serviceValidate",
logout_url: "/CAS_PATH/logout"
}
2019-07-11 11:21:26 -04:00
}
]
```
2015-11-11 23:25:31 -05:00
2019-07-11 11:21:26 -04:00
For installations from source:
2015-11-11 23:25:31 -05:00
2020-03-23 23:09:28 -04:00
```yaml
2019-07-11 11:21:26 -04:00
- { name: 'cas3',
2021-11-19 04:13:48 -05:00
label: 'Provider name', # optional label for login button, defaults to "Cas3"
2019-07-11 11:21:26 -04:00
args: {
2020-10-02 02:08:27 -04:00
url: 'CAS_SERVER',
login_url: '/CAS_PATH/login',
service_validate_url: '/CAS_PATH/p3/serviceValidate',
logout_url: '/CAS_PATH/logout' } }
2019-07-11 11:21:26 -04:00
```
2015-11-11 23:25:31 -05:00
2021-01-22 19:08:46 -05:00
1. Change 'CAS_PATH' to the root of your CAS instance (such as `cas` ).
2015-11-11 23:25:31 -05:00
2019-07-11 11:21:26 -04:00
1. If your CAS instance does not use default TGC lifetimes, update the `cas3.session_duration` to at least the current TGC maximum lifetime. To explicitly disable SLO, regardless of CAS settings, set this to 0.
2015-11-11 23:25:31 -05:00
2019-07-11 11:21:26 -04:00
1. Save the configuration file.
2015-11-11 23:25:31 -05:00
2020-04-06 08:10:44 -04:00
1. [Reconfigure ](../administration/restart_gitlab.md#omnibus-gitlab-reconfigure ) or
[restart GitLab ](../administration/restart_gitlab.md#installations-from-source ) for the changes to
take effect if you installed GitLab via Omnibus or from source respectively.
2015-11-11 23:25:31 -05:00
2015-12-21 11:37:55 -05:00
On the sign in page there should now be a CAS tab in the sign in form.
