Configuration - subfission/cas GitHub Wiki
Configuration is done through environment variables. Set these values through your normal environment methods.
Important Confguration Options
These are the most common variables you will need to set for your application to work with CAS.
CAS Hostname
| Variable | Default |
|---|---|
| CAS_HOSTNAME | cas.myuniv.edu |
The host name of the CAS server. This is used to construct the URL used during the authentication process.
CAS Authorized Hosts
| Variable | Default |
|---|---|
| CAS_REAL_HOSTS | cas.myuniv.edu |
This is used when SAML is active and is recommended for protecting against DOS attacks. If using load balanced hosts, then separate each with a comma.
CAS Client Service
| Variable | Default |
|---|---|
| CAS_CLIENT_SERVICE | http://localhost |
The client service(s) authorized to make requests to the CAS service provider. This may be a comma separated list.
phpCAS Loggging (added in 5.0.0)
| Variable | Default |
|---|---|
| CAS_LOG | null |
Sets the log method for phpCAS. phpCAS logs are verbose, multi-line, INFO log entries. Consider the implications when choosing a log approach. One of:
- null (default) = no logging
- laravel = use the Laravel MonoLog instance
- /path/to/file = create a new log at the given file path
Other
There are a number of other options available to control the behavior of the CAS client. The default configuration should be sufficient to get started with development, but you should review and harden your configuration before deploying to production.
CAS Session Cookie Name
| Variable | Default |
|---|---|
| CAS_SESSION_NAME | CASAuth |
The name of the cookie used to store the CAS session.
CAS Control Sessions
| Variable | Default |
|---|---|
| CAS_CONTROL_SESSIONS | false |
Laravel has it's own authentication sessions. Unless you want phpCAS to manage the session, leave this set to false. Note that the middleware and redirect classes will be handling removal of the Laravel sessions when this is set to false.
CAS Proxy
| Variable | Default |
|---|---|
| CAS_PROXY | false |
Enable proxy mode for the CAS client.
CAS Port
| Variable | Default |
|---|---|
| CAS_PORT | 443 |
The HTTP port used for the connection to the CAS server.
CAS URI
| Variable | Default |
|---|---|
| CAS_URI | /cas |
The path portion of the URL for the CAS service.
CAS Validation
| Variable | Default |
|---|---|
| CAS_VALIDATION | [empty] |
Method for validating the CAS server TLS certificate. One of:
- 'self' to trust a self-signed certificate
- 'ca' to trust a certificate from a CA
- [empty] for no certificate validation
Using a valid certificate from a trusted CA is highly recommended
CA Certificate
| Variable | Default |
|---|---|
| CAS_CERT | [empty] |
Path to the CA certificate file. For production use the CA certificate that is the issuer of the cert.
CN Validation
| Variable | Default |
|---|---|
| CAS_VALIDATE_CN | true |
Applies only if using a CA certificate. If for some reason you want to disable validating the certificate intermediaries, here is where you can. Recommended to leave this set with default (true).
CAS Login URL
| Variable | Default |
|---|---|
| CAS_LOGIN_URL | [empty] |
The full URL of the CAS service. This will be constructed from other variables if left blank and should rarely need to be used.
CAS Logout URL
| Variable | Default |
|---|---|
| CAS_LOGOUT_URL | cas.myuniv.edu |
The URL to use for a logout request to CAS.
CAS Logout Redirect Services
| Variable | Default |
|---|---|
| CAS_LOGOUT_REDIRECT | [empty] |
If your server supports redirection services, enter the redirect url in this section. If left blank, it will default to disabled.
CAS Successful Logon Redirection URL
| Variable | Default |
|---|---|
| CAS_REDIRECT_PATH | [empty] |
By default, CAS will assume that the user should be redirected to the page in which the call was initiated. You can override this method and force the user to be redirected to a specific URL here.
Enable SAML
| Variable | Default |
|---|---|
| CAS_ENABLE_SAML | true |
CAS Supports SAML 1.1, allowing you to retrieve more than just the user identifier. If your CAS authentication service supports this feature, you may be able to retrieve user meta data.
CAS Protocol Version
| Variable | Default |
|---|---|
| CAS_VERSION | 2.0 |
CAS will support version 1.0, 2.0, 3.0 of the protocol. It is recommended to use version 2.0, 3.0, or SAML 1.1. If you enable SAML, then that will override this configuration.
phpCAS Verbose Errors
| Variable | Default |
|---|---|
| CAS_VERBOSE_ERRORS | false |
Enable verbose error messages from phpCAS. Not recommended for production.
CAS Masquerade
| Variable | Default |
|---|---|
| CAS_MASQUERADE | [empty] |
This will cause CAS to skip authentication and assume this user id. This should only be used for developmental purposes. The getAttributes() method will return null in this condition.
CAS Cookie Domain
| Variable | Default |
|---|---|
| APP_DOMAIN | [empty] |
The value to set in the Domain field on cookies.
Secure Cookie Flag
| Variable | Default |
|---|---|
| HTTPS_ONLY_COOKIES | false |
Whether to add the Secure flag to cookies.