...
- Prerequisites:*
- functioning CAS 3.3 setup, with localization via the Maven overlay method, see Maintaining + local + customizations + using + Maven + 2
- MS-AD authentication is function, see Active + Directory
- You can get LDAP attributes from AD (or any LDAP) into the CAS Princical (ie. the CAS user object )
You will need to map the AD "mail" attribute (or any other LDAP attribute you wish to use) to the CAS princical "EmailAddress" attribute, eg. in the mapping section of the Attributesarticle, use:
See Attributes for more.Code Block xml xml <map> <entry key="mail" value="EmailAddress" /> </map>
...
Finally, if all looks well, configure your Google Apps domain to use your CAS setup for authentication. See SAML + 2.0 + (Google + Accounts + Integration)
Every time Google Apps calls CAS, there will be some new INFO level messages in the tomcat log file, typically <tomcat>/logs/catalina.out to show you what is happening. The first line shows you how many (if any) attributes are attached to the CAS principal. This will show you if your attribute mapping is working. The second line show what user id is actually sent to Google for the current CAS principal.
...