Services Management

Owned by ScottS
Last updated: Jun 07, 2016 by Misagh Moayyed

New CAS documentation site

CAS documentation has moved over to apereo.github.io/cas, starting with CAS version 4.x. The wiki will no longer be maintained. For the most recent version of the documentation, please refer to the aforementioned link.

Services management webapp

Before CAS server 4.0.0, the services management webapp is part of the CAS server and can be accessed through an url like : https://localhost:8443/cas/services/.

With the new major version 4.0.0 of CAS, the services management webapp is in a more general and separate webapp dedicated to CAS management : the cas-management-webapp module, which can be accessed through an url like : https://localhost:8443/management/.

allowedToProxy

When defining a service, there is an option called allowedToProxy which allows a CAS service to play the role of a CAS proxy.

Before CAS 4.0, this option was enabled by default. However, as the proxy mechanism is extremely powerful and in order to improve security on the CAS server, this option is now disabled by default (on CAS 4.0). Please read : CAS Threat Modeling and Proposals to mitigate security risks for a better understanding of what the CAS security group is trying to achieve in terms of security.

What is Services Management?

The Services Management console, in conjunction with other features of the "services" package allow a CAS Deployer to control what services are allowed to authenticate via CAS, and in particular what those services can do with CAS.

Examples include: the attributes a service can see, whether they can proxy, whether they should be allowed to do single sign on, etc.

To get started, type in the following link to view the web interface (as of CAS 3.1.1), then you will be directed to the Editing page.

https://localhost:8443/cas/services/

Remark: The host and port may have been changed according to the Configuring page.

 

 

Host and port settings for quick demos

As above, it is normally assumed you have configured the https protocol for the servlet container (e.g., tomcat) that will host your CAS server deployment.  However, if demoing the CAS server without configuring for https protocol, you can use the default host and port configuration.

http://localhost:8080/cas/services/

Note that you still need to refer to the Configuring page so as to authorize access for at least one demo user.