智能网关>> osf-cas-archived>> 返回
项目作者: cslzchen

项目描述 :
OSF CAS - The Central Authentication and Authorization Service for the OSF
高级语言: Java
项目地址: git://github.com/cslzchen/osf-cas-archived.git
创建时间: 2020-04-22T17:49:50Z
项目社区:https://github.com/cslzchen/osf-cas-archived
开源协议:Apache License 2.0
下载


OSF CAS by Center for Open Science

Master Build Status: TBI

Develop Build Status: TBI

Versioning Scheme: CalVer Scheme

License: License

About

OSF CAS is the centralized authentication and authorization service for the OSF and its services such as OSF Preprints and OSF Registries.

Features

  • OSF username and password login
  • OSF username and verification key login
  • OSF two-factor authentication
  • WIP - Delegated authentication
  • TBI - OAuth authorization server for OSF
  • TBI - SAML service provider

Implementations

The implementation of OSF CAS is based on Apereo CAS 6.2.x via CAS Overlay Template 6.2.x. Refer to CAS Documentaion 6.2.x for more details.

Legacy Implementations

A legacy version can be found at CAS Overlay, which was built on Jasig CAS 4.1.x via CAS Overlay Template 4.1.x.

Versions

  • OSF CAS 20.0.x
  • Apereo CAS 6.2.x
  • PostgreSQL 9.6
  • JDK 11

Build and Run OSF CAS

OSF

OSF CAS requires a working OSF running locally. Refer to OSF’s README-docker-compose.md for how to set up and run OSF with docker-compose. Must disable fakeCAS to free port 8080.

In cas.propeties, global JDBC settings can be found here and JPA specific settings can be found here.

CAS DB

OSF CAS is configured to use the JPA Ticket Registry for durable ticket storage. Thus, a relational database is required. Set up a PostgreSQL@9.6 server and update JPA Ticket Registry settings in cas.propeties accordingly. Must use a port other than the already occupied 5432.

Signing and Encryption Keys

Refer to settings in cas.properties for signing and encrypting client session and ticket granting cookie.

Authentication Delegation

ORCiD Login

Set up a developer app at ORCiD with http://localhost:8080/login and http://192.168.168.167:8080/login as redirect URIs. Update
cas.authn.pac4j.orcid.id and cas.authn.pac4j.orcid.secret in cas.properties settings.

fakeCAS Login

With OSF CAS running locally as the authentication server for OSF, fakeCAS can be configured to serve as an identity provider. Simply update fakecas in OSF’s docker-compose.yaml to listen on port 8081.

  1. fakecas:
  2.   image: quay.io/centerforopenscience/fakecas:master
  3.   command: fakecas -host=0.0.0.0:8081 -osfhost=localhost:5000 -dbaddress=postgres://postgres@postgres:5432/osf?sslmode=disable
  4.   restart: unless-stopped
  5.   ports:
  6.     - 8081:8081
  7.   depends_on:
  8.     - postgres
  9.   stdin_open: true

Related settings in cas.propeties can be found here.

Build and Run

It is recommended to use the Dockerfile and the provided scripts to build and run CAS.

  1. ./docker-build.sh
  2. ./docker-run.sh

Refer to Apereo’s README.md for more options.