主题
cas-auth
描述
The cas-auth Plugin can be used to access CAS (Central Authentication Service 2.0) IdP (Identity Provider) to do authentication, from the SP (service provider) perspective.
属性
| Name | Type | Required | Description |
|---|---|---|---|
idp_uri | string | True | URI of IdP. |
cas_callback_uri | string | True | redirect uri used to callback the SP from IdP after login or logout. |
logout_uri | string | True | logout uri to trigger logout. |
启用插件
You can enable the Plugin on a specific Route as shown below:
shell
curl http://127.0.0.1:9180/apisix/admin/routes/cas1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
{
"methods": ["GET", "POST"],
"host" : "127.0.0.1",
"uri": "/anything/*",
"plugins": {
"cas-auth": {
"idp_uri": "http://127.0.0.1:8080/realms/test/protocol/cas",
"cas_callback_uri": "/anything/cas_callback",
"logout_uri": "/anything/logout"
}
},
"upstream": {
"type": "roundrobin",
"nodes": {
"httpbin.org": 1
}
}
}'配置说明
一旦您启用了插件,访问此路由的新用户将首先由cas-auth 插件处理。如果不存在登录会话,则用户将被重定向到 idp_uri 的登录页面。
从IdP成功登录后,IdP将使用重定向到cas_callback_uri指定了GET参数CAS票证。如果票证得到验证,则会创建登录会话。
此过程只进行一次,后续请求不会中断。完成后,用户将被重定向到他们想要访问的原始URL。
稍后,用户可以访问logout_ur来启动注销过程。用户将被重定向到idp_uri以进行注销。
请注意,cas_callback_uri和logout_uri应为
完全限定地址(例如 http://127.0.0.1:9080/anything/logout ),或仅路径(例如“/anything/logout”),但建议仅为路径以保持一致。
这些uri需要由当前APIX所在的路由捕获。
例如,如果当前路由的uri是/api/v1/*,则cas_callback_uri可以填写为/api/v1/cas_callback。
删除插件
To remove the cas-auth Plugin, you can delete the corresponding JSON configuration from the Plugin configuration. APISIX will automatically reload and you do not have to restart for this to take effect.
shell
curl http://127.0.0.1:9180/apisix/admin/routes/cas1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
{
"methods": ["GET", "POST"],
"uri": "/anything/*",
"plugins": {},
"upstream": {
"type": "roundrobin",
"nodes": {
"httpbin.org:80": 1
}
}
}'