Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Contents

...

Info
titleThe UH Web Login Service is provided via Apereo's Central Authentication Service (CAS).

Currently UH Login is running CAS version 5.0.010.

Please refer to Apereo documentation for authoritative references for CAS client integration and the CAS protocol. The CAS Community mailing list and archives are also valuable sources of information and support.

...

Info

This information was derived from the developer documentation provided for the legacy UH Web Login Service, Apereo's CAS protocol specification, Apereo's CAS SAML documentation, and Wikipedia's entry for SAML 1.1.

...

  1. Will authentication include the release of attributes to your application?
    1. If yes, UH Data Governance guidelines apply.  For each unique application you must submit a separate request.  What that means is that you cannot register a single URL and host multiple applications under it.  
  2. Is your application hosted on a non-UH server?
    1. If yes, your request may be subject to the UH Data Sharing Request process. Please send an inquiry to datagov@hawaii.edu or call 956-7487.

Anchor
register
register
Register Your Application URL

...

  • url (DISABLED)

    Note

    Although Jasig's CAS protocol documentation describes the use the the url parameter, the Jasig developers have disabled it in recent versions of CAS to prevent potential abuse. Their explanation of the situation may be found in this thread from the cas-users mailing list. The url parameter defined in the former CAS 2.0 specification is not a valid parameter in CAS 3.0 anymore. CAS Servers MUST ignore given url parameters.


Examples
  • To logout a user and prevent her from automatically logging back into a Web application, the Web application can forward the user to the Logout URL of UH Login. That URL will destroy the ticket-granting cookie that enables the single sign-on feature and gives the user a page that informs them that they have logged out of UH Login.

    No Format
    https://$WEBLOGIN-HOST/cas/logout
    


  • To logout a user and prevent her from automatically logging back into a Web application, the Web application can forward the user to the Logout URL of UH Login. That URL will destroy the ticket-granting cookie that enables the single sign-on feature and redirect the user to the URL identified by the service parameter.

    No Format
    https://$WEBLOGIN-HOST/cas/logout?service=https://myserver/myapp
    


    Info

    The URL provided by the service parameter must be registered to use UH Login.


...

Application Not Authorized to Use UH Login

Problem:

Your application cannot successfully authentication against CAS.

Example error message:

Expand


Panel

The application you attempted to authenticate to is not authorized to use UH Login.


Solutions:

Expand


Panel
  1. If you have requested attributes, make sure you are using https.
  2. Check that the URL matches the URL specified in your original CAS URL registration request.


...