CAS-Based Single Sign-On/Sign-Off for Esploro Research Hub
To configure a CAS integration profile, you must have the following role:
- General System Administrator
This page describes how to work with CAS based single sign-on/off in the Esploro research hub. For a short video showing how to work with LDAP in general see here.
For Alma users, the authentication profiles are common between Esploro and Alma. This means that the profiles are editable both in Alma and Esploro. Therefore, changes to the authentication profile will be reflected in Alma, and the converse (from Alma to Esploro).
Esploro supports CAS single sign-on using an integration profile, including ECAS. This enables a user to sign in or out of an external system and be automatically signed in or out of Esploro, or vice versa. After signing in to Esploro, you are redirected to your CAS page to sign in. When sign-in is successful, you are automatically directed back to Esploro.
For a detailed overview of CAS-based single sign-on, see the Developer Network.
If your production server and the sandbox use the same CAS service, Ex Libris recommends that you use the same authentication profile in both environments. In this case, no additional configuration of CAS is required on the sandbox after a sandbox refresh. If your production server and the sandbox use different CAS services, see Recommended Configuration to Account for Sandbox Refresh for more information.
To add a CAS integration profile:
- On the Integration Profiles page (Configuration Menu > General > Integration Profiles), select Add Integration Profile.The first page of the integration profile wizard appears.
Integration Profile General Information Tab - Enter profile information, specifying CAS as the Integration Type. Select Next. The Actions page of the integration profile appears.
Integration Profile Actions Tab - If you have multiple CAS profiles, you can select Default CAS profile for only one. This is the profile that will be used when the URL does not specify an idpCode. Enter the CAS host URL provided to you by your CAS provider. For questions on URLs, consult your institution’s support staff.
- Add the URL, as described above. The URL typically ends with /cas .
- If you are using ECAS and require additional parameters, enter them as a string. For example, assuranceLevel=LOW&ticketTypes=SERVICE. Parameters are:
- assuranceLevel: TOP (default), HIGH, MEDIUM, LOW
- ticketTypes: SERVICE, PROXY, DESKTOP (SERVICE,PROXY is the default)
- proxyGrantingProtocol: PGT_URL, CLIENT_CERT, DESKTOP (no default)
- When you are done, select Save.