CAS (Central Authentication Service) is a single sign-on protocol that allows users to access multiple applications while providing their credentials (such as a user ID and password) only once. The following steps describe the interaction between the user, Primo, Alma or Aleph, and the CAS host to provide authentication and authorization:
- The user invokes the sign-in option in Primo.
- Primo sends an authentication request to the specified CAS host.
- The host performs a single-sign-on check.
- If the user is not logged on to the CAS server, the host's login page (which is not Primo’s login page) opens.
- After the user logs on, the host redirects back to Primo with a CAS response, which includes a ticket for validation.
- Primo retrieves the user attributes from the CAS response (or fetches user attributes from Alma or Aleph) and logs the user in.
To configure Primo to use CAS authentication:
- Open the User Authentication Wizard page (Primo Home > Ongoing Configuration Wizards > User Authentication Wizard).
- Select your institution from the Owner drop-down list.The source of your Primo institution must be Alma in order use Alma user authentication.
- From the list of profiles, click Edit next to the CAS profile that you want to configure.The Login Profile page opens.CAS Login Profile Page
- Use the following table to configure the CAS authentication fields:
CAS Configuration Fields Parameter DescriptionCAS_PROVIDER_HOST(Required) The CAS login URL. This is the URL Primo uses when it sends the authentication request.SILENT_LOGIN_
ENABLEThe valid values are True (default) and False.Enable or disable “silent login” in Primo. If “silent login” is enabled and a new session is opened with the same browser in a new window or tab, the user is automatically logged on to Primo.EMAIL_OVERRIDEThe valid values are True and False (default).If set to True, the email returned with the user information will always override the email stored in the user’s profile in Primo.
- Click Save.
- From the list of profiles, click Edit next to your CAS profile.The Login Profile page opens with additional options.CAS Login Profile Page - bor-info Options for AlmaThe Attributes Mapping button displays only when the user information method has been selected and saved.
- Map the user attributes associated with Alma authentication. For more information, see Attribute Mapping.