Skip to main content
ExLibris
  • Subscribe by RSS
  • Ex Libris Knowledge Center

    Using CAS for User Authentication

    CAS (Central Authentication Service) is a single sign-on protocol that allows users to access multiple applications while providing their credentials (such as a user ID and password) only once. The following steps describe the interaction between the user, Primo, Alma or Aleph, and the CAS host to provide authentication and authorization:
    1. The user invokes the sign-in option in Primo.
    2. Primo sends an authentication request to the specified CAS host.
    3. The host performs a single-sign-on check.
    4. If the user is not logged on to the CAS server, the host's login page (which is not Primo’s login page) opens.
    5. After the user logs on, the host redirects back to Primo with a CAS response, which includes a ticket for validation.
    6. Primo retrieves the user attributes from the CAS response (or fetches user attributes from Alma or Aleph) and logs the user in.
    To configure Primo to use CAS authentication:
    1. Open the User Authentication Wizard page (Primo Home > Ongoing Configuration Wizards > User Authentication Wizard).
    2. Select your institution from the Owner drop-down list.
      The source of your Primo institution must be Alma in order use Alma user authentication.
    3. From the list of profiles, click Edit next to the CAS profile that you want to configure.
      The Login Profile page opens.
      CAS_Authentication.png
      CAS Login Profile Page
    4. Use the following table to configure the CAS authentication fields:
      CAS Configuration Fields
      Parameter Description
      CAS_PROVIDER_HOST
      (Required) The CAS login URL. This is the URL Primo uses when it sends the authentication request.
      SILENT_LOGIN_
      ENABLE
      The valid values are True (default) and False.
      Enable or disable “silent login” in Primo. If “silent login” is enabled and a new session is opened with the same browser in a new window or tab, the user is automatically logged on to Primo.
      EMAIL_OVERRIDE
      The valid values are True and False (default).
      If set to True, the email returned with the user information will always override the email stored in the user’s profile in Primo.
    5. Select ALMA (see Alma Information Request Fields) or ALEPH (see Aleph Information Request Fields) from the Select User Information Method drop-down list.
    6. Click Save.
    7. From the list of profiles, click Edit next to your CAS profile.
      The Login Profile page opens with additional options.
      CAS_UserInfo.png
      CAS Login Profile Page - bor-info Options for Alma
      The Attributes Mapping button displays only when the user information method has been selected and saved.
    8. Map the user attributes associated with Alma authentication. For more information, see Attribute Mapping.
    • Was this article helpful?