Skip to main content
  • Subscribe by RSS
  • Ex Libris Knowledge Center

    Using CAS for User Authentication

    If you are working with Primo VE and not Primo, see CAS-Based Single Sign-On/Sign-Off.

    CAS (Central Authentication Service) is a single sign-on protocol that allows users to access multiple applications while providing their credentials (such as a user ID and password) only once. The following steps describe the interaction between the user, Primo, Alma or Aleph, and the CAS host to provide authentication and authorization:
    1. The user invokes the sign-in option in Primo.
    2. Primo sends an authentication request to the specified CAS host.
    3. The host performs a single-sign-on check.
    4. If the user is not logged on to the CAS server, the host's login page (which is not Primo’s login page) opens.
    5. After the user logs on, the host redirects back to Primo with a CAS response, which includes a ticket for validation.
    6. Primo retrieves the user attributes from the CAS response (or fetches user attributes from Alma or Aleph) and logs the user in.
    To configure Primo to use CAS authentication:
    1. Open the User Authentication Wizard page (Primo Home > Ongoing Configuration Wizards > User Authentication Wizard).
    2. Select your institution from the Owner drop-down list.
      The source of your Primo institution must be Alma in order use Alma user authentication.
    3. Create a new login profile. The Login Profile page opens. For more information on creating login profiles, see The Primo Authentication Manager.
    4. Select CAS from the Select Authentication Method drop-down list.

      The CAS authentication parameters appear on the page.

      CAS Login Profile Page
    5. Use the following table to configure the CAS authentication parameters:
      CAS Configuration Parameters
      Parameter Description
      (Required) The CAS server root URL. For example:
      The valid values are True (default) and False.
      Enable or disable “silent login” in Primo. If “silent login” is enabled and a new session is opened with the same browser in a new window or tab, the user is automatically logged on to Primo.
      The valid values are True and False (default).
      If set to True, the email returned with the user information will always override the email stored in the user’s profile in Primo.
    6. Select ALMA (see Alma Information Request Fields) or ALEPH (see Aleph Information Request Fields) from the Select User Information Method drop-down list. The selections for the user information method is based on the ILS that you are using.
    7. Select Save to save your CAS profile and to return to the Login Profiles page.
    8. Edit your new CAS profile. The Login Profile page will now include the Attributes Mapping button.

      The Attributes Mapping button displays only when the user information method has been selected and saved.

    9. If you are using Alma for user information, skip this step. Otherwise, select Attributes Mapping to map the user attributes that are associated with the selected user authentication for Aleph. For more information, see Attribute Mapping.
    10. Select Save to save your profile and to return to the list of profiles on the Login Profiles page.
    • Was this article helpful?