CAS Single Sign On

[nowylie]

Hi Frappe Team. Thanks for your great work!

At our workplace we make use of CAS for single sign on between web services, and we would like to also be able to sign into the Desk with CAS as well.

CAS is a little bit different to the other Authentication mechanisms in Frappe.

• If the user is not authenticated they are automatically redirected to the CAS site
• The CAS site will then redirect back to Frappe with a valid token once the user is authenticated
• The Frappe backend should validate this token against the CAS site and then create a new session

I've had a quick look at authentication in the Frappe code base but I'm not sure what the best place would be to implement CAS. So I'm looking for some guidance before I jump in and start coding!

I need to implement a redirect to CAS if the CAS authentication is enabled and the user doesn't have a valid session, and I need to implement authentication and subsequent session creation based on a url query parameter.

[ankush]

Achievable with oauth based social logins or ldap