-
Notifications
You must be signed in to change notification settings - Fork 70
Configuration
Configuration is done through environment variables. Set these values through your normal environment methods.
These are the most common variables you will need to set for your application to work with CAS.
| Variable | Default |
|---|---|
| CAS_HOSTNAME | cas.myuniv.edu |
The host name of the CAS server. This is used to construct the URL used during the authentication process.
| Variable | Default |
|---|---|
| CAS_REAL_HOSTS | cas.myuniv.edu |
This is used when SAML is active and is recommended for protecting against DOS attacks. If using load balanced hosts, then separate each with a comma.
| Variable | Default |
|---|---|
| CAS_CLIENT_SERVICE | http://localhost |
The client service(s) authorized to make requests to the CAS service provider. This may be a comma separated list.
| Variable | Default |
|---|---|
| CAS_LOG | null |
Sets the log method for phpCAS. phpCAS logs are verbose, multi-line, INFO log entries. Consider the implications when choosing a log approach. One of:
- null (default) = no logging
- laravel = use the Laravel MonoLog instance
- /path/to/file = create a new log at the given file path
There are a number of other options available to control the behavior of the CAS client. The default configuration should be sufficient to get started with development, but you should review and harden your configuration before deploying to production.
| Variable | Default |
|---|---|
| CAS_SESSION_NAME | CASAuth |
The name of the cookie used to store the CAS session.
| Variable | Default |
|---|---|
| CAS_CONTROL_SESSIONS | false |
Laravel has it's own authentication sessions. Unless you want phpCAS to manage the session, leave this set to false. Note that the middleware and redirect classes will be handling removal of the Laravel sessions when this is set to false.
| Variable | Default |
|---|---|
| CAS_PROXY | false |
Enable proxy mode for the CAS client.
| Variable | Default |
|---|---|
| CAS_PORT | 443 |
The HTTP port used for the connection to the CAS server.
| Variable | Default |
|---|---|
| CAS_URI | /cas |
The path portion of the URL for the CAS service.
| Variable | Default |
|---|---|
| CAS_VALIDATION | [empty] |
Method for validating the CAS server TLS certificate. One of:
- 'self' to trust a self-signed certificate
- 'ca' to trust a certificate from a CA
- [empty] for no certificate validation
Using a valid certificate from a trusted CA is highly recommended
| Variable | Default |
|---|---|
| CAS_CERT | [empty] |
Path to the CA certificate file. For production use the CA certificate that is the issuer of the cert.
| Variable | Default |
|---|---|
| CAS_VALIDATE_CN | true |
Applies only if using a CA certificate. If for some reason you want to disable validating the certificate intermediaries, here is where you can. Recommended to leave this set with default (true).
| Variable | Default |
|---|---|
| CAS_LOGIN_URL | [empty] |
The full URL of the CAS service. This will be constructed from other variables if left blank and should rarely need to be used.
| Variable | Default |
|---|---|
| CAS_LOGOUT_URL | cas.myuniv.edu |
The URL to use for a logout request to CAS.
| Variable | Default |
|---|---|
| CAS_LOGOUT_REDIRECT | [empty] |
If your server supports redirection services, enter the redirect url in this section. If left blank, it will default to disabled.
| Variable | Default |
|---|---|
| CAS_REDIRECT_PATH | [empty] |
By default, CAS will assume that the user should be redirected to the page in which the call was initiated. You can override this method and force the user to be redirected to a specific URL here.
| Variable | Default |
|---|---|
| CAS_ENABLE_SAML | true |
CAS Supports SAML 1.1, allowing you to retrieve more than just the user identifier. If your CAS authentication service supports this feature, you may be able to retrieve user meta data.
| Variable | Default |
|---|---|
| CAS_VERSION | 2.0 |
CAS will support version 1.0, 2.0, 3.0 of the protocol. It is recommended to use version 2.0, 3.0, or SAML 1.1. If you enable SAML, then that will override this configuration.
| Variable | Default |
|---|---|
| CAS_VERBOSE_ERRORS | false |
Enable verbose error messages from phpCAS. Not recommended for production.
| Variable | Default |
|---|---|
| CAS_MASQUERADE | [empty] |
This will cause CAS to skip authentication and assume this user id. This should only be used for developmental purposes. The getAttributes() method will return null in this condition.
| Variable | Default |
|---|---|
| APP_DOMAIN | [empty] |
The value to set in the Domain field on cookies.
| Variable | Default |
|---|---|
| HTTPS_ONLY_COOKIES | false |
Whether to add the Secure flag to cookies.