CAS 提供程序设置用户和权限
¥CAS provider setup for Users & Permissions
本 页面说明如何为 用户和权限功能 设置 Auth0 提供程序。
¥The present page explains how to setup the Auth0 provider for the Users & Permissions feature.
CAS 配置
¥CAS configuration
远程 CAS 服务器可以配置为接受 localhost
URL,或者你可以在本地运行自己的 CAS 服务器来接受它们。
¥A remote CAS server can be configured to accept localhost
URLs or you can run your own CAS server locally that accepts them.
不需要使用 ngrok
。
¥The use of ngrok
is not needed.
-
CAS 是一个 SSO 服务器,支持多种不同的方法来验证用户身份、检索用户属性并通过 SAML、OIDC 和 CAS 协议等协议将该信息传达给应用。如果部署的 CAS 支持 OIDC,则 Strapi 可以使用 CAS 服务器进行身份验证。
¥CAS is an SSO server that supports many different methods of verifying a users identity, retrieving attributes out the user and communicating that information to applications via protocols such as SAML, OIDC, and the CAS protocol. Strapi can use a CAS server for authentication if CAS is deployed with support for OIDC.
-
CAS 可能已被你的公司或组织使用,或者你可以通过克隆 CAS 叠加 项目或使用较新的 CAS 初始化器 创建覆盖项目来设置本地 CAS 服务器。
¥CAS could already be used by your company or organization or you can setup a local CAS server by cloning the CAS Overlay project or using the newer CAS Initializr to create an overlay project.
-
必须配置 CAS 服务器,以便它可以充当 OpenID 连接提供者
¥The CAS server must be configured so it can act as an OpenID Connect Provider
-
已知 CAS 版本 6.3.x 及更高版本可与 Strapi 配合使用,但支持 OIDC 的旧版本也可以使用。
¥CAS version 6.3.x and higher is known to work with Strapi but older versions that support OIDC may work.
-
为 Strapi 定义 CAS OIDC 服务并将其存储在正在使用的 CAS 服务注册表中。
¥Define a CAS OIDC service for Strapi and store it in whichever CAS service registry is being used.
-
对于本地 Strapi 部署,CAS 服务定义可能如下所示:
¥The CAS service definition might look something like this for a local strapi deployment:
{
"@class": "org.apereo.cas.services.OidcRegisteredService",
"clientId": "thestrapiclientid",
"clientSecret": "thestrapiclientsecret",
"bypassApprovalPrompt": true,
"serviceId": "^http(|s)://localhost:1337/.*",
"name": "Local Strapi",
"id": 20201103,
"evaluationOrder": 50,
"attributeReleasePolicy": {
"@class": "org.apereo.cas.services.ReturnMappedAttributeReleasePolicy",
"allowedAttributes": {
"@class": "java.util.TreeMap",
"strapiemail": "groovy { return attributes['mail'].get(0) }",
"strapiusername": "groovy { return attributes['username'].get(0) }"
}
}
}
表带配置
¥Strapi configuration
-
访问用户和权限提供商设置页面位于 [http://localhost:1337/admin/plugins/users-permissions/providers](http://localhost:1337/admin/plugins/users-permissions/providers)
¥Visit the User & Permissions provider settings page at http://localhost:1337/admin/plugins/users-permissions/providers
-
单击 CAS 提供商
¥Click on the CAS provider
-
填写信息:
¥Fill the information:
-
使能够:
ON
¥Enable:
ON
-
客户编号:thestrapiclientid
¥Client ID: thestrapiclientid
-
客户秘密:thestrapiclientsecret
¥Client Secret: thestrapiclientsecret
-
前端应用的重定向 URL:
http://localhost:1337/api/connect/cas/redirect
¥The redirect URL to your front-end app:
http://localhost:1337/api/connect/cas/redirect
-
提供者子域,以便以下 URL 对于你所定位的 CAS 部署是正确的:
¥The Provider Subdomain such that the following URLs are correct for the CAS deployment you are targeting:
authorize_url: https://[subdomain]/oidc/authorize
access_url: https://[subdomain]/oidc/token
profile_url: https://[subdomain]/oidc/profile例如,如果使用以下登录 URL 在本地运行 CAS:
https://localhost:8443/cas/login
,提供者子域的值为localhost:8443/cas
。¥For example, if running CAS locally with a login URL of:
https://localhost:8443/cas/login
, the value for the provider subdomain would belocalhost:8443/cas
. -
你的配置已完成。启动后端和 react login 示例应用,转到 http://localhost:3000
并尝试连接到你配置的提供商。
¥Your configuration is done.
Launch the backend and the react login example application, go to http://localhost:3000
and try to connect to the provider you configured.