Skip to main content

CAS 提供程序设置用户和权限

¥CAS provider setup for Users & Permissions

本页面说明如何为 用户和权限功能 设置 Auth0 提供程序。

¥The present page explains how to setup the Auth0 provider for the Users & Permissions feature.

Prerequisites

你已阅读 用户和权限提供商文档

¥You have read the Users & Permissions providers documentation.

CAS 配置

¥CAS configuration

注意

远程 CAS 服务器可以配置为接受 localhost URL,或者你可以在本地运行自己的 CAS 服务器来接受它们。

¥A remote CAS server can be configured to accept localhost URLs or you can run your own CAS server locally that accepts them.

不需要使用 ngrok

¥The use of ngrok is not needed.

  • CAS 是一个 SSO 服务器,支持多种不同的方法来验证用户身份、检索用户属性并通过 SAML、OIDC 和 CAS 协议等协议将该信息传达给应用。如果部署的 CAS 支持 OIDC,则 Strapi 可以使用 CAS 服务器进行身份验证。

    ¥CAS is an SSO server that supports many different methods of verifying a users identity, retrieving attributes out the user and communicating that information to applications via protocols such as SAML, OIDC, and the CAS protocol. Strapi can use a CAS server for authentication if CAS is deployed with support for OIDC.

  • CAS 可能已被你的公司或组织使用,或者你可以通过克隆 CAS 叠加 项目或使用较新的 CAS 初始化器 创建覆盖项目来设置本地 CAS 服务器。

    ¥CAS could already be used by your company or organization or you can setup a local CAS server by cloning the CAS Overlay project or using the newer CAS Initializr to create an overlay project.

  • 必须配置 CAS 服务器,以便它可以充当 OpenID 连接提供者

    ¥The CAS server must be configured so it can act as an OpenID Connect Provider

  • 已知 CAS 版本 6.3.x 及更高版本可与 Strapi 配合使用,但支持 OIDC 的旧版本也可以使用。

    ¥CAS version 6.3.x and higher is known to work with Strapi but older versions that support OIDC may work.

  • 为 Strapi 定义 CAS OIDC 服务并将其存储在正在使用的 CAS 服务注册表中。

    ¥Define a CAS OIDC service for Strapi and store it in whichever CAS service registry is being used.

  • 对于本地 Strapi 部署,CAS 服务定义可能如下所示:

    ¥The CAS service definition might look something like this for a local strapi deployment:

{
"@class": "org.apereo.cas.services.OidcRegisteredService",
"clientId": "thestrapiclientid",
"clientSecret": "thestrapiclientsecret",
"bypassApprovalPrompt": true,
"serviceId": "^http(|s)://localhost:1337/.*",
"name": "Local Strapi",
"id": 20201103,
"evaluationOrder": 50,
"attributeReleasePolicy": {
"@class": "org.apereo.cas.services.ReturnMappedAttributeReleasePolicy",
"allowedAttributes": {
"@class": "java.util.TreeMap",
"strapiemail": "groovy { return attributes['mail'].get(0) }",
"strapiusername": "groovy { return attributes['username'].get(0) }"
}
}
}

表带配置

¥Strapi configuration

  1. 访问用户和权限提供商设置页面位于 [http://localhost:1337/admin/plugins/users-permissions/providers](http://localhost:1337/admin/plugins/users-permissions/providers)

    ¥Visit the User & Permissions provider settings page at http://localhost:1337/admin/plugins/users-permissions/providers

  2. 单击 CAS 提供商

    ¥Click on the CAS provider

  3. 填写信息:

    ¥Fill the information:

    • 使能够:ON

      ¥Enable: ON

    • 客户编号:thestrapiclientid

      ¥Client ID: thestrapiclientid

    • 客户秘密:thestrapiclientsecret

      ¥Client Secret: thestrapiclientsecret

    • 前端应用的重定向 URL:http://localhost:1337/api/connect/cas/redirect

      ¥The redirect URL to your front-end app: http://localhost:1337/api/connect/cas/redirect

    • 提供者子域,以便以下 URL 对于你所定位的 CAS 部署是正确的:

      ¥The Provider Subdomain such that the following URLs are correct for the CAS deployment you are targeting:

      authorize_url: https://[subdomain]/oidc/authorize
    access_url: https://[subdomain]/oidc/token
    profile_url: https://[subdomain]/oidc/profile

    例如,如果使用以下登录 URL 在本地运行 CAS:https://localhost:8443/cas/login,提供者子域的值为 localhost:8443/cas

    ¥For example, if running CAS locally with a login URL of: https://localhost:8443/cas/login, the value for the provider subdomain would be localhost:8443/cas.

你的配置已完成。启动后端和 react login 示例应用,转到 http://localhost:3000 并尝试连接到你配置的提供商。

¥Your configuration is done. Launch the backend and the react login example application, go to http://localhost:3000 and try to connect to the provider you configured.