Download PDF

CAS (Central Authentication System) is an identity provider than can be integrated into Ensemble Video for a single sign-on user experience.

Prerequisites on CAS Server
  • SAML 11 Support is required
  • Must release attributes for givenName, surname, email, primary role
Pre-Requisites on Ensemble Server
  • Must have Ensemble 4.2 or higher

Ensemble 4.2 and higher will create a top level folder in IIS called “CAS”. This folder will contain a web.config file that will be used to configure CAS for your installation.

Web.Config Setup

Locate and edit the web.config file (i.e. C:\inetpub\wwwroot\ensemble\cas). Web.config contains CAS Auth Settings, at minimum you must configure:

  • casServerLoginUrl = “https://casserver.mydomain.edu:8443/cas/login” (url to login on cas server)
  • casServerUrlPrefix = “https://casserver.mydomain.edu:8443/cas” (root of cas server app)
  • serverName = “https://ensemble.mydomain.edu” (root of ensemble server)
  • ticketValidatorName = “SamIll” (Only SamIll will release attributes)

Application Settings in web.config:

  • ManualRedirectForTroubleshooting = If “true” system will display CAS information on the page and you must manually complete the transfer to ensemble (click a link).

casClientConfig casServerLoginUrl=”https://casserver.mydomain.edu:8443/cas/login”
casServerUrlPrefix=”https://casserver.mydomain.edu:8443/cas”
serverName=”https://ensemble.mydomain.edu
ticketValidatorName=”Saml11″

Ensemble Setup
  • Create CAS identity provider. Domain /cas or whatever you setup the IIS application
  • Setup a least one provisioning rule so that the identity can be created in ensemble and set to a library
  • Brand home page to point to cas auth (https://ensemble.mydomain.edu/cas)
Notes
  • Multiple-institution support comes from multiple copies of https://ennsemble-root/cas https://ensemble-root/cas2 etc… Each would have a separate web.config and CAS settings in each, pointing back to their respective CAS server
  • Attribute support is required, which means CAS auth with Samlil protocol
Step by Step : How It Works
  1. Entry page (Institution Branded page, perhaps) redirects to https://ensemble.mydomain.edu/cas
  2. https://ensemble.mydomain.edu/cas starts cas auth
    • based on settings in web.config for the cas application, redirects the institutional cas server, as set in the web.config
  3. End-user authenticates to the institutional CAS server, and on auth success redirects back to https://ensemble.mydomain.edu/cas
  4. https://ensemble/cas
    • groks the CAS attributes creating a CasAssertionModel, (required because ensemble needs provisioning)
    • sets an ensemble authentication cookie,
    • then redirects to https://ensemble.mydomain.edu/app/casauth/
  5. https://ensemble.mydomain.edu/app/casauth
    • performs provisioning based on rules and the attributes in the CasAssertionModel
    • Sets an ensemble authentication cookie.
    • Redirects to the user’s default library