GakuNin CAS Overlay is developed by forking Center for Open Science CAS Overlay
nii-mergework-201802
Build Status:
"Center for Open Science - CAS Overlay" is often referred to as CAS or OSF CAS. It is the centralized authentication and authorization system for the OSF and its services such as Preprints, Registries and SHARE.
- OSF Username and Password Login
- OSF Username and Verification Key Login
- OSF Two-Factor Authentication
- OSF Authentication Delegation
- OSF OAuth Provider
- Login Request Throttling
The implementation of OSF CAS is based on Yale/Jasig/Apereo CAS 4.1.x using CAS Overlay Template 4.1.x. Official docs from Apereo CAS can be found here. Learn more about the CAS protocol here or refer to the full specification.
- Install Java Development Kit 8 (JDK 1.8) either from Oracle or OpenJDK. For macOS, it is recommended to use THE package manager Homebrew with command
brew cask install adoptopenjdk8
.
- Download and install Unlimited Strength Jurisdiction Policy Files for Java Cryptography Extension (JCE). Here is the version for JDK 1.8. Unpack the ZIP file and follow the
README.txt
in the folder to back up existing cryptography policy files and install the new stronger ones.
- CAS requires a working OSF (more specifically, its database server) running locally. See Running the OSF For Development for how to run OSF locally with
docker-compose
.
-
CAS requires Postgres as its backend database. Use a port other than
5432
since this default one has already been taken by OSF. Updatedatabase.url
,database.user
anddatabase.password
in thecas.properties
. -
CAS also requires read-only access to OSF's database. No extra Postgres setup or CAS configuration is needed when running OSF locally with
docker-compose
as mentioned above. The default one works as it is.
-
Refer to the
Dockerfile
in the repository for how to run CAS with the Jetty Maven Plugin. Only theapp
anddev
stages are relevant in this case since thedist
one is used for production and staging servers. Take a look at the.travis.yml
on how to run unit tests. You can skippackage
and go forclean
andinstall
directly; in addition, toggle the profilenocheck
to turn unit tests on and off. -
TL;DR, here are the commands that you need:
# clean and install w/ test mvn clean install -P !nocheck # clean and install w/o test mvn clean install -P nocheck # start jetty mvn -pl cas-server-webapp/ jetty:run
-
With default settings, CAS runs on port
8080
at IP address192.168.168.167
locally. Changeserver.name
here incas.properties
if you want a different IP or port.
-
To use the "Sign in with ORCiD" feature, create an application at ORCiD Developer Tools with Redirect URI set as
http://192.168.168.167:8080/login
. Alternatively, COS developers can use the credentials provided in https://osf.io/m2hig/wiki/home/. Updateoauth.orcid.client.id
andoauth.orcid.client.secret
accordingly here in thecas.properties
. ORCiD login will not work if CAS is run on a differentserver.name
without updating 1) OSFdocker-compose
settings and 2) the Redirect URI of the ORCiD developer application. -
The "Sign in through institution" feature is not available for local development. It requires a Shibboleth server sitting in front of CAS handling both SAML 2.0 authentication and TLS.
-
Installing
java8
with Homebrew on macOS (i.e.brew cask install java8
) no longer works due to Oracle's new license for Java SE. Here is the discussion. Instead, use the alternative AdoptOpenJDK and here is the Tap. -
We recommend using an IDE (e.g. IntelliJ IDEA, Eclipse IDE, etc.) for local development.