/osf-cas-archived

OSF CAS - The Central Authentication and Authorization Service for the OSF

Primary LanguageJavaApache License 2.0Apache-2.0

OSF CAS by Center for Open Science

Master Build Status: TBI

Develop Build Status: TBI

Versioning Scheme: CalVer Scheme

License: License

About

OSF CAS is the centralized authentication and authorization service for the OSF and its services such as OSF Preprints and OSF Registries.

Features

  • OSF username and password login
  • OSF username and verification key login
  • OSF two-factor authentication
  • WIP - Delegated authentication
  • TBI - OAuth authorization server for OSF
  • TBI - SAML service provider

Implementations

The implementation of OSF CAS is based on Apereo CAS 6.2.x via CAS Overlay Template 6.2.x. Refer to CAS Documentaion 6.2.x for more details.

Legacy Implementations

A legacy version can be found at CAS Overlay, which was built on Jasig CAS 4.1.x via CAS Overlay Template 4.1.x.

Versions

  • OSF CAS 20.0.x
  • Apereo CAS 6.2.x
  • PostgreSQL 9.6
  • JDK 11

Build and Run OSF CAS

OSF

OSF CAS requires a working OSF running locally. Refer to OSF's README-docker-compose.md for how to set up and run OSF with docker-compose. Must disable fakeCAS to free port 8080.

In cas.propeties, global JDBC settings can be found here and JPA specific settings can be found here.

CAS DB

OSF CAS is configured to use the JPA Ticket Registry for durable ticket storage. Thus, a relational database is required. Set up a PostgreSQL@9.6 server and update JPA Ticket Registry settings in cas.propeties accordingly. Must use a port other than the already occupied 5432.

Signing and Encryption Keys

Refer to settings in cas.properties for signing and encrypting client session and ticket granting cookie.

Authentication Delegation

ORCiD Login

Set up a developer app at ORCiD with http://localhost:8080/login and http://192.168.168.167:8080/login as redirect URIs. Update cas.authn.pac4j.orcid.id and cas.authn.pac4j.orcid.secret in cas.properties settings.

fakeCAS Login

With OSF CAS running locally as the authentication server for OSF, fakeCAS can be configured to serve as an identity provider. Simply update fakecas in OSF's docker-compose.yaml to listen on port 8081.

fakecas:
  image: quay.io/centerforopenscience/fakecas:master
  command: fakecas -host=0.0.0.0:8081 -osfhost=localhost:5000 -dbaddress=postgres://postgres@postgres:5432/osf?sslmode=disable
  restart: unless-stopped
  ports:
    - 8081:8081
  depends_on:
    - postgres
  stdin_open: true

Related settings in cas.propeties can be found here.

Build and Run

It is recommended to use the Dockerfile and the provided scripts to build and run CAS.

./docker-build.sh
./docker-run.sh

Refer to Apereo's README.md for more options.