Basic Authentication

Verify and authenticate credentials using Basic Authentication.

Support is enabled by including the following dependency in the WAR overlay:

1
2
3
4
5
<dependency>
    <groupId>org.apereo.cas</groupId>
    <artifactId>cas-server-support-basic</artifactId>
    <version>${cas.version}</version>
</dependency>
1
implementation "org.apereo.cas:cas-server-support-basic:${project.'cas.version'}"
1
2
3
4
5
6
7
8
9
dependencyManagement {
    imports {
        mavenBom "org.apereo.cas:cas-server-support-bom:${project.'cas.version'}"
    }
}

dependencies {
    implementation "org.apereo.cas:cas-server-support-basic"
}
1
2
3
4
5
6
7
8
9
10
dependencies {
    /*
    The following platform references should be included automatically and are listed here for reference only.
            
    implementation enforcedPlatform("org.apereo.cas:cas-server-support-bom:${project.'cas.version'}")
    implementation platform(org.springframework.boot.gradle.plugin.SpringBootPlugin.BOM_COORDINATES)
    */

    implementation "org.apereo.cas:cas-server-support-basic"
}

To access a CAS-protected application using a command-line client such as curl, the following command may be used:

1
curl <APPLICATION-URL> -L -u <USER>:<PASSWORD>

Use --insecure -v flags to bypass certificate validation and receive additional logs from curl.

If your APPLICATION-URL and CAS server url are not on the same host, curl will NOT send the Basic Authentication header to the CAS server when redirected. This behavior in curl can be overridden by passing the --location-trusted flag to curl.

From CURL man page:

1
2
3
4
--location-trusted
        (HTTP/HTTPS) Like -L, --location, but will allow sending the name + password to all hosts that the site may redirect to. This may or may
        not  introduce a security breach if the site redirects you to a site to which you'll send your authentication info 
        (which is plaintext in the case of HTTP Basic authentication).