WORKERS AHEAD!
You are viewing the development documentation for the Apereo CAS server. The functionality presented here is not officially released yet. This is a work in progress and will be continually updated as development moves forward. You are most encouraged to test the changes presented.
Basic Authentication
Verify and authenticate credentials using Basic Authentication.
Support is enabled by including the following dependency in the WAR overlay:
1
2
3
4
5
<dependency>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-support-basic</artifactId>
<version>${cas.version}</version>
</dependency>
1
implementation "org.apereo.cas:cas-server-support-basic:${project.'cas.version'}"
1
2
3
4
5
6
7
8
9
dependencyManagement {
imports {
mavenBom "org.apereo.cas:cas-server-support-bom:${project.'cas.version'}"
}
}
dependencies {
implementation "org.apereo.cas:cas-server-support-basic"
}
1
2
3
4
5
6
7
8
9
10
dependencies {
/*
The following platform references should be included automatically and are listed here for reference only.
implementation enforcedPlatform("org.apereo.cas:cas-server-support-bom:${project.'cas.version'}")
implementation platform(org.springframework.boot.gradle.plugin.SpringBootPlugin.BOM_COORDINATES)
*/
implementation "org.apereo.cas:cas-server-support-basic"
}
To access a CAS-protected application using a command-line client such as curl
, the following command may be used:
1
curl <APPLICATION-URL> -L -u <USER>:<PASSWORD>
Use --insecure -v
flags to bypass certificate validation and receive additional logs from curl
.
If your APPLICATION-URL
and CAS server url are not on the same host, curl will NOT send the Basic Authentication header to the CAS
server when redirected. This behavior in curl can be overridden by passing the --location-trusted
flag to curl.
From CURL man page:
1
2
3
4
--location-trusted
(HTTP/HTTPS) Like -L, --location, but will allow sending the name + password to all hosts that the site may redirect to. This may or may
not introduce a security breach if the site redirects you to a site to which you'll send your authentication info
(which is plaintext in the case of HTTP Basic authentication).