A Complement to “CAS configuration for G Suite”

We planned to change our E-mail service provider to Gmail, but for some reason this plan was asked to abort by the boss. However, before the plan aborts, I somehow managed to make Google to work with our SSO that is built on Apereo CAS.

When I was working on this, an article provided me very much help: CAS configuration for G Suite , as well as some offical documents listed below:

But after reading those texts, I did not find out where to place my certificate and revalent private key, so I digged into the source code repository and found the way. If you look at the source code , you will find out it act like this:

  1. check if metadata.xml exists, if not generate one ( and public/private keys etc. )
  2. before generating cert and key files (for both signing and encryption), check if there is any existing file, force delete if found ( check code)

If you do not have metadata and certificate/key files, the most easy way to get one is to build a testing server to let it generates those files for you.

If you already have those files, just place it in /etc/cas/, or under the directory you specified by setting cas.authn.samlIdp.metadata.location in cas.properties.

此条目发表在折腾 CAS分类目录,贴了, , , , , , 标签。将固定链接加入收藏夹。