This section describes the steps required to manually configure a CAS provider when initially setting up a Hyland IdP server. For additional configuration and ongoing maintenance, see the Configuring the Hyland IdP Server chapter in this module reference guide.
To initially configure a CAS provider:
- First, complete the main steps under Configuring the Hyland IdP Server for Use With Perceptive before attempting this procedure.
-
Locate the Providers block and add the following
settings:
{ "Id": "", "Name": "", "Type": 4, "ProtocolSettings": { "IdentityProvider": "", "ProtocolVersion": 3 }, "UserAttributeMappingSettings": { "userid": "", "username": "", "email": "", "realName": "", "group": "" }, "UserProvisioningSettings": { "UserProvisioningEnabled": false, "DefaultSsoGroupMapping": [] }, "ClaimTransformationSettings": { "StripDomainFromUserName": false } }
-
Enter a unique identification value in the Id
field.
Note: This value is required and must be unique.
-
Enter a unique name for the provider in the Name
field.
Note: This value is required and must not contain slashes (/ or \).
-
Update the values of the settings to match your environment:
Setting
Description
IdentityProvider
Set this option to the root URL of the CAS server. For example, https://Cas.Server.Name:8443/CasServer/
ProtocolVersion
Set this option to the whole-number version of your CAS provider. The Hyland IdP server supports CAS versions 1, 2, and 3. The only allowed values for this setting are:
-
1
-
2
-
3
UserAttributeMappingSettings
These options are used to synchronize user attribute information.
The schema definitions of the provider responses that contain the account declarations of the user logging in. The following attributes can be synchronized.
-
username: The URI of the claim type in the provider response that contains the user name of the user logging in.
-
email: The URI of the claim type in the provider response that contains the email address of the user logging in.
-
realName: The URI of the claim type in the provider response that contains the real name of the user logging in.
-
group: The URI of the claim type in the provider response that contains the group membership of the user logging in.
ClaimTransformationSettings | StripDomainFromUserName
Set this option to true to remove the domain from the user name before it is passed for authentication.
This setting controls whether to automatically strip the domain from user names that are passed as either domain\username or username@domain. This is useful when providers use a full domain and user name but authenticating system only uses the user name.
UserProvisioningSettings | UserProvisioningEnabled
Set this option to false for Perceptive environments.
-
- Save and close the idpconfig.json file.
- Recycle the application pool of the Hyland IdP server for the changes to take effect.