Manually Configuring a CAS Provider for Initial Use - Identity and Access Management Services - 4.4 - 4.4 - Ready - Other - external

Identity and Access Management Services

Platform
Other
Product
Identity and Access Management Services
Release
4.4
License

This section describes the steps required to manually configure a CAS provider when initially setting up a Hyland IdP server. For additional configuration and ongoing maintenance, see the Configuring the Hyland IdP Server chapter in this module reference guide.

To initially configure a CAS provider:

  1. First, complete the main steps under Configuring the Hyland IdP Server for Use With Perceptive before attempting this procedure.
  2. Locate the Providers block and add the following settings:
    {
              "Id": "",
              "Name": "",
              "Type": 4,
              "ProtocolSettings": {
                "IdentityProvider": "",
                "ProtocolVersion": 3
              },
              "UserAttributeMappingSettings": {
                "userid": "",
                "username": "",
                "email": "",
                "realName": "",
                "group": ""
       },
              "UserProvisioningSettings": {
                "UserProvisioningEnabled": false,
                "DefaultSsoGroupMapping": []
              },
              "ClaimTransformationSettings": {
                "StripDomainFromUserName": false
              }
            }
    
  3. Enter a unique identification value in the Id field.
    Note: This value is required and must be unique.
  4. Enter a unique name for the provider in the Name field.
    Note: This value is required and must not contain slashes (/ or \).
  5. Update the values of the settings to match your environment:

    Setting

    Description

    IdentityProvider

    Set this option to the root URL of the CAS server. For example, https://Cas.Server.Name:8443/CasServer/

    ProtocolVersion

    Set this option to the whole-number version of your CAS provider. The Hyland IdP server supports CAS versions 1, 2, and 3. The only allowed values for this setting are:

    • 1

    • 2

    • 3

    UserAttributeMappingSettings

    These options are used to synchronize user attribute information.

    The schema definitions of the provider responses that contain the account declarations of the user logging in. The following attributes can be synchronized.

    • username: The URI of the claim type in the provider response that contains the user name of the user logging in.

    • email: The URI of the claim type in the provider response that contains the email address of the user logging in.

    • realName: The URI of the claim type in the provider response that contains the real name of the user logging in.

    • group: The URI of the claim type in the provider response that contains the group membership of the user logging in.

    ClaimTransformationSettings | StripDomainFromUserName

    Set this option to true to remove the domain from the user name before it is passed for authentication.

    This setting controls whether to automatically strip the domain from user names that are passed as either domain\username or username@domain. This is useful when providers use a full domain and user name but authenticating system only uses the user name.

    UserProvisioningSettings | UserProvisioningEnabled

    Set this option to false for Perceptive environments.

  6. Save and close the idpconfig.json file.
  7. Recycle the application pool of the Hyland IdP server for the changes to take effect.