<abbrtitle="LemonLDAP::NG">LL::NG</abbr> can delegate authentication to a <abbrtitle="Central Authentication Service">CAS</abbr> server. This requires <ahref="http://sourcesup.cru.fr/projects/perlcas/"class="urlextern"title="http://sourcesup.cru.fr/projects/perlcas/"rel="nofollow">Perl CAS module</a>.
<divclass="notetip"><abbrtitle="LemonLDAP::NG">LL::NG</abbr> can also act as <ahref="idpcas.html"class="wikilink1"title="documentation:2.0:idpcas">CAS server</a>, that allows one to interconnect two <abbrtitle="LemonLDAP::NG">LL::NG</abbr> systems.
<abbrtitle="LemonLDAP::NG">LL::NG</abbr> can also request proxy tickets for its protected services. Proxy tickets will be collected at authentication phase and stored in user session under the form:
They can then be forwarded to applications trough <ahref="writingrulesand_headers.html#headers"class="wikilink1"title="documentation:2.0:writingrulesand_headers">HTTP headers</a>.
</p>
<divclass="notetip"><abbrtitle="Central Authentication Service">CAS</abbr> authentication will automatically add a <ahref="logoutforward.html"class="wikilink1"title="documentation:2.0:logoutforward">logout forward rule</a> on <abbrtitle="Central Authentication Service">CAS</abbr> server logout <abbrtitle="Uniform Resource Locator">URL</abbr> in order to close <abbrtitle="Central Authentication Service">CAS</abbr> session on <abbrtitle="LemonLDAP::NG">LL::NG</abbr> logout.
In Manager, go in <code>General Parameters</code>><code>Authentication modules</code> and choose <abbrtitle="Central Authentication Service">CAS</abbr> for authentication.
</p>
<divclass="notetip">You can then choose any other module for users and password.
</div>
<p>
Then, go in <code><abbrtitle="Central Authentication Service">CAS</abbr> parameters</code>:
</p>
<ul>
<liclass="level1"><divclass="li"><strong>Authentication level</strong>: authentication level for this module.</div>
</li>
<liclass="level1"><divclass="li"><strong>Server <abbrtitle="Uniform Resource Locator">URL</abbr></strong>: <abbrtitle="Central Authentication Service">CAS</abbr> server <abbrtitle="Uniform Resource Locator">URL</abbr> (must use https://)</div>
</li>
<liclass="level1"><divclass="li"><strong>CA file</strong>: CA certificate used to validate <abbrtitle="Central Authentication Service">CAS</abbr> server certificate</div>
</li>
<liclass="level1"><divclass="li"><strong>Renew authentication</strong>: force authentication renewal on <abbrtitle="Central Authentication Service">CAS</abbr> server</div>
</li>
<liclass="level1"><divclass="li"><strong>Gateways authentication</strong>: force transparent authentication on <abbrtitle="Central Authentication Service">CAS</abbr> server</div>
</li>
<liclass="level1"><divclass="li"><strong><abbrtitle="Proxy Granting Ticket">PGT</abbr> file</strong>: temporary file where proxy tickets are stored (by default, <code>/tmp/pgt.txt</code>)</div>
</li>
<liclass="level1"><divclass="li"><strong>Proxied services</strong>: list of services for which a proxy ticket is requested:</div>
<ul>
<liclass="level2"><divclass="li"><strong>Key</strong>: Service ID</div>
</li>
<liclass="level2"><divclass="li"><strong>Value</strong> Service <abbrtitle="Uniform Resource Locator">URL</abbr> (<abbrtitle="Central Authentication Service">CAS</abbr> service identifier)</div>
</li>
</ul>
</li>
</ul>
<divclass="notetip">If no proxied services defined, <abbrtitle="Central Authentication Service">CAS</abbr> authentication will not activate the <abbrtitle="Central Authentication Service">CAS</abbr> proxy mode.
</div><divclass="noteimportant">If you activate proxy mode, you must create the <abbrtitle="Proxy Granting Ticket">PGT</abbr> file on your system, for example: