Skip to main content

此版本的 GitHub Enterprise 已停止服务 2022-10-12. 即使针对重大安全问题,也不会发布补丁。 为了获得更好的性能、更高的安全性和新功能,请升级到最新版本的 GitHub Enterprise。 如需升级帮助,请联系 GitHub Enterprise 支持

Using CAS

If you use Central Authentication Service (CAS) to centralize access to multiple web applications, you can integrate GitHub Enterprise Server by configuring CAS authentication for your instance.

About CAS authentication for GitHub Enterprise Server

CAS is a single sign-on (SSO) protocol that centralizes authentication to multiple web applications. For more information, see "Central Authentication Service" on Wikipedia.

After you configure CAS, people who use your GitHub Enterprise Server instance must use a personal access token to authenticate API or Git requests over HTTP(S). CAS credentials cannot be used to authenticate these requests. For more information, see "Creating a personal access token."

If you configure CAS, people with accounts on your identity provider (IdP) do not consume a user license until the person signs into your GitHub Enterprise Server instance.

If you want to allow authentication for some people who don't have an account on your external authentication provider, you can allow fallback authentication to local accounts on your GitHub Enterprise Server instance. For more information, see "Allowing built-in authentication for users outside your provider."

Username considerations with CAS

GitHub Enterprise Server normalizes a value from your external authentication provider to determine the username for each new personal account on your GitHub Enterprise Server instance. For more information, see "Username considerations for external authentication."

CAS attributes

The following attributes are available.

Attribute nameTypeDescription
usernameRequiredThe GitHub Enterprise Server username.

Configuring CAS

  1. 从 GitHub Enterprise Server 上的管理帐户任意页面的右上角,单击

    用于访问站点管理员设置的火箭图� �的屏幕截图

  2. 如果� 尚未在“站点管理员”页上,请在左上角单击“站点管理员”。

    “站点管理员”链接的屏幕截图

  3. 在左侧边� �中,单击“管理控制台”。 左侧边� �中的 管理控制台 选项卡

  4. 在左侧边� �中,单击“身份验证”。 设置侧边� �中的“身份验证”选项卡

  5. Select CAS.

    Screenshot of selection of CAS for authentication

  6. (可选)若要允许外部身份验证系统上没有帐户的人员使用内置身份验证登录,请选择“允许内置身份验证”。 有关详细信息,请参阅“允许对提供者外部的用户使用内置身份验证”。

    Screenshot of of fallback built-in authentication option for CAS

  7. In the Server URL field, type the full URL of your CAS server. If your CAS server uses a certificate that can't be validated by GitHub Enterprise Server, you can use the ghe-ssl-ca-certificate-install command to install it as a trusted certificate. For more information, see "Command-line utilities."