CAS is a single sign-on protocol for accessing web applications that is supported by GitHub Enterprise.
Once you have successfully configured CAS authentication, users will sign into your GitHub Enterprise appliance with their CAS credentials.
License seats
A CAS user account does not take up a license seat until someone signs into it at least once.
Valid usernames
If your CAS server has usernames that contain any non-alphanumeric characters other than hyphens, GitHub Enterprise will automatically replace those characters with hyphens. For example, a CAS username of firstname.lastname
will be converted—or "normalized"—into a GitHub Enterprise username of firstname-lastname
. Note that this may cause multiple CAS account names (such as firstname.lastname
and firstname_lastname
) to be normalized into the same Enterprise account name.
Access tokens
If you choose to enable CAS on your GitHub Enterprise appliance, note that you will not be able to use your username and password to authenticate API requests or Git operations over HTTP/HTTPS. You will need to create an access token to use instead.
Certificates
If your CAS server uses a certificate that can't be validated by GitHub Enterprise, you can use the ghe-ssl-ca-certificate-install
command-line utility to install it as a trusted certificate.
Site administrators
The first CAS user account to sign into your appliance will be automatically promoted to a site administrator.