Skip to main content

Using CAS

If you use Central Authentication Service (CAS) to centralize access to multiple web applications, you can integrate GitHub Enterprise Server by configuring CAS authentication for your instance.

About CAS authentication for GitHub Enterprise Server

CAS is a single sign-on (SSO) protocol that centralizes authentication to multiple web applications. For more information, see "Central Authentication Service" on Wikipedia.

After you configure CAS, people who use your GitHub Enterprise Server instance must use a personal access token to authenticate API or Git requests over HTTP(S). CAS credentials cannot be used to authenticate these requests. For more information, see "Creating a personal access token."

If you configure CAS, people with accounts on your identity provider (IdP) do not consume a user license until the person signs into your GitHub Enterprise Server instance.

If you want to allow authentication for some people who don't have an account on your external authentication provider, you can allow fallback authentication to local accounts on your GitHub Enterprise Server instance. For more information, see "Allowing built-in authentication for users outside your provider."

Username considerations with CAS

GitHub Enterprise Server normalizes a value from your external authentication provider to determine the username for each new personal account on your GitHub Enterprise Server instance. For more information, see "Username considerations for external authentication."

CAS attributes

The following attributes are available.

Attribute nameTypeDescription
usernameRequiredThe GitHub Enterprise Server username.

Configuring CAS

  1. Desde una cuenta administrativa de GitHub Enterprise Server, en la esquina superior derecha de cualquier página, haz clic en .

    Captura de pantalla del icono de cohete para acceder a los ajustes administrativos

  2. Si todavía no está en la página "Administrador del sitio", en la esquina superior izquierda, haga clic en Administrador del sitio.

    Captura de pantalla del vínculo "Administrador del sitio"

  3. En la barra lateral de la izquierda, haga clic en Consola de administración . Pestaña Consola de administración en la barra lateral de la izquierda

  4. En la barra lateral de la izquierda, haga clic en Autenticación. Pestaña de autenticación en la barra lateral de configuración

  5. Select CAS.

    Screenshot of selection of CAS for authentication

  6. Opcionalmente, para permitir que los usuarios sin una cuenta en el sistema de autenticación externa inicien sesión con la autenticación integrada, selecciona Permitir autenticación integrada. Para obtener más información, consulta «Permiso para la autenticación integrada para usuarios fuera del proveedor».

    Screenshot of of fallback built-in authentication option for CAS

  7. In the Server URL field, type the full URL of your CAS server. If your CAS server uses a certificate that can't be validated by GitHub Enterprise Server, you can use the ghe-ssl-ca-certificate-install command to install it as a trusted certificate. For more information, see "Command-line utilities."