About CAS authentication for GitHub Enterprise Server
CAS is a single sign-on (SSO) protocol that centralizes authentication to multiple web applications. For more information, see "Central Authentication Service" on Wikipedia.
After you configure CAS, people who use your GitHub Enterprise Server instance must use a personal access token to authenticate API or Git requests over HTTP(S). CAS credentials cannot be used to authenticate these requests. For more information, see "Creating a personal access token."
If you configure CAS, people with accounts on your identity provider (IdP) do not consume a user license until the person signs into your GitHub Enterprise Server instance.
If you want to allow authentication for some people who don't have an account on your external authentication provider, you can allow fallback authentication to local accounts on your GitHub Enterprise Server instance. For more information, see "Allowing built-in authentication for users outside your provider."
Username considerations with CAS
GitHub Enterprise Server normalizes a value from your external authentication provider to determine the username for each new personal account on your GitHub Enterprise Server instance. For more information, see "Username considerations for external authentication."
CAS attributes
The following attributes are available.
Attribute name | Type | Description |
---|---|---|
username | Required | The GitHub Enterprise Server username. |
Configuring CAS
-
GitHub Enterprise Server の管理アカウントから、任意のページの右上隅の をクリックします。
-
[サイト管理者] ページにま� 表示されていない� �合は、左上隅の [サイト管理者] をクリックします。
-
左側のサイドバーで、 [Management Console] をクリックします。
-
左サイドバーにある [Authentication](認証) をクリックします。
-
Select CAS.
-
必要に応じて、外部認証システ� のアカウントを持たないユーザーがビルトイン認証でサインインできるようにするには、 [Allow built-in authentication](ビルトイン認証を許可する) を選択します。 詳しくは、「プロバイダー外のユーザーのためのビルトイン認証の許可」を参照してく� さい。
-
In the Server URL field, type the full URL of your CAS server. If your CAS server uses a certificate that can't be validated by GitHub Enterprise Server, you can use the
ghe-ssl-ca-certificate-install
command to install it as a trusted certificate. For more information, see "Command-line utilities."