Help documentation

1. Before you can use Mingle CAS authentication, you must first complete the standard Mingle installation and configuration. Make sure that you setup a user with both full Mingle administrative privileges and a login that is also contained in your CAS System.
2. Stop Mingle server.

3. Edit mingle_data_directory/config/auth_config.yml to contain your configuration:

   Please for all options include the slash in cas_uri

Option One:

If your CAS server use secure connection (i.e., HTTPS) with a certification signed by a commercial signer, use the following configuration:

authentication: cas
cas_settings:
  cas_host: cas.example.com
  cas_uri: /cas
  cas_port: 443

Option Two:

If your CAS Server use secure connection (i.e., HTTPS) with a self-signed certification, use the following configuration:

authentication: cas
cas_settings:
  cas_host: cas.example.com
  cas_uri: /cas
  cas_port: 443
  cas_root_cert_path: /etc/pki/cacert/cacert.pem

Option Three:

If your CAS Server use secure connection (i.e., HTTPS), but you do not care to validate the certification, use the following configuration:

authentication: cas
cas_settings:
  cas_host: cas.example.com
  cas_uri: /cas
  cas_port: 443
  cas_trust_all_certs: true

Option Four:

If your CAS server is using a self-signed certificate, you can import your CAS server's certificate and/or your CA Root certificate into your Java keystore:

keytool -import -trustcacerts -alias "My Root Certificate" -file cacert.crt -keystore /usr/java/default/jre/lib/security/cacerts

Please check where is your Java keystore located. In the example above, the Java keystore is under /usr/java/default/jre/lib/security/cacerts

You can then use the same settings as option one above:

authentication: cas
cas_settings:
  cas_host: cas.example.com
  cas_uri: /cas
  cas_port: 443

4. Notice the first line of each configuration above, as of 2.0.1 it is now necessary to explicitly state an authentication of type 'cas' in order to use the CAS authentication plugin.

   If you have enabled basic authentication, you will not be able to use the CAS plugin for basic authentication, so you will need to specify either 'ldap' or 'mingle' authentication:

basic_authentication_enabled: true
basic_authentication: ldap
authentication: cas 
cas_settings:
  cas_host: ...
  ...
ldap_settings: 
  ldapserver: ...
  ...

5. Start Mingle server.
6. Go to any Mingle page and you should be redirected to your CAS login page. After entering you username and CAS password, you will be redirected to Mingle and will be logged in as the user you setup in Step 1. This user will still have full Mingle admin privileges. This user can make future Mingle users Mingle admins if you wish to grant others that privilege.

7. Any users enrolled in your CAS system can now login to Mingle. When they login to Mingle, a Mingle account will be automatically created if it does not already exist. Once a user has logged in for the first time s/he can be granted access to projects.

   If the maximum number of Mingle users has been added to the Mingle instance, Mingle will not create accounts for new users logging in via CAS. These users will be informed that the instance has reached the maximum number of users. When the maximum number of users is increased or existing users are deleted or deactivated, Mingle will automatically create accounts for new users again.

Should you ever wish to turn off CAS authentication, simply change the values of 'authentication' and 'basic_authentication' in the config/auth_config.yml file to the type of authentication you wish to switch to, either 'ldap' or 'mingle'. After restarting the Mingle server, users will then be able to use the Mingle password recovery feature in order to set a Mingle password.