New CAS documentation site
CAS documentation has moved over to apereo.github.io/cas, starting with CAS version 4.x. The wiki will no longer be maintained. For the most recent version of the documentation, please refer to the aforementioned link.
Note that once you add a service, the restrictions are turned on. Be sure that first service you add is the Services Management application if you're protecting your service management console using CAS!
Adding a New Service
After you've logged in, you should see the Services Management Console. Click on the "Add new Service" link.
The following fields are required:
- Name - represents the service for display purposes within the Services Management Console.
- Service URL - the URL of the service. You can use Ant pattern Matching to represent multiple services
- Description - a description for identifying services within the Services Management Console.
The following fields are optional:
- Theme - matches a name that the Spring Theme Resolver is using (Details refer to Theme Control)
- Enabled - whether the service is enabled; defaults to true. If set to false, CAS will immediately stop vending Tickets for this service.
- Allowed to proxy - whether the service can retrieve Proxy Granting Tickets; defaults to true. If set to false, CAS will immediately stop vending Proxy Granting Tickets to this services. Existing PGTs will still be honored until they expire.
- SSO Participant - whether the service may participate in single sign on; defaults to true. If set to false, the user will be shown an error screen when redirected to CAS unless the CAS client-side configuration for this service sets renew=true.
- Anonymous Access - whether the service receives the real NetId or some one-way hash; defaults to false.
- Attributes - which attributes a service is allowed to see
Important field not documented here
The "evaluationOrder" property on RegisteredService doesn't seem to be documented here, though it's surfaced in the UI and is important to getting the expected behavior from CAS when multiple registry entries can match a service URL encountered at runtime (e.g., when the wildcard https://** entry is retained.)