Speaking of CAS Authentication...
For companies that have a CAS (Centralized Authentication System) authentication server, Identity allows you to use the existing authentication service to authorize access to your resources. The aim is to allow a CAS server to be responsible for authenticating and provisioning users to Identity.
In companies where CAS authentication has been enabled, the Multi-factor authentication feature cannot be used.
Enable CAS Authentication
To make this configuration, you must have a CAS server installed and configured.
01. Click the 
Settings icon in the top-right corner and select Security.
02. Access the CAS Authentication feature.
03. Check the Enable CAS authentication feature to define whether CAS authentication will be enabled.
04. If CAS authentication has been enabled, fill in the fields below.
Select the CAS server
Enter the protocol version to be used (CAS 2.0 or CAS 3.0).
Select the validation type
Indicate whether the flow used will be Proxy Validate or Service Validate.
URL of your company's CAS service
Enter the url of your company's CAS service.
Field in your CAS Response that represents the user's name
Enter the field that represents the user's name in the CAS Response.
Field in your CAS Response that represents the user's last name
Enter the field that represents the user's last name in the CAS Response.
CAS Response field that represents the user’s e-mail
Enter the field that represents the user’s e-mail in the CAS Response.
The user's last name is entered in the name field
By checking this option, the user's last name field will not be visible on the screen and can be entered directly in the name field.
04. After filling in the fields, click Save to confirm the information.
If there is an error related to IDM redirection after a successful CAS login, a screen will appear reporting the login failure. For example, when the main e-mail address is not correctly entered in the CAS enable parameter, the screen showing the reason for the login failure will be displayed.
After completing the configuration, when you open the Identity login page, the CAS screen will be displayed instead of the standard TOTVS Identity screen.
When logging off, depending on CAS server settings, the user will be redirected to the CAS session ended page.
CAS Response JSON
For the integration with CAS to be successful, the JSON encoded in the CAS Response must be in the following format:
{
"rgUf": "SC",
"localidade": "JOINVILLE",
"matricula": "123456",
"nome": "Teste",
"emailCorporativo": "[email protected]",
"sobrenome": "Teste,
"nomeComum": "Teste Teste"
}
The following are representative values:
| Field | Description |
|---|---|
| rgUf | State |
| localidade | Location city |
| matricula | Identifier for CAS server |
| emailCorporativo | User Email / Identity Login |
| nome | User name |
| sobrenome | User's last name |
| nomeComum | Name for the system |
Visão Geral
Import HTML Content
Conteúdo das Ferramentas
Tarefas