Skip to main content
Third-party Integration

CAS integration

Connect your corporate Central Authentication Service (CAS 2.0 or 3.0) to enable single sign-on (SSO).
Applicable editionDedicated Edition

Background

Central Authentication Service (CAS) is an SSO protocol that allows users to authenticate once and access multiple applications without signing in to each one individually.

Create out-of-scope users

Enterprise administrators can configure and manage CAS integration in Enterprise Management > Third-party Integration. To create users that do not exist in CAS, select Allow built-in users to be created outside the synchronization scope.

Configure CAS

Step 1: Configure CAS connection

To connect the Qoder CN service provider (SP) to your corporate identity provider (IdP), provide the following information:
  • CAS login endpoint.
  • CAS logout endpoint.
  • Service Ticket validation endpoint.
The page also provides a Skip HTTPS verification toggle, which you can enable if needed. After you enter the information, click Next.

Step 2: Account binding and attribute mapping

Bind user accounts by using one of the following methods:
  • Automatically bind accounts with the same email address.
  • Automatically bind accounts with the same login ID.
  • Automatically bind accounts with the same phone number.
  • Automatically bind accounts with the same employee ID.
Based on your selected strategy, Qoder CN automatically binds CAS accounts to Qoder CN accounts that share the same attribute value. The attribute you choose must be unique and exist for all users. For example, if you choose to Automatically bind accounts with the same email address, the binding process works as follows: Next, configure user attribute mapping. Qoder CN maps user information based on these mappings. You must specify the Unique Account Identifier, which is the CAS user attribute used to uniquely identify an account. This setting cannot be changed after you submit the configuration. The user attribute mappings are: Name maps to name, login ID (required) maps to user_name, Email maps to email, Mobile maps to mobile, employee ID maps to employId, and Nickname maps to nickname.

Step 3: Enable service

Single sign-on is disabled by default during setup. After you enable it, you can configure the following settings:
  • Configure login callback URL: Copy the provided login callback URL and configure it in your CAS IdP.
  • Custom configuration: Modify the CAS display name and display icon.
  • Allow creating a Qoder CN account on first login:
    • Unchecked by default: Limits binding to only CAS accounts and existing Qoder CN accounts. If a matching Qoder CN account is not found, a new account is not created.
    • If you select this option, a new Qoder CN account is automatically created and bound when no matching Qoder CN account is found.
The page includes a Focused Login toggle, disabled by default. When enabled, users are automatically redirected from the sign-in page to the CAS login page. You can also save the configuration without enabling single sign-on and enable it later from the CAS integration details page.

Sign in to Qoder CN with CAS

After you enable single sign-on, a CAS login option appears on the Qoder CN sign-in page. Users with a bound CAS account can click this option to be redirected to your CAS login page and sign in.

Sign out

When a user signs out of Qoder CN, they are also signed out of the CAS IdP.

Modify CAS configuration

On the CAS integration details page, click View/Modify configuration. In the drawer that appears, you can modify optional user attribute mappings. Other settings cannot be changed.

Disable single sign-on

On the CAS integration details page, if single sign-on is enabled, click Modify service configuration. In the configuration drawer, you can disable single sign-on. After you disable it:
  • Existing bindings between Qoder CN accounts and CAS accounts are not removed.
  • CAS-based sign-in is no longer available. To sign in to Qoder CN, use the Qoder CN login ID and password.

Remove CAS integration

On the CAS integration details page, click Remove Integration and confirm the action. After you remove the integration:
  • All bindings between Qoder CN accounts and CAS accounts are removed.
  • Users can no longer sign in to Qoder CN by using CAS. They must use their Qoder CN login ID and password to sign in.
Guides
Tutorials
  • Coding with Qoder CN
Developer Reference
CAS integration - Qoder CN