Nightingale Single Sign-On Feature Introduction
Configuration Example Explanation
# Whether to enable CAS login functionality. Options: true/false
Enable = true
# Display name for CAS login method in the frontend
DisplayName = 'CAS Login'
# Redirect URL after successful CAS authentication. This URL should be the callback address of the Nightingale monitoring service
RedirectURL = 'http://n9e-server:port/callback/cas'
# Address of the SSO service CAS
SsoAddr = 'https://n9e-auth2.authing.cn/cas-idp/6698b30fc9e781e51dc0f509'
# Logout address of the SSO service CAS, used for handling user logout requests
SsoLogoutAddr = 'https://n9e-auth2.authing.cn/cas-idp/6698b30fc9e781e51dc0f509/logout'
# Login path for SSO service CAS; combined with SsoAddr to form the complete login address
LoginPath = '/login'
# Whether to override user attributes. Options: true/false
CoverAttributes = true
# Default roles for users in the Nightingale system. Options: Guest/Standard/Admin
DefaultRoles = ['Standard']
# Requested CAS scopes
Scopes = ['openid', 'profile', 'email', 'phone']
# Mapping of CAS user attributes to Nightingale user attributes
[Attributes]
# Mapping for username field
Username = 'sub'
# Mapping for nickname field
Nickname = 'nickname'
# Mapping for phone field
Phone = 'phone_number'
# Mapping for email field
Email = 'email'
Basic Configuration Explanation
Below is an explanation of the Authing CAS configuration:
RedirectURL is defaulted to ‘http://n9e-server:port/callback/cas’
| Nightingale Configuration | OIDC Configuration |
|---|---|
| SsoAddr | Login endpoint, excluding /login. /login is written in the LoginPath parameter |
| SsoLogoutAddr | Logout endpoint |
| LoginPath | Combined with SsoAddr to form the complete login address |
Account Login
Account Logout
Similar to OIDC, direct CAS account logout from the Nightingale server side is currently not supported. If account logout is needed, you need to first log out from the CAS service side, then return to the Nightingale service page and select account logout.
