Visión general
This section describes how to connect your application to Casdoor.
When Casdoor acts as a Service Provider (SP), it supports:
- OAuth 2.0 (OIDC)
- SAML
When Casdoor acts as an Identity Provider (IdP), it supports:
- OAuth 2.0
- OIDC
- SAML
- CAS 1.0, 2.0, and 3.0
OAuth 2.0 (OIDC)
¿Qué es OAuth 2.0?
OAuth 2 is an authorization framework that lets applications obtain limited access to user accounts on an HTTP service. It delegates authentication to the service that hosts the account and authorizes third-party apps to access it. OAuth 2 defines flows for web, desktop, and mobile applications.
Casdoor’s authorization flow is based on OAuth 2.0. We recommend OAuth 2.0 (OIDC) because it is straightforward to implement, covers many use cases, and is widely supported.
Your application can integrate with Casdoor in three main ways:
Cliente OIDC estándar
Standard OIDC client — Use any standard OIDC client library available for your language or framework.
¿Qué es OIDC?
OpenID Connect (OIDC) extends OAuth 2.0 with an identity layer. It lets users sign in once (SSO) at an OpenID Provider and access multiple relying parties. OIDC gives applications a standard way to obtain user identity and profile information.
Casdoor is fully OIDC-compliant. If you already use another OIDC identity provider with a standard client library, switching to Casdoor is typically a configuration change (e.g. discovery URL and credentials).
SDKs de Casdoor
Casdoor SDKs — Casdoor provides SDKs for many languages, built on OIDC and adding Casdoor-specific features (e.g. user management, file upload).
Using an SDK takes a bit more setup than a generic OIDC client but gives you the most flexibility and the full Casdoor API.
Plugin de Casdoor
Casdoor plugin — If your app runs on a supported platform (e.g. Spring Boot, WordPress), use the official or community plugin or middleware. Plugins are the fastest way to add Casdoor to that platform.
Plugins:
Middleware:
SAML
¿Qué es SAML?
Security Assertion Markup Language (SAML) is an open standard that lets identity providers (IdPs) pass authentication and authorization information to service providers (SPs). Users can sign in once and access many applications. SAML uses XML for messages between the IdP and SPs.
Casdoor can act as a SAML 2.0 IdP and supports the main SAML 2.0 features. See SAML for details.
Example: Casdoor as a SAML IdP in Keycloak
When to use SAML: SAML is mature and widely used in enterprise SSO, but the protocol is large and has many optional parts. For new applications, OAuth 2.0 / OIDC is usually simpler; choose SAML when you must interoperate with existing SAML-based systems.
CAS
¿Qué es CAS?
The Central Authentication Service (CAS) is a web SSO protocol. Users sign in once and can access multiple applications. Web applications authenticate users via the CAS server without handling passwords directly.
Casdoor supports CAS 1.0, 2.0, and 3.0. See CAS for setup.
Note: CAS is lightweight but limited in scope. Trust between the CAS client and server is established by interface calls rather than cryptographic signatures. For new projects, OAuth 2.0 / OIDC is generally preferred.
Integrations
For step-by-step examples of connecting specific applications to Casdoor, see the Integrations section.