自定义
Casdoor支持配置SAML自定义提供商,您可以使用Casdoor作为服务提供商(SP)连接任何支持SAML 2.0协议的身份提供商(IDP)。
步骤1. Configure your Identity Provider
When setting up your Identity Provider (such as Google Workspace, Azure AD, Okta, or any other SAML 2.0 compatible IdP), you'll need to provide the following Casdoor SP information:
ACS URL (Assertion Consumer Service URL):
https://<your-casdoor-domain>/api/acs- Example:
https://door.example.com/api/acs - This endpoint only accepts POST requests
- Example:
Entity ID (SP Entity ID):
https://<your-casdoor-domain>/api/acs- Use the same URL as your ACS URL
Replace <your-casdoor-domain> with your actual Casdoor domain. For example, if your Casdoor instance is running at http://localhost:8000, use http://localhost:8000/api/acs for both values.
步骤2. 获取IDP的元数据
After configuring your IdP, obtain the metadata, which is an XML document that describes the configuration information of the services provided by the IdP. 它需要包括EntityID、SSO Endpoint等信息。
一些IDP,如Keycloak,需要SP信息来提供元数据。 You can refer to the document Keycloak.
Step3. 配置SAML自定义提供商
After obtaining the metadata from your IdP, create a SAML Custom Provider in Casdoor and fill in the necessary information.
| 字段 | 描述 |
|---|---|
| Category | 选择SAML |
| Type | 选择自定义 |
| Favicon.URL | IDP logo的URL |
| Metadata | IDP的元数据 |
Then click Parse button, and fields Endpoint, IdP, Issuer URL, SP ACS URL and SP Entity ID will be automatically parsed.
Finally, add the SAML Custom Provider to Providers of the application. 