概述
Casdoor可以配置为支持用户使用支持SAML 2.0的外部身份提供商的身份登录到UI。 在此配置中,Casdoor从不存储任何用户的凭证。
现在,Casdoor支持多个SAML应用程序提供商。 在添加到Casdoor后,提供商的图标将在登录页面上显示。 以下是Casdoor支持的提供商:
| 阿里巴巴云IDaaS | Keycloak | 自定义 |
|---|---|---|
 |  |  |
| ✅ | ✅ | ✅ |
条款
- 身份提供商(IDP)——储存身份数据库并向Cassdoor提供身份和认证服务的服务。
- 服务提供商(SP)- 向终端用户提供资源的服务,在这种情况下,是Casdoor部署。
- 申述消费者服务——身份提供者提出的SAML断言的消费者。
Configuration Values for Casdoor as SP
When configuring an external Identity Provider (such as Google Workspace, Azure AD, or other SAML IdPs), you'll typically need to provide the following values:
ACS URL (Assertion Consumer Service URL): This is the endpoint where the IdP will send SAML assertions. For Casdoor, use:
https://<your-casdoor-domain>/api/acs(replace<your-casdoor-domain>with your actual Casdoor domain, e.g.,https://door.example.com/api/acs)Entity ID (SP Entity ID): This uniquely identifies your Casdoor instance as a Service Provider. Use the same URL as the ACS URL:
https://<your-casdoor-domain>/api/acsRequest Method: The
/api/acsendpoint only accepts POST requests. Ensure your IdP is configured to send SAML responses via HTTP POST binding.
User Attribute Mapping
When a user authenticates through SAML, Casdoor extracts user information from the SAML assertion based on your provider's attribute mapping configuration. The username field is particularly important as it's required for user identification and creation in Casdoor.
If your IdP doesn't explicitly provide a username mapping or the username field comes back empty, Casdoor automatically applies a fallback strategy:
- First, it attempts to use the email address from the SAML assertion as the username
- If no email is available, it falls back to the NameID (unique identifier) from the assertion
This fallback mechanism ensures smooth authentication even when username attributes aren't explicitly configured in your IdP, which is common with providers like Azure AD where the default attribute claims might not include a separate username field.
SAML 集成工作方式
当使用SAML SSO时,用户通过身份提供商登录Casdoor,而无需将凭证传递给Casdoor。 进展情况见下图表。
