Add documentation for CAS

README.adoc

@@ -49,8 +49,11 @@ For SAML2, for example:
 +
 [source,properties]
 ----
+grouper.is.extAuth.enabled = true
+external.authentication.grouperContextUrl = https://grouper-ui.unicon.local/grouper
+
 external.authentication.provider = saml
-external.authentication.saml.identityProviderEntityId = https://idp.unicon.local/idp/shibboleth
+external.authentication.saml.identityProviderEntityId = https://idp-host-name/idp/shibboleth
 external.authentication.saml.serviceProviderEntityId = http://localhost:8080/grouper
 external.authentication.saml.serviceProviderMetadataPath = file:/opt/grouper/sp-metadata.xml
 external.authentication.saml.identityProviderMetadataPath = file:/opt/grouper/idp-metadata.xml
@@ -68,15 +71,36 @@ For OIDC, for example:
 +
 [source,properties]
 ----
+grouper.is.extAuth.enabled = true
+external.authentication.grouperContextUrl = https://grouper-ui.unicon.local/grouper
+
 external.authentication.provider = oidc
 external.authentication.oidc.clientId = *****
-external.authentication.oidc.discoveryURI = https://unicon.okta.com/.well-known/openid-configuration
+external.authentication.oidc.discoveryURI = https://idp-host-name/.well-known/openid-configuration
 external.authentication.oidc.secret = *****
 external.authentication.oidc.claimAsUsername = preferred_username
+
 ----
 +
 For more information and more options, see https://www.pac4j.org/5.7.x/docs/clients/openid-connect.html[] and https://github.com/pac4j/pac4j/blob/5.7.x/pac4j-oidc/src/main/java/org/pac4j/oidc/config/OidcConfiguration.java[]
 
+.. CAS
++
+For CAS, for example:
++
+[source,properties]
+----
+grouper.is.extAuth.enabled = true
+external.authentication.grouperContextUrl = https://grouper-ui.unicon.local/grouper
+
+# Note for CAS: you'll need to make sure that the CAS server SSL certificate is available in the trust store
+external.authentication.provider = cas
+external.authentication.cas.prefixUrl = https://idp-host-name/idp/profile/cas
+external.authentication.cas.protocol = CAS20
+----
++
+For more information and more options, see https://www.pac4j.org/5.7.x/docs/clients/cas.html[] and https://github.com/pac4j/pac4j/blob/5.7.x/pac4j-cas/src/main/java/org/pac4j/cas/config/CasConfiguration.java[]
+
 === Version 5.x+
 
 TODO

src/test/docker/README.adoc

@@ -2,4 +2,20 @@
 
 This directory contains sample configuration for integrating Grouper external authentication. Integration is provided primarily through the Shibboleth IdP.
 
-*!!!WARNING!!!* This is a full integration example that should be able to be run with minimal effort. As such, there are private keys included that should be replaced if used in any way outside of testing.
+*!!!WARNING!!!* This is a full integration example that should be able to be run with minimal effort. As such, there are private keys included that should be replaced if used in any way outside of testing.
+
+== Setup
+
+The example relies on DNS aliases for localhost in order for the included reverse proxy container to redirect network traffic to the correct container. Edit your hosts file (e.g. `/etc/hosts`) to add these entries pointing to localhost:
+
+----
+127.0.0.1       idp.unicon.local grouper-ui.unicon.local cas.unicon.local
+----
+
+== Usage
+
+The included IDP server has been configured to authenticate an example OIDC, SAML2, and CAS relying party. The Grouper configuration includes sample settings for using pac4j authentication with each. To change the authentication method, change the commented methods in the grouper-ui service in docker-compose.yml, and restart the grouper-ui container.
+
+
+To log into the Grouper application, open URL https://grouper-ui.unicon.local/grouper/[].
+