From 8bb78764030fdd6ab6025699e351f8d2abf32632 Mon Sep 17 00:00:00 2001
From: Chad Redman <credman@unicon.net>
Date: Thu, 18 Jan 2024 19:12:42 -0500
Subject: [PATCH] Add documentation for CAS

---
 README.adoc                 | 28 ++++++++++++++++++++++++++--
 src/test/docker/README.adoc | 18 +++++++++++++++++-
 2 files changed, 43 insertions(+), 3 deletions(-)

diff --git a/README.adoc b/README.adoc
index f5e05f7..8369f36 100644
--- a/README.adoc
+++ b/README.adoc
@@ -49,8 +49,11 @@ For SAML2, for example:
 +
 [source,properties]
 ----
+grouper.is.extAuth.enabled = true
+external.authentication.grouperContextUrl = https://grouper-ui.unicon.local/grouper
+
 external.authentication.provider = saml
-external.authentication.saml.identityProviderEntityId = https://idp.unicon.local/idp/shibboleth
+external.authentication.saml.identityProviderEntityId = https://idp-host-name/idp/shibboleth
 external.authentication.saml.serviceProviderEntityId = http://localhost:8080/grouper
 external.authentication.saml.serviceProviderMetadataPath = file:/opt/grouper/sp-metadata.xml
 external.authentication.saml.identityProviderMetadataPath = file:/opt/grouper/idp-metadata.xml
@@ -68,15 +71,36 @@ For OIDC, for example:
 +
 [source,properties]
 ----
+grouper.is.extAuth.enabled = true
+external.authentication.grouperContextUrl = https://grouper-ui.unicon.local/grouper
+
 external.authentication.provider = oidc
 external.authentication.oidc.clientId = *****
-external.authentication.oidc.discoveryURI = https://unicon.okta.com/.well-known/openid-configuration
+external.authentication.oidc.discoveryURI = https://idp-host-name/.well-known/openid-configuration
 external.authentication.oidc.secret = *****
 external.authentication.oidc.claimAsUsername = preferred_username
+
 ----
 +
 For more information and more options, see https://www.pac4j.org/5.7.x/docs/clients/openid-connect.html[] and https://github.com/pac4j/pac4j/blob/5.7.x/pac4j-oidc/src/main/java/org/pac4j/oidc/config/OidcConfiguration.java[]
 
+.. CAS
++
+For CAS, for example:
++
+[source,properties]
+----
+grouper.is.extAuth.enabled = true
+external.authentication.grouperContextUrl = https://grouper-ui.unicon.local/grouper
+
+# Note for CAS: you'll need to make sure that the CAS server SSL certificate is available in the trust store
+external.authentication.provider = cas
+external.authentication.cas.prefixUrl = https://idp-host-name/idp/profile/cas
+external.authentication.cas.protocol = CAS20
+----
++
+For more information and more options, see https://www.pac4j.org/5.7.x/docs/clients/cas.html[] and https://github.com/pac4j/pac4j/blob/5.7.x/pac4j-cas/src/main/java/org/pac4j/cas/config/CasConfiguration.java[]
+
 === Version 5.x+
 
 TODO
diff --git a/src/test/docker/README.adoc b/src/test/docker/README.adoc
index 7250ea3..4c78b7b 100644
--- a/src/test/docker/README.adoc
+++ b/src/test/docker/README.adoc
@@ -2,4 +2,20 @@
 
 This directory contains sample configuration for integrating Grouper external authentication. Integration is provided primarily through the Shibboleth IdP.
 
-*!!!WARNING!!!* This is a full integration example that should be able to be run with minimal effort. As such, there are private keys included that should be replaced if used in any way outside of testing.
\ No newline at end of file
+*!!!WARNING!!!* This is a full integration example that should be able to be run with minimal effort. As such, there are private keys included that should be replaced if used in any way outside of testing.
+
+== Setup
+
+The example relies on DNS aliases for localhost in order for the included reverse proxy container to redirect network traffic to the correct container. Edit your hosts file (e.g. `/etc/hosts`) to add these entries pointing to localhost:
+
+----
+127.0.0.1       idp.unicon.local grouper-ui.unicon.local cas.unicon.local
+----
+
+== Usage
+
+The included IDP server has been configured to authenticate an example OIDC, SAML2, and CAS relying party. The Grouper configuration includes sample settings for using pac4j authentication with each. To change the authentication method, change the commented methods in the grouper-ui service in docker-compose.yml, and restart the grouper-ui container.
+
+
+To log into the Grouper application, open URL https://grouper-ui.unicon.local/grouper/[].
+