Once the CAS side of things has been set up, the Google side has to be configured.
Configure SSO URLs
To configure a Google Apps domain to use the CAS server for user authentication:
- Log in to the Google Admin Console for the domain to be configured.
- Go to Security > Set up single sign-on (SSO).
- Check the Setup SSO with third party identity provider box
- Enter the CAS login URL (
https://casdev.newschool.edu/cas/login
) in the Sign-in page URL blank. This should be the URL of the CAS login endpoing, not the URL of the CAS SAML2 IdP endpoint. - Enter the CAS logout URL (
https://casdev.newschool.edu/cas/logout
) in the Sign-out page URL blank. - Enter the URL a user should be directed to when changing his or her password in the Change password URL blank. This may or may not be a CAS endpoint, depending on whether the CAS password management feature has been configured.
Important: All URLs must be entered, and they must all use HTTPS.
Upload verification certificate
The X.509 file created earlier has to be uploaded so that Google can verify sign-in requests.
After configuring the URLs and uploading the certificate, click the SAVE button.