Building and Using Casdoor

2025年2月22日 1044点热度 0人点赞 0条评论
内容目录

Deploying Casdoor

There are several types of single sign-on authentication sources (protocols):

file

LDAP, SMTP, OAuth2.0, etc., with OAuth2.0 being the current mainstream standard. There are many platforms in the open-source community that support OAuth, such as Keycloak, Okta, Casdoor, etc. Additionally, there are many third-party OAuth2 Server SDKs or commercial paid platforms. After careful consideration, we decided to use Casdoor as the single sign-on authentication center.

Official website:
https://casdoor.org/zh/docs/overview

Casdoor is a user interface-first Identity Access Management (IAM)/Single Sign-On (SSO) platform. Its web UI supports OAuth 2.0, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, RADIUS, Google Workspace, Active Directory, and Kerberos.

The official documentation introduces the features of Casdoor. Casdoor supports multiple languages, easy deployment, simple and convenient interface operations, powerful and comprehensive functions, and can connect to various external login platforms such as Feishu, which led to the choice of Casdoor.

Casdoor relies on a database, so you need to create a database first. It supports MySQL, PostgreSQL, and SQLite databases. You need to create a database named casdoor in advance.

Then, create an empty directory and a new app.conf file with the following sample content:

appname = casdoor
httpport = 8000
runmode = dev
SessionOn = true
copyrequestbody = true
driverName = mysql
dataSourceName = root:123456@tcp(localhost:3306)/
dbName = casdoor
tableNamePrefix =
showSql = false
redisEndpoint =
defaultStorageProvider =
isCloudIntranet = false
authState = "casdoor"
socks5Proxy = "127.0.0.1:10808"
verificationCodeTimeout = 10
initScore = 2000
logPostOnly = true
origin = "https://door.casdoor.com"
staticBaseUrl = "https://cdn.casbin.org"
enableGzip = true
inactiveTimeoutMinutes =

Mainly replace the dataSourceName database connection string, which varies by database type. Please refer to:
https://casdoor.org/zh/docs/basic/server-installation/#%E9%85%8D%E7%BD%AE%E6%95%B0%E6%8D%AE%E5%BA%93

Then modify origin to the address where the service will be accessed after deployment. It can also be left unchanged for later modification.

Deploying Casdoor with Docker:

docker run  -p 8000:8000 -v /data/casdoor/conf:/conf casbin/casdoor:latest

After reverse proxy, open the page. The default account and password are admin and 123.

file

Configuring Casdoor

After logging in, create an object storage provider to persist static resources like avatars.

file

Here, I use a privately-deployed Minio.

file

Then open the default application.

file
file

Add minio storage in the provider.

file

Files uploaded afterward will automatically be stored in Minio and provided as static resources for access.

Binding Gitea and Casdoor

As a single sign-on center, Casdoor can connect with any client that supports OAuth2.0. Here’s how to integrate Casdoor with Gitea as an authentication source.

Open Casdoor and add a new application. You only need to fill in the following details, and you can use the default value for the redirect URL. Then copy the client ID and secret.

file

Then open Gitea and add an authentication source in the admin panel.

file

For OAuth2.0, different types of platforms have different endpoints, and Casdoor corresponds to OpenID Connect.

Endpoint URL
OpenID Connect Discovery /.well-known/openid-configuration
Authorization Endpoint /login/oauth/authorize
Access Token Endpoint /login/oauth/access_token
OpenID Connect UserInfo /login/oauth/userinfo
JSON Web Key Set /login/oauth/keys

When filling in the OpenID Connect discovery address, append /.well-known/openid-configuration to the Casdoor access address.

file

After saving the connection source, reopen it to find the callback address generated by Gitea at the bottom.

file

Reopen Casdoor and modify the callback URL in the Gitea application:

file

Log out of Gitea, log in again, and the option "Login with Casdoor" will appear on the interface.

file

Clicking it will redirect to a unified login page where you can choose an already logged-in account or log in again.

Custom login redirects can be designed for each application.

file

Configuring Harbor

Go to Casdoor to configure the application.

file

Then configure OpenID on Harbor, but the endpoint should not include the suffix /.well-known/openid-configuration.

file

Harbor's configuration may have pitfalls. If the displayed callback address differs from the current Harbor access address, you may need to update the reverse proxy address in Harbor. Refer to:
https://www.whuanle.cn/archives/21744

痴者工良

高级程序员劝退师

文章评论