Jans Casa Quick Start Guide#
Note
This document is intended for administrators only. Learn here how to "grant" administrative privileges for Casa.
Use this guide to install and configure your Casa deployment.
Installation#
Jans Casa can be used with Janssen Server or Gluu Flex Server. At installation time (applies to any of these two products), you will be prompted if you desire to include Casa. If you want to add Casa post-installation, you will simply have to re-run the installer and ensure to select Casa.
Configuration#
Enable authentication methods#
The "out-of-the-box" login experience in Casa consists of the usual username and password prompt. To start leveraging a stronger authentication login to Casa with an administrative account (visit https://<your-server-name>/jans-casa
) and activate the methods you want to offer Casa users.
Important notes:
-
Usage of OTP via SMS requires the setup of a Twilio account and populating configuration properties of flow
io.jans.casa.authn.twilio_sms
found in Casa Agama project. You can do the latter via TUI. We encourage you to use the online Twilio testing tools beforehand to ensure you can send SMS to the countries you are targetting -
Usage of Super Gluu has some preliminar requisites described here
Add the strong authentication settings plugin#
This step is optional. Check this page for more information. Use this plugin if you need to exercise an advanced control on how 2FA behaves in your Casa deployment.
Test enrollment and 2FA#
Do the following steps using a testing account with no administrative privileges:
- Login to Casa. Only username and password should be prompted
- Use the menu on the left to access the screens from which enrollment of credentials can be performed
- Ensure at least two credentials have been added. In the home page, turn on 2FA
- Log off and log back in. From now on, besides username and password, one credential has to be presented to get access
Click here to learn more about 2FA in Casa.
Finish configuration#
Once you are done with testing, you may use casa as the default authentication method of Janssen Server using TUI to log in users via Casa for all applications the server protects.
Finally, as a security measure you can thoroughly disable access to the administrative console of Casa by following the steps below:
- Connect to your server
- Navigate to
/opt/jans/jetty/jans-casa
- remove file
.administrable
(ie.rm .administrable
)
If you want to make the admin console available again you need to recreate the marker file:
- Create an empty file (eg.
touch .administrable
) - Run
chown casa:casa .administrable
(do this only if you are on FIPS environment) - Logout in case you have an open browser session, and login again
Check out available plugins#
Browse our catalog of plugins to add features and expand Casa!.
Created: 2024-01-05