Installation#
Thanks for your interest in Casa! Follow the instructions below to spin up an instance of Casa to offer end-users self-service 2FA and more for their account(s) in your Gluu Server.
View screenshots in the User Guide.
Installation via Linux Packages#
Casa is offered as one of the several components of the Gluu Server CE. To include Casa in your instance, just ensure to check it when prompted at installation time.
To add Casa post-install do the following:
- Login to chroot
cd /install/community-edition-setup
- Run
./setup.py --install-casa
Important notes:
-
Account for 1GB of additional RAM than you use in a standard CE installation. See Gluu Server system requirements
-
It is required your installation was configured to use a FQDN for hostname, not an IP address
-
Apache and oxAuth are required components
-
Ensure your server has "dynamic registration" of clients enabled and that "returnClientSecretOnRead" is set to true. These settings can be reverted once your Casa installation is fully operational
-
Casa requires oxd 4.x to operate. Ideally you would use a ready-to-use external oxd server (its location is prompted upon installation); if you don't have such a server, please select
oxd
from the selection Menu, then oxd-server will be installed for you locally.
Finish setup#
After installation, you can access the application at https://<host>/casa
.
For the first time the application will try to register an OpenID Connect client via oxd. If this operation fails due to network problems or SSL cert issues, login will not work. Please refer to the FAQ for troubleshooting.
Note
To change the default URL path for Casa follow the steps listed here. It is advisable to apply this customization before credentials are enrolled.
Unlocking admin features#
Recall admin capabilities are disabled by default. To unlock admin features follow these steps:
- Navigate inside chroot to
/opt/gluu/jetty/casa/
- Create an empty file named
.administrable
(ie.touch .administrable
) - Run
chown casa:casa .administrable
(do this only if you are on FIPS environment) - Logout in case you have an open browser session
Warning
Once you have configured, tailored, and tested your deployment thoroughly, you are strongly encouraged to remove the marker file. This will prevent problems in case a user can escalate privileges or if some administrative account is compromised.