Thanks for your interest in Casa! Follow the instructions below to spin up an instance of Casa to offer end-users self-service 2FA and more for their account(s) in your Gluu Server.
View screenshots in the User Guide.
Installation via Linux Packages#
Casa is offered as one of the several components of the Gluu Server CE. To include Casa in your instance, just ensure to check it when prompted at installation time.
To add Casa post-install do the following:
- Login to chroot
python3 post-setup-add-components.py -addcasa
Account for 1GB of additional RAM than you use in a standard CE installation. See Gluu Server system requirements
It is required your installation was configured to use a FQDN for hostname, not an IP address
Apache and oxAuth are required components
Ensure your server has "dynamic registration" of clients enabled and that "returnClientSecretOnRead" is set to true. These settings can be reverted once your Casa installation is fully operational
Casa requires oxd 4.x to operate. Ideally you would use a ready-to-use external oxd server (its location is prompted upon installation); if you don't have such a server, one will be installed for you locally
After installation, you can access the application at
For the first time the application will try to register an OpenID Connect client via oxd. If this operation fails due to network problems or SSL cert issues, login will not work. Please refer to the FAQ for troubleshooting.
To change the default URL path for Casa follow the steps listed here. It is advisable to apply this customization before credentials are enrolled.
Unlocking admin features#
Recall admin capabilities are disabled by default. To unlock admin features follow these steps:
- Navigate inside chroot to
- Create an empty file named
- Logout in case you have an open browser session
Once you have configured, tailored, and tested your deployment thoroughly, you are strongly encouraged to remove the marker file. This will prevent problems in case a user can escalate privileges or if some administrative account is compromised.