The CAPTCHA widgets can protect your Apereo CAS deployment from bots, spam, and other forms of automated abuse. Apereo CAS offers a CAPTCHA integration with support for two implementations: Google’s reCAPTCHA and hCAPTCHA.
In this tutorial, we will briefly review the configuration steps required for these two CAPTCHA providers.
Our starting position is as follows:
6.4.x
11
Once the required extension module is included in the CAS WAR Overlay, the following settings are required to make the integration work:
cas.google-recaptcha.site-key=...
cas.google-recaptcha.secret=...
cas.google-recaptcha.verify-url=https://www.google.com/recaptcha/api/siteverify
cas.google-recaptcha.version=GOOGLE_RECAPTCHA_V2
cas.google-recaptcha.enabled=true
The site-key
and the secret
are settings that should be given to you by Google. All other HTML/Javascript changes are automatically handled and provided by CAS. With such settings configured, you should be able to see the following when you next deploy and run CAS:
Note that the above settings enable Google reCAPTCHA v2
. Support for Google reCAPTCHA v3 is also available if you were to switch the version to use GOOGLE_RECAPTCHA_V3
instead.
hCAPTCHA is a drop-in replacement for Google’s reCAPTCHA, and provides simple, easy, and reliable bot detection while being trivial for humans to solve.
Very similar to the previous option, the following settings should do it. As before, site-key
and the secret
are settings provided to you by hCAPTCHA.
cas.google-recaptcha.site-key=...
cas.google-recaptcha.secret=...
cas.google-recaptcha.verify-url=https://hcaptcha.com/siteverify
cas.google-recaptcha.version=HCAPTCHA
cas.google-recaptcha.enabled=true
With such settings configured, you should be able to see the following when you next deploy and run CAS:
If you have questions about the contents and the topic of this blog post, or if you need additional guidance and support, feel free to send us a note and ask about consulting and support services.
I hope this review was of some help to you and I am sure that both this post as well as the functionality it attempts to explain can be improved in any number of ways. Please feel free to engage and contribute as best as you can.
Happy Coding,
Monday-Friday
9am-6pm, Central European Time
7am-1pm, U.S. Eastern Time
Monday-Friday
9am-6pm, Central European Time