Apereo CAS - CAPTCHA Integrations

Posted by Misagh Moayyed on February 09, 2021 · 3 mins read ·

The CAPTCHA widgets can protect your Apereo CAS deployment from bots, spam, and other forms of automated abuse. Apereo CAS offers a CAPTCHA integration with support for two implementations: Google’s reCAPTCHA and hCAPTCHA.

In this tutorial, we will briefly review the configuration steps required for these two CAPTCHA providers.

Our starting position is as follows:

Google reCAPTCHA

Once the required extension module is included in the CAS WAR Overlay, the following settings are required to make the integration work:

cas.google-recaptcha.site-key=...
cas.google-recaptcha.secret=...

cas.google-recaptcha.verify-url=https://www.google.com/recaptcha/api/siteverify
cas.google-recaptcha.version=GOOGLE_RECAPTCHA_V2
cas.google-recaptcha.enabled=true

The site-key and the secret are settings that should be given to you by Google. All other HTML/Javascript changes are automatically handled and provided by CAS. With such settings configured, you should be able to see the following when you next deploy and run CAS:

Note that the above settings enable Google reCAPTCHA v2. Support for Google reCAPTCHA v3 is also available if you were to switch the version to use GOOGLE_RECAPTCHA_V3 instead.

hCAPTCHA

hCAPTCHA is a drop-in replacement for Google’s reCAPTCHA, and provides simple, easy, and reliable bot detection while being trivial for humans to solve.

Very similar to the previous option, the following settings should do it. As before, site-key and the secret are settings provided to you by hCAPTCHA.

cas.google-recaptcha.site-key=...
cas.google-recaptcha.secret=...

cas.google-recaptcha.verify-url=https://hcaptcha.com/siteverify
cas.google-recaptcha.version=HCAPTCHA
cas.google-recaptcha.enabled=true

With such settings configured, you should be able to see the following when you next deploy and run CAS:

So…

I hope this review was of some help to you and I am sure that both this post as well as the functionality it attempts to explain can be improved in any number of ways. Please feel free to engage and contribute as best as you can.

Happy Coding,

Misagh Moayyed