Javascript Unavailable
Your browser has turned off or does not support Javascript. If you disable Javascript, you may be unable to use the content and features of this website. Please check your browser settings again, and make sure Javascript is enabled.

Content Unavailable
Your browser is blocking content on this website. Please check your browser settings and try again.

The CAPTCHA widgets can protect your Apereo CAS deployment from bots, spam, and other forms of automated abuse. Apereo CAS offers a CAPTCHA integration with support for two implementations: Google’s reCAPTCHA and hCAPTCHA.

In this tutorial, we will briefly review the configuration steps required for these two CAPTCHA providers.

Our starting position is as follows:

CAS 6.4.x
Java 11
CAS WAR Overlay

Google reCAPTCHA

Once the required extension module is included in the CAS WAR Overlay, the following settings are required to make the integration work:

cas.google-recaptcha.site-key=...
cas.google-recaptcha.secret=...

cas.google-recaptcha.verify-url=https://www.google.com/recaptcha/api/siteverify
cas.google-recaptcha.version=GOOGLE_RECAPTCHA_V2
cas.google-recaptcha.enabled=true

The site-key and the secret are settings that should be given to you by Google. All other HTML/Javascript changes are automatically handled and provided by CAS. With such settings configured, you should be able to see the following when you next deploy and run CAS:

Note that the above settings enable Google reCAPTCHA v2. Support for Google reCAPTCHA v3 is also available if you were to switch the version to use GOOGLE_RECAPTCHA_V3 instead.

hCAPTCHA

hCAPTCHA is a drop-in replacement for Google’s reCAPTCHA, and provides simple, easy, and reliable bot detection while being trivial for humans to solve.

Very similar to the previous option, the following settings should do it. As before, site-key and the secret are settings provided to you by hCAPTCHA.

cas.google-recaptcha.site-key=...
cas.google-recaptcha.secret=...

cas.google-recaptcha.verify-url=https://hcaptcha.com/siteverify
cas.google-recaptcha.version=HCAPTCHA
cas.google-recaptcha.enabled=true

With such settings configured, you should be able to see the following when you next deploy and run CAS:

Need Help?

If you have questions about the contents and the topic of this blog post, or if you need additional guidance and support, feel free to send us a note and ask about consulting and support services.

So…

I hope this review was of some help to you and I am sure that both this post as well as the functionality it attempts to explain can be improved in any number of ways. Please feel free to engage and contribute as best as you can.

Happy Coding,

Misagh Moayyed

info@fawnoos.com

Monday-Friday

9am-6pm, Central European Time

7am-1pm, U.S. Eastern Time
+1 347 746 4665

Monday-Friday

9am-6pm, Central European Time

← Previous Post Next Post →

Google reCAPTCHA

hCAPTCHA

Need Help?

So…

info@fawnoos.com

+1 347 746 4665