Directory works fine with mod_auth_cas. For example, I usually use some
variation on this for /etc/httpd/conf.d/cas.conf:
LoadModule auth_cas_module modules/mod_auth_cas.so
<Directory "/var/www/html/secured-by-cas">
<IfModule mod_auth_cas.c>
AuthType CAS
CASAuthNHeader On
</IfModule>
Require valid-user
</Directory>
<IfModule mod_auth_cas.c>
CASLoginUrl https://casdev.newschool.edu/cas/login
CASValidateUrl https://casdev.newschool.edu/cas/samlValidate
CASCookiePath /var/cache/httpd/mod_auth_cas/
CASValidateSAML On
CASSSOEnabled On
CASDebug Off
</IfModule>
And there's no need to limit yourself to one Directory section... I
actually have three of them on this server (the different directory names
produce different URLs for different service registry entries with
different settings).
Note: if you don't need attribute values returned from the CAS server, you
can use "serviceValidate" instead of "samlValidate" on the CASValidateUrl,
and get rid of the CASAuthNHeader setting.
--Dave
--
DAVID A. CURRY, CISSP
*DIRECTOR OF INFORMATION SECURITY*
THE NEW SCHOOL • INFORMATION TECHNOLOGY
71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • [email protected]
On Tue, Dec 4, 2018 at 10:44 AM Shankaranand Bahushrutham <
[email protected]> wrote:
> Thanks. This is very informative. I was under the assumption that
> mod_auth_cas will understand only Location. Does this mean mod_auth_cas can
> act on Directory as well?
>
> On Monday, December 3, 2018 at 3:53:28 PM UTC-8, dhawes wrote:
>>
>> The order of these directives matters. You may want to review:
>>
>> http://httpd.apache.org/docs/current/sections.html#merging
>>
>> We'd need more config to tell what's going on in your case.
>> On Fri, 30 Nov 2018 at 19:46, Shankaranand Bahushrutham
>> <[email protected]> wrote:
>> >
>> >
>> > I have 2 single page applications developed in angular 6. I want to
>> protect one of them with CAS and the other one should not be protected. In
>> apache webserver, i have them under htdocs folder with the name 'unsecured'
>> and 'secured'. Below is my mod_auth_cas configuration and it isn't working.
>> It protects fine if i give <Location ~ "index.html"> but the problem is
>> that it protects the unsecured app as well.
>> >
>> > <Location /secured>
>> > Authtype CAS
>> > require valid-user
>> > CASAuthNHeader sm_user
>> > CASScope /secured
>> > </Location>
>> >
>> > I have a rewrite rule to rewrite /* to /secured and another rule
>> /unsecured to /unsecured (this is placed above the /* so that unsecured
>> rule executes first)
>> >
>> > Please advise the right configuration
>> >
>> > --
>> > - Website: https://apereo.github.io/cas
>> > - Gitter Chatroom: https://gitter.im/apereo/cas
>> > - List Guidelines: https://goo.gl/1VRrw7
>> > - Contributions: https://goo.gl/mh7qDG
>> > ---
>> > You received this message because you are subscribed to the Google
>> Groups "CAS Community" group.
>> > To unsubscribe from this group and stop receiving emails from it, send
>> an email to [email protected].
>> > To view this discussion on the web visit
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/56801da5-25b9-41e5-a94d-b788f4000626%40apereo.org.
>>
>>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/843e0e42-88f5-4654-9118-e90e81684311%40apereo.org
> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/843e0e42-88f5-4654-9118-e90e81684311%40apereo.org?utm_medium=email&utm_source=footer>
> .
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAOTVss9RL8MJEdtGKeib%3Dw0sN-gEgs7oyJVW5r1cjhwug%40mail.gmail.com.
