> -----Messaggio originale----- > Da: David Hawes [mailto:[email protected]] > Inviato: lunedì 3 maggio 2010 17.53 > A: [email protected] > Oggetto: Re: R: [cas-user] Getting info about the backend > authentication used > > On 5/3/10 10:23 AM, Leandro Dardini wrote: > ... > >> The mod_auth_cas client supports SAML in versions that > have yet to be > >> released, but it's available in the subversion repository. > >> We've been using it informally here at Virginia Tech for > about a year > >> now and it works well. > > > > I just installed the svn version of mod_auth_cas and my CAS > server is > > the latest stable version, but is there a guide/wiki/howto/doc for > > selecting the SAML protocol between the CAS server and the > > mod_auth_cas and how to handle the additional informations? > > You'll need to set your CASValidateURL to > CAS_SERVER/samlValidate and set: > > CASValidateSAML On > > You can choose an attribute delimiter if you wish: > > CASAttributeDelimiter ";" > > You can also set an attribute prefix: > > CASAttributePrefix "PREFIX_" > > To put the attributes in the HTTP headers, be sure to set > CASAuthnNHeader to something: > > CASAuthNHeader username > > Assuming you have mod_auth_cas setup as above and CAS returns > a group attribute in the SAML, the HTTP headers will have > something like the > following: > > PREFIX_group : group1;group2;group3 > > If you want to use require directives on this header > information in mod_auth_cas, the following patch may be useful: > > http://www.ja-sig.org/issues/browse/MAS-37 >
Thank you for your help, your patch will be really useful. However for now we are trying only to check for the type of authentication succeded. I am working on a test CAS server with the "SimpleTestUsernamePasswordAuthenticationHandler" (the one accepting username=password) and the "AcceptUsersAuthenticationHandler" (the one from the example, with scott/secret). Unfortunately I am not receiving the additional information regarding the succeded authentication handler in the HTTP header. The only additional information in the header is the user logged in. The general section of httpd configuration file reports: CASValidateURL https://dvpauthserver:8443/cas/samlValidate CASLoginURL https://dvpauthserver:8443/cas/login CASDebug On CASValidateServer Off CASCertificatePath /etc/httpd/conf.d/client.pem CASValidateSAML On LoadModule auth_cas_module modules/mod_auth_cas.so The virtualhost section reports: <Location /> AuthType CAS CASAuthNHeader CAS_USER require valid-user </Location> Leandro -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
