RE:[cas-user] mod_auth_cas

[Neil Sabol]

Looks like you are missing the following:

Allow from env=allow

I believe it should look something like this:

<Directory "/var/www/html/new-web">
    SetEnvIf request_uri "/index\.php$" allow
    Options +IncludesNoExec
    SSLOptions +StdEnvVars
    <IfModule mod_auth_cas.c>
      AuthType CAS
      AuthName "CAS"
      Require valid-user
     </IfModule>
      Order allow,deny
      Allow from env=allow
      Satisfy any
    </IfModule>
</Directory>

Thanks,
-Neil

From: Chris Cheltenham [mailto:cchelten...@swaintechs.com]
Sent: Thursday, April 23, 2015 3:04 PM
To: cas-user@lists.jasig.org
Subject: RE:[cas-user] mod_auth_cas

Neil,

I am sorry; it is directory not location.

Does this look right?
It's just not working for me.


<Directory "/var/www/html/new-web">
    SetEnvIf request_uri "/index\.php$" allow
    Options +IncludesNoExec
    SSLOptions +StdEnvVars
    <IfModule mod_auth_cas.c>
      AuthType CAS
      AuthName "CAS"
      Require valid-user
      Order deny,allow
      Deny from all
      Satisfy Any
    </IfModule>
</Directory>


Thank You,

Chris Cheltenham
SwainTechs / HHS

Cell# 267-586-2369

From: Neil Sabol [mailto:nssa...@unm.edu]
Sent: Thursday, April 23, 2015 1:03 PM
To: cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org>
Subject: RE:[cas-user] mod_auth_cas

Hi Chris,

I'm not positive but I think your request_URI is the relative to the path 
defined in the directive (and part of the HTTP request), so it should be 
something like this:

SetEnvIf Request_URI "(/index\.php)"  allow

We only use this in <Directory> directives also - I've not tested in <Location>

Thanks,
-Neil

From: Chris Cheltenham [mailto:cchelten...@swaintechs.com]
Sent: Thursday, April 23, 2015 10:03 AM
To: cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org>
Subject: RE:[cas-user] mod_auth_cas

Neil,

This is what I did on mod_auth_cas.
However , this allows everyone in with a challenge.

I cannot use .htaccess because we have to encrypt all passwords, internal or 
not.


<Location /var/www/html>
  SetEnvIf Request_URI "(/var/www/html/index.php)"  allow
  Authtype CAS
  require valid-user
  CASAuthNHeader CAS_USER
  Order allow,deny
  Allow from env=allow
  Satisfy any
</Location>


Thank You,

Chris Cheltenham
SwainTechs / HHS

Cell# 267-586-2369

From: Neil Sabol [mailto:nssa...@unm.edu]
Sent: Thursday, April 23, 2015 11:20 AM
To: cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org>
Subject: RE:[cas-user] mod_auth_cas

Hello Chris,

We use RHEL and mod_auth_cas but use 1 of these 2 approaches to accomplish this 
(both with Satisfy any):

SetEnvIf directive
Files directive (or FilesMatch for multiple files)

After your CAS auth directives (in either .htaccess or main apache config):
SetEnvIf Request_URI "(directory/filename1\.xxx)$"  allow
SetEnvIf Request_URI "(directory/filename2\.xxx)$"  allow
SetEnvIf Request_URI "(directory/filename3\.xxx)$"  allow
Order allow,deny
Allow from env=allow
Satisfy any

After your CAS auth directives (in either .htaccess or main apache config):
<Files filename.xxx>
order allow,deny
allow from all
satisfy any
</Files>

Let me know if that helps.

Thanks,
-Neil

From: Chris Cheltenham [mailto:cchelten...@swaintechs.com]
Sent: Thursday, April 23, 2015 8:20 AM
To: cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org>
Subject: [cas-user] mod_auth_cas

Hello Everyone,

Does anyone know how to in CentOs using mod_auth_cas to protect a directory, 
how to EXCLUDE certain files within that protected directory?



Thank You,

Chris Cheltenham
SwainTechs / HHS

Cell# 267-586-2369




--

You are currently subscribed to 
cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> as: 
nssa...@unm.edu<mailto:nssa...@unm.edu>

To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user



--

You are currently subscribed to 
cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> as: 
cchelten...@swaintechs.com<mailto:cchelten...@swaintechs.com>

To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user



--

You are currently subscribed to 
cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> as: 
nssa...@unm.edu<mailto:nssa...@unm.edu>

To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user



--

You are currently subscribed to 
cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> as: 
cchelten...@swaintechs.com<mailto:cchelten...@swaintechs.com>

To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user



--

You are currently subscribed to 
cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> as: 
nssa...@unm.edu<mailto:nssa...@unm.edu>

To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user