Re: [cas-user] Protect Single Page application using mod_auth_cas

[David Curry]

Directory works fine with mod_auth_cas. For example, I usually use some
variation on this for /etc/httpd/conf.d/cas.conf:

LoadModule auth_cas_module modules/mod_auth_cas.so




AuthTypeCAS
CASAuthNHeader  On


Require valid-user



CASLoginUrl   https://casdev.newschool.edu/cas/login
CASValidateUrlhttps://casdev.newschool.edu/cas/samlValidate
CASCookiePath /var/cache/httpd/mod_auth_cas/
CASValidateSAML   On
CASSSOEnabled On
CASDebug  Off



And there's no need to limit yourself to one Directory section... I
actually have three of them on this server (the different directory names
produce different URLs for different service registry entries with
different settings).

Note: if you don't need attribute values returned from the CAS server, you
can use "serviceValidate" instead of "samlValidate" on the CASValidateUrl,
and get rid of the CASAuthNHeader setting.

--Dave

--

DAVID A. CURRY, CISSP
*DIRECTOR OF INFORMATION SECURITY*
THE NEW SCHOOL • INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david.cu...@newschool.edu


On Tue, Dec 4, 2018 at 10:44 AM Shankaranand Bahushrutham <
sbahushrut...@mercuryinsurance.com> wrote:

> Thanks. This is very informative. I was under the assumption that
> mod_auth_cas will understand only Location. Does this mean mod_auth_cas can
> act on Directory as well?
>
> On Monday, December 3, 2018 at 3:53:28 PM UTC-8, dhawes wrote:
>>
>> The order of these directives matters. You may want to review:
>>
>> http://httpd.apache.org/docs/current/sections.html#merging
>>
>> We'd need more config to tell what's going on in your case.
>> On Fri, 30 Nov 2018 at 19:46, Shankaranand Bahushrutham
>>  wrote:
>> >
>> >
>> > I have 2 single page applications developed in angular 6. I want to
>> protect one of them with CAS and the other one should not be protected. In
>> apache webserver, i have them under htdocs folder with the name 'unsecured'
>> and 'secured'. Below is my mod_auth_cas configuration and it isn't working.
>> It protects fine if i give  but the problem is
>> that it protects the unsecured app as well.
>> >
>> > 
>> >   Authtype CAS
>> >   require valid-user
>> >   CASAuthNHeader sm_user
>> >   CASScope /secured
>> > 
>> >
>> > I have a rewrite rule to rewrite /* to /secured and another rule
>> /unsecured to /unsecured (this is placed above the /* so that unsecured
>> rule executes first)
>> >
>> > Please advise the right configuration
>> >
>> > --
>> > - Website: https://apereo.github.io/cas
>> > - Gitter Chatroom: https://gitter.im/apereo/cas
>> > - List Guidelines: https://goo.gl/1VRrw7
>> > - Contributions: https://goo.gl/mh7qDG
>> > ---
>> > You received this message because you are subscribed to the Google
>> Groups "CAS Community" group.
>> > To unsubscribe from this group and stop receiving emails from it, send
>> an email to cas-user+u...@apereo.org.
>> > To view this discussion on the web visit
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/56801da5-25b9-41e5-a94d-b788f4000626%40apereo.org.
>>
>>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/843e0e42-88f5-4654-9118-e90e81684311%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAOTVss9RL8MJEdtGKeib%3Dw0sN-gEgs7oyJVW5r1cjhwug%40mail.gmail.com.

Re: [cas-user] Protect Single Page application using mod_auth_cas

[Shankaranand Bahushrutham]

Thanks. This is very informative. I was under the assumption that 
mod_auth_cas will understand only Location. Does this mean mod_auth_cas can 
act on Directory as well?

On Monday, December 3, 2018 at 3:53:28 PM UTC-8, dhawes wrote:
>
> The order of these directives matters. You may want to review: 
>
> http://httpd.apache.org/docs/current/sections.html#merging 
>
> We'd need more config to tell what's going on in your case. 
> On Fri, 30 Nov 2018 at 19:46, Shankaranand Bahushrutham 
> > wrote: 
> > 
> > 
> > I have 2 single page applications developed in angular 6. I want to 
> protect one of them with CAS and the other one should not be protected. In 
> apache webserver, i have them under htdocs folder with the name 'unsecured' 
> and 'secured'. Below is my mod_auth_cas configuration and it isn't working. 
> It protects fine if i give  but the problem is 
> that it protects the unsecured app as well. 
> > 
> >  
> >   Authtype CAS 
> >   require valid-user 
> >   CASAuthNHeader sm_user 
> >   CASScope /secured 
> >  
> > 
> > I have a rewrite rule to rewrite /* to /secured and another rule 
> /unsecured to /unsecured (this is placed above the /* so that unsecured 
> rule executes first) 
> > 
> > Please advise the right configuration 
> > 
> > -- 
> > - Website: https://apereo.github.io/cas 
> > - Gitter Chatroom: https://gitter.im/apereo/cas 
> > - List Guidelines: https://goo.gl/1VRrw7 
> > - Contributions: https://goo.gl/mh7qDG 
> > --- 
> > You received this message because you are subscribed to the Google 
> Groups "CAS Community" group. 
> > To unsubscribe from this group and stop receiving emails from it, send 
> an email to cas-user+u...@apereo.org . 
> > To view this discussion on the web visit 
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/56801da5-25b9-41e5-a94d-b788f4000626%40apereo.org.
>  
>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/843e0e42-88f5-4654-9118-e90e81684311%40apereo.org.

Re: [cas-user] Protect Single Page application using mod_auth_cas

[David Hawes]

The order of these directives matters. You may want to review:

http://httpd.apache.org/docs/current/sections.html#merging

We'd need more config to tell what's going on in your case.
On Fri, 30 Nov 2018 at 19:46, Shankaranand Bahushrutham
 wrote:
>
>
> I have 2 single page applications developed in angular 6. I want to protect 
> one of them with CAS and the other one should not be protected. In apache 
> webserver, i have them under htdocs folder with the name 'unsecured' and 
> 'secured'. Below is my mod_auth_cas configuration and it isn't working. It 
> protects fine if i give  but the problem is that it 
> protects the unsecured app as well.
>
> 
>   Authtype CAS
>   require valid-user
>   CASAuthNHeader sm_user
>   CASScope /secured
> 
>
> I have a rewrite rule to rewrite /* to /secured and another rule /unsecured 
> to /unsecured (this is placed above the /* so that unsecured rule executes 
> first)
>
> Please advise the right configuration
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups 
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit 
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/56801da5-25b9-41e5-a94d-b788f4000626%40apereo.org.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAAgu-wAQ3vR60PKHYwahKyWfg1PT-OM1WQhQd00tLFubdj-n_A%40mail.gmail.com.


smime.p7s
Description: S/MIME Cryptographic Signature

[cas-user] Protect Single Page application using mod_auth_cas

[Shankaranand Bahushrutham]

I have 2 single page applications developed in angular 6. I want to protect 
one of them with CAS and the other one should not be protected. In apache 
webserver, i have them under htdocs folder with the name 'unsecured' and 
'secured'. Below is my mod_auth_cas configuration and it isn't working. It 
protects fine if i give  but the problem is that 
it protects the unsecured app as well.


  Authtype CAS
  require valid-user
  CASAuthNHeader sm_user
  CASScope /secured


I have a rewrite rule to rewrite /* to /secured and another rule /unsecured 
to /unsecured (this is placed above the /* so that unsecured rule executes 
first)

Please advise the right configuration

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/56801da5-25b9-41e5-a94d-b788f4000626%40apereo.org.