Directory works fine with mod_auth_cas. For example, I usually use some
variation on this for /etc/httpd/conf.d/cas.conf:
LoadModule auth_cas_module modules/mod_auth_cas.so
<Directory "/var/www/html/secured-by-cas">
<IfModule mod_auth_cas.c>
AuthType CAS
CASAuthNHeader On
</IfModule>
Require valid-user
</Directory>
<IfModule mod_auth_cas.c>
CASLoginUrl https://casdev.newschool.edu/cas/login
CASValidateUrl https://casdev.newschool.edu/cas/samlValidate
CASCookiePath /var/cache/httpd/mod_auth_cas/
CASValidateSAML On
CASSSOEnabled On
CASDebug Off
</IfModule>
And there's no need to limit yourself to one Directory section... I
actually have three of them on this server (the different directory names
produce different URLs for different service registry entries with
different settings).
Note: if you don't need attribute values returned from the CAS server, you
can use "serviceValidate" instead of "samlValidate" on the CASValidateUrl,
and get rid of the CASAuthNHeader setting.
--Dave
--
DAVID A. CURRY, CISSP
*DIRECTOR OF INFORMATION SECURITY*
THE NEW SCHOOL • INFORMATION TECHNOLOGY
71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david.cu...@newschool.edu
On Tue, Dec 4, 2018 at 10:44 AM Shankaranand Bahushrutham <
sbahushrut...@mercuryinsurance.com> wrote:
> Thanks. This is very informative. I was under the assumption that
> mod_auth_cas will understand only Location. Does this mean mod_auth_cas can
> act on Directory as well?
>
> On Monday, December 3, 2018 at 3:53:28 PM UTC-8, dhawes wrote:
>>
>> The order of these directives matters. You may want to review:
>>
>> http://httpd.apache.org/docs/current/sections.html#merging
>>
>> We'd need more config to tell what's going on in your case.
>> On Fri, 30 Nov 2018 at 19:46, Shankaranand Bahushrutham
>> <sbahus...@mercuryinsurance.com> wrote:
>> >
>> >
>> > I have 2 single page applications developed in angular 6. I want to
>> protect one of them with CAS and the other one should not be protected. In
>> apache webserver, i have them under htdocs folder with the name 'unsecured'
>> and 'secured'. Below is my mod_auth_cas configuration and it isn't working.
>> It protects fine if i give <Location ~ "index.html"> but the problem is
>> that it protects the unsecured app as well.
>> >
>> > <Location /secured>
>> > Authtype CAS
>> > require valid-user
>> > CASAuthNHeader sm_user
>> > CASScope /secured
>> > </Location>
>> >
>> > I have a rewrite rule to rewrite /* to /secured and another rule
>> /unsecured to /unsecured (this is placed above the /* so that unsecured
>> rule executes first)
>> >
>> > Please advise the right configuration
>> >
>> > --
>> > - Website: https://apereo.github.io/cas
>> > - Gitter Chatroom: https://gitter.im/apereo/cas
>> > - List Guidelines: https://goo.gl/1VRrw7
>> > - Contributions: https://goo.gl/mh7qDG
>> > ---
>> > You received this message because you are subscribed to the Google
>> Groups "CAS Community" group.
>> > To unsubscribe from this group and stop receiving emails from it, send
>> an email to cas-user+u...@apereo.org.
>> > To view this discussion on the web visit
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/56801da5-25b9-41e5-a94d-b788f4000626%40apereo.org.
>>
>>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/843e0e42-88f5-4654-9118-e90e81684311%40apereo.org
> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/843e0e42-88f5-4654-9118-e90e81684311%40apereo.org?utm_medium=email&utm_source=footer>
> .
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAOTVss9RL8MJEdtGKeib%3Dw0sN-gEgs7oyJVW5r1cjhwug%40mail.gmail.com.
