How do I set up mod_auth_cas for a VirtualHost?
Got it. The answer was to combine the <Location>
and <Directory>
blocks and add a Satisfy
directive:
LoadModule auth_cas_module /usr/libexec/apache2/mod_auth_cas.so
CASCookiePath /tmp/mod_auth_cas/
CASVersion 2
CASDebug on
CASValidateServer off
CASAllowWildcardCert on
CASTimeout 86400
CASIdleTimeout 7200
LogLevel debug
<VirtualHost *:80>
CASCookieDomain "myapp"
CASLoginURL "https://cas.mycompany.com/cas/login"
CASValidateURL "https://cas.mycompany.com/cas/serviceValidate"
LogLevel debug
ServerName "myapp"
DocumentRoot "/path/to/rails_app/public"
RailsEnv development
<Location />
Order deny,allow
Deny from all
AuthType CAS
AuthName "MyCompany CAS"
require valid-user
Satisfy Any
</Location>
</VirtualHost>
Related videos on Youtube
James A. Rosen
Updated on September 17, 2022Comments
-
James A. Rosen over 1 year
I have the following in
/etc/apache2/httpd.conf
:Include /private/etc/apache2/passenger_pane_vhosts/*.conf
I have the following in
/etc/apache2/passenger_pane_vhosts/my_site.conf
:LoadModule auth_cas_module /usr/libexec/apache2/mod_auth_cas.so CASCookiePath /tmp/mod_auth_cas/ CASVersion 2 CASDebug on CASValidateServer off CASAllowWildcardCert on CASTimeout 86400 CASIdleTimeout 7200 CASLoginURL https://cas.mycompany.com/cas/login CASValidateURL https://cas.mycompany.com/cas/serviceValidate CASCookieDomain hattip-dev.mitre.org LogLevel debug <VirtualHost *:80> LogLevel debug ServerName hattip.local DocumentRoot "/path/to/rails_app/public" RailsEnv development <Location /> AuthType CAS AuthName "MyCompany CAS" CASAuthNHeader MOD_AUTH_CAS_USER require valid-user </Location> <directory "/path/to/rails_app/public"> Order allow,deny Allow from all </directory> </VirtualHost>
Apache will start fine, but every request to my Rails application returns a 403 without redirecting to my CAS server. There is no CAS-related information in the logs, even though
CASDebug
ison
andLogLevel
isdebug
everywhere I can think to set it.PS: I've tried a few variations of the above configuration, including putting the
mod_auth_cas
declarations inside the<VirtualHost>
definition, but most fail on startup. I've also tried deleting the<Location>
block and moving that authentication into the<Directory>
block: no change.Does anyone know how I can get
mod_auth_cas
to actually redirect to my CAS server?(Moved from StackOverflow)