How do I set up mod_auth_cas for a VirtualHost?

apache-2.2 ruby-on-rails phusion-passenger cas
9,970

Got it. The answer was to combine the <Location> and <Directory> blocks and add a Satisfy directive:

LoadModule auth_cas_module /usr/libexec/apache2/mod_auth_cas.so
CASCookiePath /tmp/mod_auth_cas/
CASVersion 2
CASDebug on
CASValidateServer off
CASAllowWildcardCert on
CASTimeout 86400
CASIdleTimeout 7200

LogLevel debug

<VirtualHost *:80>
  CASCookieDomain "myapp"
  CASLoginURL "https://cas.mycompany.com/cas/login"
  CASValidateURL "https://cas.mycompany.com/cas/serviceValidate"
  LogLevel debug
  ServerName "myapp"
  DocumentRoot "/path/to/rails_app/public"
  RailsEnv development
  <Location />
    Order deny,allow
    Deny from all
    AuthType CAS
    AuthName "MyCompany CAS"
    require valid-user
    Satisfy Any
  </Location>
</VirtualHost>
Share:
9,970

Related videos on Youtube

James A. Rosen
Author by

James A. Rosen

Updated on September 17, 2022

Comments

  • James A. Rosen
    James A. Rosen over 1 year

    I have the following in /etc/apache2/httpd.conf:

    Include /private/etc/apache2/passenger_pane_vhosts/*.conf

    I have the following in /etc/apache2/passenger_pane_vhosts/my_site.conf:

    LoadModule auth_cas_module /usr/libexec/apache2/mod_auth_cas.so
CASCookiePath /tmp/mod_auth_cas/
CASVersion 2
CASDebug on
CASValidateServer off
CASAllowWildcardCert on
CASTimeout 86400
CASIdleTimeout 7200
CASLoginURL https://cas.mycompany.com/cas/login
CASValidateURL https://cas.mycompany.com/cas/serviceValidate
CASCookieDomain hattip-dev.mitre.org

LogLevel debug

<VirtualHost *:80>
  LogLevel debug
  ServerName hattip.local
  DocumentRoot "/path/to/rails_app/public"
  RailsEnv development
  <Location />
    AuthType CAS
    AuthName "MyCompany CAS"
    CASAuthNHeader MOD_AUTH_CAS_USER
    require valid-user
  </Location>
  <directory "/path/to/rails_app/public">
    Order allow,deny
    Allow from all
  </directory>
</VirtualHost>

    Apache will start fine, but every request to my Rails application returns a 403 without redirecting to my CAS server. There is no CAS-related information in the logs, even though CASDebug is on and LogLevel is debug everywhere I can think to set it.

    PS: I've tried a few variations of the above configuration, including putting the mod_auth_cas declarations inside the <VirtualHost> definition, but most fail on startup. I've also tried deleting the <Location> block and moving that authentication into the <Directory> block: no change.

    Does anyone know how I can get mod_auth_cas to actually redirect to my CAS server?

    (Moved from StackOverflow)

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Default Apache test page when on SSL
Multiple Rails sites using Passenger and VirtualHosts?
How to set up Apache with Passenger (mod_rails) on Mac OS X?
No such file or directory - /var/run/mysqld/mysqld.sock
Restart Ruby without restarting the server
How to serve Rails application with Passenger/Apache without domain name?
Passenger + Nginx => 502 Bad Gateway
Problems set-up Single Sign-On using Kerberos authentication
Setting up Redmine on Debian with Phusion Passenger, static content doesn't show up
What does "referrer" mean in my webserver logs?