[OOD-users] Implementing authentication via CAS
E.M. Dragowsky
dragowsky at case.edu
Mon Aug 20 11:44:54 EDT 2018
Ah...a simple resolution: In ood_portal.yml, the 'servername' field
requires specifying a public IP, which I had inadvertently not supplied.
So for our site, authentication using CAS is working, and it seems
reasonably straightforward to configure. If anyone can review what I've
done, I'm open to receiving critiques:
ood_portal.yml
servername: [public-ip-name]
auth:
- 'AuthType CAS'
- 'AuthName "Private"'
- 'RequestHeader unset Authorization'
- 'Require valid-user'
/opt/rh/httpd24/root/etc/httpd/conf.d/cas.conf
LoadModule auth_cas_module
/opt/rh/httpd24/root/etc/httpd/modules/mod_auth_cas.so
CASLoginURL [local-login-url]
CASValidateURL [local-validate-url]
CASCertificatePath
/opt/rh/httpd24/root/etc/httpd/cas-cert/ca-certificate.crt
CASDebug On
CASCookiePath /opt/rh/httpd24/root/etc/httpd/run/cookie/
Cheers
~ Em
On Mon, Aug 20, 2018 at 10:27 AM, E.M. Dragowsky <dragowsky at case.edu> wrote:
> In reviewing the differences between ood-portal.conf in the successful
> test case, and the 'standard' configuration, the meaningful differences are
> few:
>
> < <VirtualHost [host-public-ip]:80>
> ---
> > <VirtualHost *:80>
> 87c87
> < AuthType CAS
> ---
> > AuthType Basic
> 89c89
> < #AuthUserFile "/opt/rh/httpd24/root/etc/httpd/.htpasswd"
> ---
> > AuthUserFile "/opt/rh/httpd24/root/etc/httpd/.htpasswd"
>
> Only setting the VIrtualHost through ood_config.yml is unclear -- the
> other two values are somewhat documented in the code. I tried to set the
> public IP using the 'servername' keyword, and then also 'virtualhost', and
> in both cases the result was 'VIrtualHost *:80'
>
> Thanks
>
> On Fri, Aug 17, 2018 at 4:45 PM, E.M. Dragowsky <dragowsky at case.edu>
> wrote:
>
>> Greetings --
>>
>> Is anyone able to provide guidance on editing ood_portal.yml to support
>> CAS authentication? I tried a few ideas that did not work, based on our
>> implementation test outlined below -- which provided a successful test.
>>
>> Thanks in advance
>>
>> =-=-=-=-=
>> We have implemented CAS through a download and build of mod_auth_cas from
>> this repo: https://github.com/apereo/mod_auth_cas. The service was
>> configured in the system, and then we made ad-hoc edits to the existing ood
>> configuration in /opt/rh/httpd24/root/etc/httpd/conf.d to verify that
>> the service would recognize OoD.
>>
>> This was realized through direct edit of the ood-portal.conf, and by
>> creating a cas.conf file in /opt/rh/httpd24/root/etc/httpd/conf.d
>>
>>
>>
>>
>>
>>
>>
>> --
>> E.M. Dragowsky, Ph.D.
>> Research Computing -- UTech
>> Case Western Reserve University
>> (216) 368-0082
>>
>
>
>
> --
> E.M. Dragowsky, Ph.D.
> Research Computing -- UTech
> Case Western Reserve University
> (216) 368-0082
>
--
E.M. Dragowsky, Ph.D.
Research Computing -- UTech
Case Western Reserve University
(216) 368-0082
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osu.edu/pipermail/ood-users/attachments/20180820/5491b378/attachment-0001.html>
More information about the OOD-users
mailing list