[OOD-users] Implementing authentication via CAS

Dockendorf, Trey tdockendorf at osc.edu
Mon Aug 20 11:45:01 EDT 2018 

Having VirtualHost *:80 should be fine as long as ServerName matches the name that is being used to access OOD.  For our systems we set “servername” in ood_portal.yml to the DNS name of our instance that is used to access the web interface, not the IP.  We don’t define virtualhost.

Example:

listen_addr_port:
- '443'
- '80'
servername: ood.osc.edu
port: '443'

The above example assumes your using SSL, if you’re not (not recommended) then you can ignore the values that have 443.

For the auth block you’ll want to just have something like this:

auth:
- AuthType CAS
- Require valid-user

Those two should be enough to require a valid CAS user if you have properly configured mod_auth_cas.

- Trey

--
Trey Dockendorf
HPC Systems Engineer
Ohio Supercomputer Center

From: OOD-users <ood-users-bounces+tdockendorf=osc.edu at lists.osc.edu> on behalf of "E.M. Dragowsky" <dragowsky at case.edu>
Reply-To: User support mailing list for Open OnDemand <ood-users at lists.osc.edu>
Date: Monday, August 20, 2018 at 10:27 AM
To: User support mailing list for Open OnDemand <ood-users at lists.osc.edu>
Subject: Re: [OOD-users] Implementing authentication via CAS

In reviewing the differences between ood-portal.conf in the successful test case, and the 'standard' configuration, the meaningful differences are few:

< <VirtualHost [host-public-ip]:80>
---
> <VirtualHost *:80>
87c87
<     AuthType CAS
---
>     AuthType Basic
89c89
<     #AuthUserFile "/opt/rh/httpd24/root/etc/httpd/.htpasswd"
---
>     AuthUserFile "/opt/rh/httpd24/root/etc/httpd/.htpasswd"
Only setting the VIrtualHost through ood_config.yml is unclear -- the other two values are somewhat documented in the code. I tried to set the public IP using the 'servername' keyword, and then also 'virtualhost', and in both cases the result was 'VIrtualHost *:80'

Thanks

On Fri, Aug 17, 2018 at 4:45 PM, E.M. Dragowsky <dragowsky at case.edu<mailto:dragowsky at case.edu>> wrote:
Greetings --
Is anyone able to provide guidance on editing ood_portal.yml to support CAS authentication?  I tried a few ideas that did not work, based on our implementation test outlined below -- which provided a successful test.
Thanks in advance
=-=-=-=-=
We have implemented CAS through a download and build of mod_auth_cas from this repo:  https://github.com/apereo/mod_auth_cas. The service was configured in the system, and then we made ad-hoc edits to the existing ood configuration in /opt/rh/httpd24/root/etc/httpd/conf.d to verify that the service would recognize OoD.
This was realized through direct edit of the ood-portal.conf, and by creating a cas.conf file in /opt/rh/httpd24/root/etc/httpd/conf.d






--
E.M. Dragowsky, Ph.D.
Research Computing -- UTech
Case Western Reserve University
(216) 368-0082



--
E.M. Dragowsky, Ph.D.
Research Computing -- UTech
Case Western Reserve University
(216) 368-0082
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osu.edu/pipermail/ood-users/attachments/20180820/28d2895f/attachment.html>

More information about the OOD-users mailing list