[OOD-users] Implementing authentication via CAS

E.M. Dragowsky dragowsky at case.edu
Mon Aug 20 11:50:13 EDT 2018 

Thanks for the assist, Trey -- Now that I've learned a bit more about CAS
through configuring OOD to use it, I'm impressed with the strategy and am
glad that we're using this in favor of kerberos for our authentication.

~ Em

On Mon, Aug 20, 2018 at 11:47 AM, Dockendorf, Trey <tdockendorf at osc.edu>
wrote:

> Your auth lines look good, my previous email forgot the unset of
> Authorization header.  I don’t think AuthName will get used because that
> typically is what populates basic auth dialogue box.  Every time I’ve used
> CAS the request redirects to CAS login form so you won’t get the basic auth
> dialogue box.
>
>
>
> - Trey
>
>
>
> --
>
> Trey Dockendorf
>
> HPC Systems Engineer
>
> Ohio Supercomputer Center
>
>
>
> *From: *OOD-users <ood-users-bounces at lists.osc.edu> on behalf of "E.M.
> Dragowsky" <dragowsky at case.edu>
> *Reply-To: *User support mailing list for Open OnDemand <
> ood-users at lists.osc.edu>
> *Date: *Monday, August 20, 2018 at 11:45 AM
> *To: *User support mailing list for Open OnDemand <ood-users at lists.osc.edu
> >
> *Subject: *Re: [OOD-users] Implementing authentication via CAS
>
>
>
> Ah...a simple resolution:  In ood_portal.yml, the 'servername' field
> requires specifying a public IP, which I had inadvertently not supplied.
>
> So for our site, authentication using CAS is working, and it seems
> reasonably straightforward to configure. If anyone can review what I've
> done, I'm open to receiving critiques:
>
> ood_portal.yml
>
> servername: [public-ip-name]
>
> auth:
>   - 'AuthType CAS'
>   - 'AuthName "Private"'
>   - 'RequestHeader unset Authorization'
>   - 'Require valid-user'
>
> /opt/rh/httpd24/root/etc/httpd/conf.d/cas.conf
> LoadModule auth_cas_module /opt/rh/httpd24/root/etc/
> httpd/modules/mod_auth_cas.so
> CASLoginURL [local-login-url]
> CASValidateURL [local-validate-url]
> CASCertificatePath /opt/rh/httpd24/root/etc/httpd/cas-cert/ca-certificate.
> crt
> CASDebug On
> CASCookiePath /opt/rh/httpd24/root/etc/httpd/run/cookie/
>
> Cheers
>
> ~ Em
>
>
>
> On Mon, Aug 20, 2018 at 10:27 AM, E.M. Dragowsky <dragowsky at case.edu>
> wrote:
>
> In reviewing the differences between ood-portal.conf in the successful
> test case, and the 'standard' configuration, the meaningful differences are
> few:
>
> < <VirtualHost [host-public-ip]:80>
> ---
> > <VirtualHost *:80>
> 87c87
> <     AuthType CAS
> ---
> >     AuthType Basic
> 89c89
> <     #AuthUserFile "/opt/rh/httpd24/root/etc/httpd/.htpasswd"
> ---
> >     AuthUserFile "/opt/rh/httpd24/root/etc/httpd/.htpasswd"
>
> Only setting the VIrtualHost through ood_config.yml is unclear -- the
> other two values are somewhat documented in the code. I tried to set the
> public IP using the 'servername' keyword, and then also 'virtualhost', and
> in both cases the result was 'VIrtualHost *:80'
>
>
> Thanks
>
>
>
> On Fri, Aug 17, 2018 at 4:45 PM, E.M. Dragowsky <dragowsky at case.edu>
> wrote:
>
> Greetings --
>
> Is anyone able to provide guidance on editing ood_portal.yml to support
> CAS authentication?  I tried a few ideas that did not work, based on our
> implementation test outlined below -- which provided a successful test.
>
> Thanks in advance
>
> =-=-=-=-=
> We have implemented CAS through a download and build of mod_auth_cas from
> this repo:  https://github.com/apereo/mod_auth_cas. The service was
> configured in the system, and then we made ad-hoc edits to the existing ood
> configuration in /opt/rh/httpd24/root/etc/httpd/conf.d to verify that the
> service would recognize OoD.
>
> This was realized through direct edit of the ood-portal.conf, and by
> creating a cas.conf file in /opt/rh/httpd24/root/etc/httpd/conf.d
>
>
>
>
>
>
>
>
>
>
> --
>
> E.M. Dragowsky, Ph.D.
>
> Research Computing -- UTech
>
> Case Western Reserve University
>
> (216) 368-0082
>
>
>
>
> --
>
> E.M. Dragowsky, Ph.D.
>
> Research Computing -- UTech
>
> Case Western Reserve University
>
> (216) 368-0082
>
>
>
>
> --
>
> E.M. Dragowsky, Ph.D.
>
> Research Computing -- UTech
>
> Case Western Reserve University
>
> (216) 368-0082
>
> _______________________________________________
> OOD-users mailing list
> OOD-users at lists.osc.edu
> https://lists.osu.edu/mailman/listinfo/ood-users
>
>


-- 
E.M. Dragowsky, Ph.D.
Research Computing -- UTech
Case Western Reserve University
(216) 368-0082
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osu.edu/pipermail/ood-users/attachments/20180820/6a05515d/attachment-0001.html>

More information about the OOD-users mailing list