TWiki
>
CF Web
>
Software
>
WebCapabilities
>
ModAuthCASUbuntu
(2024-12-16,
MariHassanzada
)
(raw view)
E
dit
A
ttach
---+ Installing and configuring the mod_auth_cas module to work with Apache 2 on Ubuntu This is to make use of the Central Authentication Service provided by IST for single-sign-on across campus. *NOTE: As of 2015-05, CAS has been deprecated in favour of [[Trash.CFADFS]]* Using CAS, a web server only needs to supply a =.htaccess= containing =require valid-user= to populate Apache =REMOTE_USER= with the logged in user's !WatIAM id. (see sample apache config at bottom of this page). Note that for regular development, you don't necessarily need to install CAS. If your application uses "Basic Authentication" it will populate =REMOTE_USER= in the same way as CAS, so you can then drop it into a CAS environment and it should just work. ---++ Fetch, build, and install the module You need to install =subversion= to get the module source, and =apache2-threaded-dev= to build and install the module: <verbatim> apt-get install subversion apache2-threaded-dev </verbatim> Then, download, build, and install the source: <verbatim> svn co https://www.ja-sig.org/svn/cas-clients/mod_auth_cas/trunk mod_auth_cas cd mod_auth_cas/src cp mod_auth_cas.h mod_auth_cas.h.orig sed 's/^#undef APACHE2_0/#define APACHE2_0/g' mod_auth_cas.h.orig > mod_auth_cas.h apxs2 -i -c mod_auth_cas.c </verbatim> ---++ Set things up for the module to work Get the CA certificate: <verbatim> cd /etc/apache2/ssl wget http://ist.uwaterloo.ca/security/IST-CA/certs/2.pem mv 2.pem cacert.pem </verbatim> Make a place for CAS to store cookies: <verbatim> mkdir -m 700 /tmp/cas chown www-data:www-data /tmp/cas </verbatim> */tmp gets cleaned at reboot, so arrange the above happens at every boot.* *NEW: Instructions to setup automatic creation of /tmp/cas at boot time:* I modified /etc/init.d/apache2 start up script for Ubuntu as follows: Modify the "start" section as below: <verbatim> start) [ -f /etc/apache2/httpd.conf ] || touch /etc/apache2/httpd.conf [ -d /var/run/apache2 ] || mkdir -p /var/run/apache2 [ -d /var/lock/apache2 ] || mkdir -p /var/lock/apache2 chown www-data /var/lock/apache2 #for the cas module - omar nafees added this [ -d /tmp/cas ] || mkdir -p /tmp/cas chown www-data /tmp/cas chgrp www-data /tmp/cas #ssl_scache shouldn't be here if we're just starting up. [ -f /var/run/apache2/ssl_scache ] && rm -f /var/run/apache2/*ssl_scache* log_begin_msg "Starting web server (apache2)..." if $APACHE2CTL start; then log_end_msg 0 else log_end_msg 1 fi ;; </verbatim> ---++ Configure apache2 to load the module Create =/etc/apache2/mods-available/cas.load=: <verbatim> LoadModule auth_cas_module /usr/lib/apache2/modules/mod_auth_cas.so </verbatim> Create =/etc/apache2/mods-available/cas.conf=: <verbatim> <IfModule mod_auth_cas.c> CASVersion 2 CASDebug On CASCertificatePath /etc/apache2/ssl/cacert.pem CASLoginURL https://cas.uwaterloo.ca/cas/login CASValidateURL https://cas.uwaterloo.ca/cas/serviceValidate </IfModule> </verbatim> Enable the module <verbatim> sudo a2enmod cas </verbatim> ---++ Example usage of the module Protect your page(s) with the following in =.htaccess= (or apache config somewhere): <verbatim> AuthType CAS require user <list of userids> </verbatim> or =require valid-user= ---++ Troubleshooting If you get an error message such as this while rebooting apache2: <verbatim> Cannot load /usr/lib/apache2/modules/mod_auth_ca s.so into server: /usr/lib/apache2/modules/mod_auth_cas.so: undefined symbol: ap_http_method ...fail! </verbatim> ... repeat the "build and install source step" above (by restoring the original header file by running =rm mod_auth_cas.h; svn update= in the =mod_auth_cas= directory) and do not execute the =sed= step just before running the =apxs2= command above. ---++ References * https://strobe.uwaterloo.ca/~twiki/bin/view/ISTCSS/CASClientAuth * https://strobe.uwaterloo.ca/~twiki/bin/view/ISTCSS/CasAuthServer
E
dit
|
A
ttach
|
Watch
|
P
rint version
|
H
istory
: r10
<
r9
<
r8
<
r7
<
r6
|
B
acklinks
|
V
iew topic
|
WYSIWYG
|
M
ore topic actions
Topic revision: r10 - 2024-12-16
-
MariHassanzada
CF
Information in this area is meant for use by CSCF staff and is not official documentation, but anybody who is interested is welcome to use it if they find it useful.
CF Web
CF Web Home
Changes
Index
Search
Administration
Communication
Email
Hardware
HelpDeskGuide
Infrastructure
InternalProjects
Linux
MachineNotes
Macintosh
Management
Networking
Printing
Research
Security
Software
Solaris
StaffStuff
TaskGroups
TermGoals
Teaching
UserSupport
Vendors
Windows
XHier
Other Webs
CSEveryBody
Main
Sandbox
TWiki
UW
My links
People
CERAS
WatForm
Tetherless lab
Ubuntu Main.HowTo
eDocs
RGG NE notes
RGG
CS infrastructure
Grad images
Edit
Copyright © 2008-2025 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki?
Send feedback