This is not as straightforward as it should be as mod_auth_cas has not yet been brought up to date with the latest SAML 1.1 schema and the XML parsing doesn’t support the changes. In addition the pull request for the changes in github is out of date with the main branch so that’s not much help either.
That being said if you don’t use the SAML validation for attribute release you can still go ahead.
apt-get install libapache2-mod-auth-cas
a2enmod auth_cas
Configure the CAS configuration which you can do in /etc/apache2/mods-enabled/auth_cas.conf
CASCookiePath /var/cache/apache2/mod_auth_cas/ CASLoginURL https://www.wrighting.org/cas/login #CASValidateURL https://www.wrighting.org/cas/samlValidate CASValidateURL https://www.wrighting.org/cas/serviceValidate CASDebug Off CASValidateServer On CASVersion 2 #Only if using SAML #CASValidateSAML Off #CASAttributeDelimiter ; #Experimental sign out CASSSOEnabled On
Configure the protected directories probably somewhere in /etc/apache2/sites-enabled
N.B. You also need to ensure that the ServerName is set otherwise the service parameter on the call to CAS will contain 127.0.1.1 as the hostname
Authtype CAS
CASAuthNHeader On
require valid-user
#Only works if you are using Attribute release which requires SAML validation
#require cas-attribute memberOf:cn=helpDesk,ou=groups,dc=wrighting,dc=org
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
Authtype CAS
require valid-user
Don’t forget to restart apache service apache2 reload
Updated mod_auth_cas is now being maintained again
mkdir /var/cache/apache2/mod_auth_cas
chown www-data:www-data /var/cache/apache2/mod_auth_cas
apt-get install make apache2-prefork-dev libcurl4-gnutls-dev
git clone https://github.com/Jasig/mod_auth_cas
./configure
make
make install
Leave a comment