- Get help
- Announcements & alerts
- Service outages
- Security alerts
- Major initiatives
- Information security
- Anti-Spam (CASL) Compliance
- Data security standard
- Desktop Security
- Identity Protection
- Phishing Scams
- Remote work
- Security hygiene
- Tips for safe computing
- Travelling with technology
- Keeping Your Personal Information Safe During the Holidays
- October is Cyber Security Awareness Month
Vision, strategy and policy
- One I.S. vision
- Cloud Computing Strategy
- Stewardship Model
- Stewardship Committees
- Stewardship Workflow
- Connecting to University Governance
- Approval and Prioritization
- Stewardship and Project Management
- Terms of Reference: One I.S. Stewardship Committee
- Administrative Systems Stewardship Committee
- Terms of Reference: Research Systems Stewardship Committee
- Terms of Reference: Educational Systems Stewardship Committee
- Mobile Strategy
- Reports and blog
- Vision, strategy and policy
Using mod_authn_cas at SFU
mod_authn_cas is an Apache module that uses CAS to authenticate a user and authorize their access to web content served by an Apache HTTP Server. Because this module does not redirect to the CAS login page, it can be used when protecting an application that is not web based, such as WebDAV.
This module is very basic and does not have any authorization features built in, so it relies on other modules or CAS itself to provide access control. Typically you would register your application (such as WebDAV) with CAS and specify what Required Attributes need to be specified.
Configuring mod_authn_cas at SFU
The first step is to download a copy of mod_authn_cas from here. You can then build and install the module.
Once the module is installed in your Apache's module directory, you should specify the following in your Apache httpd.conf file:
LoadModule authn_cas_module modules/mod_authn_cas.so
You then need to add a few required parameters to configure mod_authn_cas
mod_authn_cas needs to make a direct connection to the CASRestURL to log the user in. To allow the SSL connection to be made, you need to install the X509 certificate of the Certificate Authority for the CAS server in your certificate folder (default /etc/ssl/certs/). That certificate is available at ThawtePremiumServerBundleCA-2018-v3.pem. You would then specify the directory containing that certificate using:
You can then protect a directory in your Apache configuration by using:
AuthName "Enter an SFU account."
Supported Require Directives
The mod_authn_cas module doesn't support Require directives on its own, but built in modules like mod_auth_basic provide at least the following:
Require user userid [userid] ...
Other access control requirements can be specified in CAS when you register your CAS protected server/application.