- Get help
- Services
- Announcements & alerts
- Service outages
- Security alerts
- Major initiatives
- Reintroducing IT ServiceHub: Your One-Stop IT Support Platform
- Supporting SFU's Digital Transformation with Exchange Online
- Important changes to SFU email practices
- Transforming the SFU experience through digital improvements - Key Initiatives in Progress
- Jovanna Sauro wins SFU Personal Achievement Award
- Improve your cellular coverage by enabling WiFi Calling
- New committee guides transformative changes at SFU
- Expanded identity options for students within SFU applications
- SFU works toward keeping devices out of landfills
- A journey to improved WiFi
- Help us, help you, connect to better WiFi
- IT Services' new support system: ServiceHub
- Information Security Essential Courses
- IT Services leadership announcement
- University Wide Password Change Initiative
- April 2021 technical issue
- Telephone System Core Infrastructure Upgrade
- Decommissioning fraser.sfu.ca
- About
- Information security
Using mod_authn_cas at SFU
mod_authn_cas introduction
mod_authn_cas is an Apache module that uses CAS to authenticate a user and authorize their access to web content served by an Apache HTTP Server. Because this module does not redirect to the CAS login page, it can be used when protecting an application that is not web based, such as WebDAV.
This module is very basic and does not have any authorization features built in, so it relies on other modules or CAS itself to provide access control. Typically you would register your application (such as WebDAV) with CAS and specify what Required Attributes need to be specified.
Configuring mod_authn_cas at SFU
The first step is to download a copy of mod_authn_cas from here. You can then build and install the module.
Once the module is installed in your Apache's module directory, you should specify the following in your Apache httpd.conf file:
LoadModule authn_cas_module modules/mod_authn_cas.so
You then need to add a few required parameters to configure mod_authn_cas
CASRestURL https://cas.sfu.ca/cas/v1/tickets
mod_authn_cas needs to make a direct connection to the CASRestURL to log the user in. To allow the SSL connection to be made, you need to install the X509 certificate of the Certificate Authority for the CAS server in your certificate folder (default /etc/ssl/certs/). That certificate is available at ThawtePremiumServerBundleCA-2018-v3.pem. You would then specify the directory containing that certificate using:
CASCertificatePath /etc/ssl/certs/
You can then protect a directory in your Apache configuration by using:
<Location /WebDAV>
AuthType Basic
AuthName "Enter an SFU account."
AuthBasicProvider cas
Require valid-user
</Location>
Supported Require Directives
The mod_authn_cas module doesn't support Require directives on its own, but built in modules like mod_auth_basic provide at least the following:
Require valid-user
Require user userid [userid] ...
Other access control requirements can be specified in CAS when you register your CAS protected server/application.