- Get help
- Announcements & alerts
- Service outages
- Security alerts
- Major initiatives
- Jovanna Sauro wins SFU Personal Achievement Award
- Improve your cellular coverage by enabling WiFi Calling
- New committee guides transformative changes at SFU
- Expanded identity options for students within SFU applications
- SFU works toward keeping devices out of landfills
- A journey to improved WiFi
- Help us, help you, connect to better WiFi
- IT Services' new support system: ServiceHub
- Information Security Essential Courses
- IT Services leadership announcement
- University Wide Password Change Initiative
- April 2021 technical issue
- Telephone System Core Infrastructure Upgrade
- Decommissioning fraser.sfu.ca
- Information security
- Anti-Spam (CASL) Compliance
- Data security standard
- Desktop Security
- Security and Privacy Guidance: Social Media Apps
- Identity Protection
- Phishing Scams
- How to stay safe online
- Security hygiene
- Tips for safe computing
- Travelling with technology
- Keeping Your Personal Information Safe During the Holidays
- Don't get caught by a phishing scam
Using mod_authn_cas at SFU
mod_authn_cas is an Apache module that uses CAS to authenticate a user and authorize their access to web content served by an Apache HTTP Server. Because this module does not redirect to the CAS login page, it can be used when protecting an application that is not web based, such as WebDAV.
This module is very basic and does not have any authorization features built in, so it relies on other modules or CAS itself to provide access control. Typically you would register your application (such as WebDAV) with CAS and specify what Required Attributes need to be specified.
Configuring mod_authn_cas at SFU
The first step is to download a copy of mod_authn_cas from here. You can then build and install the module.
Once the module is installed in your Apache's module directory, you should specify the following in your Apache httpd.conf file:
LoadModule authn_cas_module modules/mod_authn_cas.so
You then need to add a few required parameters to configure mod_authn_cas
mod_authn_cas needs to make a direct connection to the CASRestURL to log the user in. To allow the SSL connection to be made, you need to install the X509 certificate of the Certificate Authority for the CAS server in your certificate folder (default /etc/ssl/certs/). That certificate is available at ThawtePremiumServerBundleCA-2018-v3.pem. You would then specify the directory containing that certificate using:
You can then protect a directory in your Apache configuration by using:
AuthName "Enter an SFU account."
Supported Require Directives
The mod_authn_cas module doesn't support Require directives on its own, but built in modules like mod_auth_basic provide at least the following:
Require user userid [userid] ...
Other access control requirements can be specified in CAS when you register your CAS protected server/application.