I have 2 single page applications developed in angular 6. I want to protect one of them with CAS and the other one should not be protected. In apache webserver, i have them under htdocs folder with the name 'unsecured' and 'secured'. Below is my mod_auth_cas configuration and it isn't working. It protects fine if i give <Location ~ "index.html"> but the problem is that it protects the unsecured app as well.
<Location /secured>
Authtype CAS
require valid-user
CASAuthNHeader sm_user
CASScope /secured
</Location>
I have a rewrite rule to rewrite /* to /secured and another rule /unsecured to /unsecured (this is placed above the /* so that unsecured rule executes first)
Please advise the right configuration
LoadModule auth_cas_module modules/mod_auth_cas.so
<Directory "/var/www/html/secured-by-cas"><IfModule mod_auth_cas.c>AuthType CASCASAuthNHeader On</IfModule>Require valid-user</Directory><IfModule mod_auth_cas.c>CASLoginUrl https://casdev.newschool.edu/cas/loginCASValidateUrl https://casdev.newschool.edu/cas/samlValidateCASCookiePath /var/cache/httpd/mod_auth_cas/CASValidateSAML OnCASSSOEnabled OnCASDebug Off</IfModule>
--
DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
THE NEW SCHOOL • INFORMATION TECHNOLOGY
71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david...@newschool.edu
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/843e0e42-88f5-4654-9118-e90e81684311%40apereo.org.