Nginx App Protected with CAS SSO
57 views
Skip to first unread message
Fernando Gomez
Mar 11, 2019, 8:30:51 AM3/11/19
to CAS Community
Hello, I currently have an APP with apache mod_auth_cas, that protects it, but the application in production I have in Nginx, is there any way to do something similar to what I already have in Nginx?
<Directory "/ var / www / html / fer-app-proxy">
Authtype CAS
Require valid-user
Options Indexes MultiViews
AllowOverride all
Order allow, deny
Allow from all
CASScope / fer-app-proxy
</ Directory>
<IfModule mod_auth_cas.c>
CASLoginUrl https: // myservercas / cas / login
#CASValidateUrl https: // myservercas / cas / p3 / serviceValidate
CASValidateUrl https: // myservercas / cas / p3 / proxyValidate
CASCookiePath / var / cache / apache2 / mod_auth_cas /
CASValidateServer Off
CASVersion 2
LogLevel debug
CASDebug On
CASTimeout 864000
CASIdleTimeout 72000
CASSSOEnabled On
ErrorLog /var/log/cas_error.log
</ IfModule>
Thanks in advance
LoadModule auth_cas_module /etc/apache2/mods-available/mod_auth_cas.so
<Directory "/ var / www / html / fer-app-proxy">
Authtype CAS
Require valid-user
Options Indexes MultiViews
AllowOverride all
Order allow, deny
Allow from all
CASScope / fer-app-proxy
</ Directory>
<IfModule mod_auth_cas.c>
CASLoginUrl https: // myservercas / cas / login
#CASValidateUrl https: // myservercas / cas / p3 / serviceValidate
CASValidateUrl https: // myservercas / cas / p3 / proxyValidate
CASCookiePath / var / cache / apache2 / mod_auth_cas /
CASValidateServer Off
CASVersion 2
LogLevel debug
CASDebug On
CASTimeout 864000
CASIdleTimeout 72000
CASSSOEnabled On
ErrorLog /var/log/cas_error.log
</ IfModule>
Pascal Rigaux
Mar 11, 2019, 10:13:32 AM3/11/19
to cas-...@apereo.org
Hi,
Look at https://github.com/toshipiazza/ngx-http-cas-client-lua
I may try it in the future:
- I would simplify it a bit by replacing "generate_cookie" with using the "ticket" as the cookie (as done in phpCAS, which simplifies SLO)
- I also would add "REMOTE_USER" handling
cu
Look at https://github.com/toshipiazza/ngx-http-cas-client-lua
I may try it in the future:
- I would simplify it a bit by replacing "generate_cookie" with using the "ticket" as the cookie (as done in phpCAS, which simplifies SLO)
- I also would add "REMOTE_USER" handling
cu
Pascal Rigaux
Mar 13, 2019, 5:45:47 AM3/13/19
to cas-...@apereo.org
Hi,
I have created a functional nginx-auth-cas-lua, quite simple and more
similar to mod_auth_cas:
https://github.com/prigaux/nginx-auth-cas-lua .
It is not tested in production yet. But i do have nginx-lua in
production for https://framagit.org/snippets/2820 .
cu
Pascal Rigaux <pascal...@univ-paris1.fr> a écrit :
--
Pascal Rigaux
I have created a functional nginx-auth-cas-lua, quite simple and more
similar to mod_auth_cas:
https://github.com/prigaux/nginx-auth-cas-lua .
It is not tested in production yet. But i do have nginx-lua in
production for https://framagit.org/snippets/2820 .
cu
Pascal Rigaux <pascal...@univ-paris1.fr> a écrit :
Pascal Rigaux
Reply all
Reply to author
Forward
0 new messages