CAS Apache Module - Ignore SSO/URL in a protected directory
180 views
Skip to first unread message
RJ Guroo
Feb 16, 2017, 10:05:51 PM2/16/17
to cas-...@apereo.org
I have a requirement to ignore SSO for subsequent folders within a protected folder.
For example: We have to protect the URI, /app1//app1/ should be protected
/app1/dir1/ .. protected by the first rule
/app1/dir2/ .. protected by the first rule
/app1/dir2/ .. protected by the first rule
/app1/dir2/ .. protected by the first rule
/app1/dir2/ .. protected by the first rule
/app1/dir3/ should be excluded or ignored by SSO.
/app1/dir4/ .. protected by the first rule
/app1/dir5/ .. protected by the first rule
/app1/dir6/ .. protected by the first rule
/app1/dir4/ .. protected by the first rule
/app1/dir5/ .. protected by the first rule
/app1/dir6/ .. protected by the first rule
We cant protect individual directories, as the real list is so big.
In Siteminder langauge, we used to root protect /app1/ and have the following in LocalConfig of the Web Agent
IgnoreUrl="/app1/dir3/"
IgnoreUrl="/app1/dir3/"
This is a frequent requirement for us. How to go about this with CAS?
Ray Bon
Feb 17, 2017, 12:37:29 PM2/17/17
to cas-...@apereo.org
I have not used Siteminder. It sounds like it sits in front of your
application.
CAS is configured as part of your application. For a java application you set up filters and include the secured URIs:
<filter-mapping>
<filter-name>CAS Authentication Filter</filter-name>
<url-pattern>/app1</url-pattern>
<url-pattern>/app1/dir2/**</url-pattern>
<url-pattern>/app1/dir4/*</url-pattern>
</filter-mapping>
Each CAS client will have its own way of configuring protected pages.
Ray
CAS is configured as part of your application. For a java application you set up filters and include the secured URIs:
<filter-mapping>
<filter-name>CAS Authentication Filter</filter-name>
<url-pattern>/app1</url-pattern>
<url-pattern>/app1/dir2/**</url-pattern>
<url-pattern>/app1/dir4/*</url-pattern>
</filter-mapping>
Each CAS client will have its own way of configuring protected pages.
Ray
--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CACNfiMJHesWBDHLLfffS8Cq50chwOvADWvnjE8aB_g5hp6H%2B6g%40mail.gmail.com.
-- Ray Bon Programmer Analyst Development Services, University Systems 2507218831 | CLE C023 | rb...@uvic.ca
David Hawes
Feb 17, 2017, 7:53:54 PM2/17/17
to CAS Community
Something like:
<Location /app1>
AuthType CAS
CASGateway /app1/dir3
<RequireAll>
Require valid-user
</RequireAll>
</Location>
<Location /app1/dir3>
Require all granted
</Location>
RJ Guroo
Feb 19, 2017, 10:48:03 AM2/19/17
to cas-...@apereo.org
Yes, I understand. but there are unique cases for the need of negation. For example, there are 99 protected folders and one public folder, we need to have 99 patterns without negation. Also, developers keep adding more directories in the app, as time goes.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CACNfiMJHesWBDHLLfffS8Cq50chwOvADWvnjE8aB_g5hp6H%2B6g%40mail.gmail.com.
-- Ray Bon Programmer Analyst Development Services, University Systems 2507218831 | CLE C023 | rb...@uvic.ca
--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/6daf2db9-8b35-246e-cbd9-b43814eb3199%40uvic.ca.
RJ Guroo
Feb 19, 2017, 10:51:56 AM2/19/17
to cas-...@apereo.org
Thanks David. I will test this out. However, I've found that Apache has got AuthType None for this.
--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAAgu-wASsr_v13To0tWUv-9SHmugD2gnX2cHRi40Q9vBbWYHVw%40mail.gmail.com.
Reply all
Reply to author
Forward
0 new messages