Now that the CAS server has been configured to resolve attributes and release them to the CAS client, the CAS client has to be configured to ask for them.
Update mod_auth_cas
settings
Edit the file /etc/httpd/conf.d/cas.conf
on the client server (casdev-casapp ) and make the following changes:
- In the
<Directory>
directive, add a line to setCASAuthNHeader
toOn
. This tellsmod_auth_cas
to add an HTTP header containing the user returned by CAS. - Add a second
<Directory>
directive, just like the first, except using the path/var/www/html/return-mapped
- At the bottom of the file, change the value of the
CASValidateURL
setting from.../serviceValidate
to.../samlValidate
. This is the endpoint provided by the server for authentcating users and returning attribues via SAML 1.1. - At the bottom of the file, add a line to set
CASValidateSAML
toOn
. This tellsmod_auth_cas
to use SAML 1.1 to retrieve user attributes and store them as HTTP headers.
The result should look like this:
LoadModule auth_cas_module modules/mod_auth_cas.so
<Directory "/var/www/html/secured-by-cas">
<IfModule mod_auth_cas.c>
AuthType CAS
CASAuthNHeader On
</IfModule>
Require valid-user
</Directory>
<Directory "/var/www/html/return-mapped">
<IfModule mod_auth_cas.c>
AuthType CAS
CASAuthNHeader On
</IfModule>
Require valid-user
</Directory>
<IfModule mod_auth_cas.c>
CASLoginUrl https://casdev.newschool.edu/cas/login
CASValidateUrl https://casdev.newschool.edu/cas/samlValidate
CASCookiePath /var/cache/httpd/mod_auth_cas/
CASValidateSAML On
CASSSOEnabled On
CASDebug Off
</IfModule>
Create a new secure content area
Make a copy of the existing secure content area on the client server (casdev-casapp):
casdev-casapp# cd /var/www/html
casdev-casapp# cp -rp secured-by-cas return-mapped
Then edit the file return-mapped/index.html
and update the heading and paragraph of text to reflect the requirements to view it:
<h1>Return Mapped Attributes</h1>
<p><big>This is some secure content. You should not be able to see it
until you have entered your username and password. The attributes in
the list below should have their "new" names as a result of using a
"Return Mapped" attribute release policy.</big></p>
Leave the rest of the file unchanged.
Update the public content page
Update /var/www/html/index.php
to include a link to the new secure area:
<!DOCTYPE html>
<html lang="en">
<head>
<title>Hello, World!</title>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet"
href="//maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css">
</head>
<body>
<div class="container">
<h1>Hello, World!</h1>
<p><big>The quick brown fox jumped over the lazy dogs.</big></p>
<p><big>Click <a href="secured-by-cas/index.php">here</a> for some
content secured by username and password.</big></p>
<p><big>Click <a href="return-mapped/index.php">here</a> to see the
results of the "Return Mapped" attribute release policy.</big></p>
</div>
</body>
</html>
Restart HTTPD
Run the command
casdev-casapp# systemctl restart httpd
to restart the HTTPD server with the new configuration. Check the log files in /var/log/httpd
for errors.