To allow the CAS client to test/demonstrate both content secured only by CAS and content secured by both CAS and Duo at the same time, create a new secure content area on the CAS client server and configure Apache HTTPD to protect it.
Create a new secure content area
Make a copy of the existing secure content area on the client server (casdev-casapp):
casdev-casapp# cd /var/www/html
casdev-casapp# cp -rp secured-by-cas secured-by-cas-duo
Then edit the file secured-by-cas-duo/index.php
and update the paragraph of text to reflect the requirements to view it:
<p><big>This is some secure content. You should not be able to see it
until you have entered your username and password and authenticated
with Duo.</big></p>
Leave the rest of the file unchanged.
Update mod_auth_cas
settings
Edit the file /etc/httpd/conf.d/cas.conf
on the client server (casdev-casapp) and create another <Directory>
element for the new secure content area created above:
<Directory "/var/www/html/secured-by-cas-duo">
<IfModule mod_auth_cas.c>
AuthType CAS
CASAuthNHeader On
</IfModule>
Require valid-user
</Directory>
Except for the path name of the directory, it should be identical to the other <Directory>
elements.
Update the public content page
Update /var/www/html/index.php
to include a link to the new secure area:
<!DOCTYPE html>
<html lang="en">
<head>
<title>Hello, World!</title>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet"
href="//maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css">
</head>
<body>
<div class="container">
<h1>Hello, World!</h1>
<p><big>The quick brown fox jumped over the lazy dogs.</big></p>
<p><big>Click <a href="secured-by-cas/index.php">here</a> for some
content secured by username and password.</big></p>
<p><big>Click <a href="return-mapped/index.php">here</a> to see the
results of the "Return Mapped" attribute release policy.</big></p>
<p><big>Click <a href="secured-by-cas-duo/index.php">here</a> for some
content secured by username/password and Duo MFA.</big></p>
</div>
</body>
</html>
Restart HTTPD
Run the command
casdev-casapp# systemctl restart httpd
to restart the HTTPD server with the new configuration. Check the log files in /var/log/httpd
for errors.