Example TAMUCC CAS Login via Apache mod_auth_cas:
To protect any web directory via the TAMUCC CAS, go into that particular web folder and add the following to a .htaccess file:
SSLRequireSSL
AuthType CAS
AuthName "Restricted Area - CAS Login Required"
Require valid-user (or require user IslandID [IslandID IslandID....])
Require cas-attribute role:staff
Require cas-attribute role:faculty
Explanation of Fields:
- SSLRequireSSL -> The page must be accessed via SSL (https://vhost.tamucc.edu).
- AuthType CAS -> This tells Apache to use the mod_auth_cas module for authentication.
- AuthName "" -> The Login prompt title. Can be any string inside the quotes.
- require valid-user -> This line tells Apache it can let in any valid user.
You can also use:
require user IslandID IslandID... -> The list of valid IslandIDs of users, separated by spaces.
- require cas-attribute -> This line tells Apache to allow a user based on a CAS attribute that is being returned along with the valid login.
It can be used with or without a valid-user (implied) and you can stack multiple Require cas-attribute lines to match multiple values.
Format is "attribute:value".
List of possible attributes returned by our CAS servers (Can be limited by Site):
- BannerID
- emailaddress
- givenname
- name
- role
- surname
- UDC_IDENTIFIER
- UIN
- upn