GitHub - stekershaw/mod_auth_cas: An Apache 2.0/2.2 compliant module that supports the CASv1 and CASv2 protocols.

stekershaw / mod_auth_cas Public

forked from apereo/mod_auth_cas

Notifications You must be signed in to change notification settings
Fork 0
Star 0

An Apache 2.0/2.2 compliant module that supports the CASv1 and CASv2 protocols.

wiki.jasig.org/display/casc/mod_auth_cas

0 stars 97 forks Branches Tags Activity

Star

Notifications

Branches Tags

Name		Name	Last commit message	Last commit date
Latest commit History 211 Commits
m4		m4
src		src
tests		tests
.gitignore		.gitignore
Makefile.am		Makefile.am
Makefile.in		Makefile.in
NOTES		NOTES
README		README
README.win32		README.win32
aclocal.m4		aclocal.m4
compile		compile
config.guess		config.guess
config.h.in		config.h.in
config.sub		config.sub
configure		configure
configure.ac		configure.ac
depcomp		depcomp
install-sh		install-sh
libtool		libtool
ltmain.sh		ltmain.sh
missing		missing
stamp-h1		stamp-h1

Repository files navigation

====================================================================
MOD_AUTH_CAS 1.0.10 README
====================================================================
Apache CAS Authentication Module

====================================================================
LICENSE
====================================================================
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

   http://www.apache.org/licenses/LICENSE-2.0

   Unless required by applicable law or agreed to in writing, software
   distributed under the License is distributed on an "AS IS" BASIS,
   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
   See the License for the specific language governing permissions and
   limitations under the License.

====================================================================
INTRODUCTION 
====================================================================
The purpose of this module is to allow an Apache web server to interact
with an authentication server that conforms to the CAS version 1 or 2
protocol as specified by Yale/JA-SIG.  At the time of this writing, the CAS
protocol specification is here:

http://www.ja-sig.org/products/cas/overview/protocol/index.html

====================================================================
NEW FEATURES AND FUNCTIONS IN THIS RELEASE 
====================================================================
* Unit tests added for a significant portion of functionality.

* Improved automake suport.

====================================================================
BUG FIXES 
====================================================================
* Fixed security bug impacting users of CAS attributes in a CGI
  environment (MAS-62) reported by Josh Hoyt.

* Assorted other stability fixes.

====================================================================
KNOWN LIMITATIONS
====================================================================
These limitations are known to exists in this release of the software:

* CAS Proxy Validation is not implemented in this version.

* CAS Ticket Validation can only be performed over an SSL connection.
  The CAS protocol does not explicitly require this, but to not do so
  leaves this system open to a man-in-the-middle attack.

* CAS single sign out is currently not functional and disabled.  It
  is only safe to use in the case where all requests are GET and not
  POST (the module inadvertently 'eats' some content of the POST
  request while determining if it should process it as a SAML logout
  request).

* Reports of slow performance on some systems (particularly
  virtual machines) have been reported.  This is related to the
  entropy that is gathered when creating a session cookie for
  the end user.  To combat this, there are 3 solutions.  The
  first is to upgrade the version of the Apache Portable Runtime
  on your system to >= 1.3.0.  In that version, entropy is gathered
  from a nonblocking source.  The second method would be to install
  a package such as rng-tools and feed random data from /dev/urandom
  to /dev/random("-r /dev/urandom").  The  last way is to reduce
  the size of the CASCookieEntropy setting, reducing the demand on
  the pool.

* Win32 support has been dropped (but not removed) due to lack of
  development resources, and seemingly minimal community usage.
  You are welcome to try it, but YMMV for success.

====================================================================
GETTING STARTED
====================================================================

SOFTWARE DEPENDENCIES
--------------------------------------------------------------------
The module was built and tested on the following libraries/versions:

OpenSSL - 0.9.8c
Apache Portable Runtime - 1.2.8
Apache Portable Runtime Utilities - 1.2.7
Apache Web Server - 2.2.3
libcurl - 7.18.2

Additionally, GNU Make and the auto* tools are necessary for building
mod_auth_cas.

Compatibility with other versions will depend on those other libraries.

To develop/test mod_auth_cas, the following Debian packages are neces

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

stekershaw/mod_auth_cas

Folders and files

Latest commit

History

Repository files navigation