forked from apereo/mod_auth_cas
-
Notifications
You must be signed in to change notification settings - Fork 0
An Apache 2.0/2.2 compliant module that supports the CASv1 and CASv2 protocols.
stekershaw/mod_auth_cas
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Folders and files
Name | Name | Last commit message | Last commit date | |
---|---|---|---|---|
Repository files navigation
==================================================================== MOD_AUTH_CAS 1.0.10 README ==================================================================== Apache CAS Authentication Module ==================================================================== LICENSE ==================================================================== Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. ==================================================================== INTRODUCTION ==================================================================== The purpose of this module is to allow an Apache web server to interact with an authentication server that conforms to the CAS version 1 or 2 protocol as specified by Yale/JA-SIG. At the time of this writing, the CAS protocol specification is here: http://www.ja-sig.org/products/cas/overview/protocol/index.html ==================================================================== NEW FEATURES AND FUNCTIONS IN THIS RELEASE ==================================================================== * Unit tests added for a significant portion of functionality. * Improved automake suport. ==================================================================== BUG FIXES ==================================================================== * Fixed security bug impacting users of CAS attributes in a CGI environment (MAS-62) reported by Josh Hoyt. * Assorted other stability fixes. ==================================================================== KNOWN LIMITATIONS ==================================================================== These limitations are known to exists in this release of the software: * CAS Proxy Validation is not implemented in this version. * CAS Ticket Validation can only be performed over an SSL connection. The CAS protocol does not explicitly require this, but to not do so leaves this system open to a man-in-the-middle attack. * CAS single sign out is currently not functional and disabled. It is only safe to use in the case where all requests are GET and not POST (the module inadvertently 'eats' some content of the POST request while determining if it should process it as a SAML logout request). * Reports of slow performance on some systems (particularly virtual machines) have been reported. This is related to the entropy that is gathered when creating a session cookie for the end user. To combat this, there are 3 solutions. The first is to upgrade the version of the Apache Portable Runtime on your system to >= 1.3.0. In that version, entropy is gathered from a nonblocking source. The second method would be to install a package such as rng-tools and feed random data from /dev/urandom to /dev/random("-r /dev/urandom"). The last way is to reduce the size of the CASCookieEntropy setting, reducing the demand on the pool. * Win32 support has been dropped (but not removed) due to lack of development resources, and seemingly minimal community usage. You are welcome to try it, but YMMV for success. ==================================================================== GETTING STARTED ==================================================================== SOFTWARE DEPENDENCIES -------------------------------------------------------------------- The module was built and tested on the following libraries/versions: OpenSSL - 0.9.8c Apache Portable Runtime - 1.2.8 Apache Portable Runtime Utilities - 1.2.7 Apache Web Server - 2.2.3 libcurl - 7.18.2 Additionally, GNU Make and the auto* tools are necessary for building mod_auth_cas. Compatibility with other versions will depend on those other libraries. To develop/test mod_auth_cas, the following Debian packages are neces