##
## CAS Apache configuration file
##
# Always set this to on under mod_perl (I think it should be in the default)
PerlTaintCheck On
# We'll enable warning by default, but recommend setting to Off in production
PerlWarn On
# so modified modules are reloaded
#PerlInitHandler Apache2::Reload
# Some modules we can preload.
PerlModule Apache::DBI DBD::mysql CGI
<Perl>
$Apache2::PerlSections::Save = 1;
use CAS::Apache::Auth;
# This section creates the globals for the CAS admin client. Copy and
# modify this section for any
# other locations that should use a different client
# The default CAS client for this location
$CAS::admin_client = 1;
$CAS::Global::Auth::admin
= CAS::Apache::Auth->new({CLIENT_ID => $CAS::admin_client});
# Uncomment and edit if any CGI's need to be able to get this information
# without the use of the apache request object ($r->dir_confif('');)
# push(@PerlSetEnv, [CAS_BASE_URI => '/CAS'],
# [CLIENT_ID => $CAS::admin_client]);
</Perl>
# change /srv/www/CAS to the real location where you
# want to keep the CAS tree if different than below. Please also
# be sure to change the owner and group as appropriate for your server.
Alias /CAS/ /srv/www/CAS/
<Directory /srv/www/CAS>
Options Indexes +Multiviews
AllowOverride All
Order Allow,Deny
Allow from all
</Directory>
# This <Location> directive sets up the CAS server tree. The name of this
# location must also be set in the CAS_BASE_URI var for path parsing.
# Copy and modify this section for any
# other locations that should use a different client
<Location /CAS>
PerlOptions +GlobalRequest
PerlSetVar CAS_WELCOME_PAGE '/CAS/user/welcome'
PerlSetVar CAS_BASE_URI '/CAS'
PerlSetVar CLIENT_ID $CAS::admin_client
# This sets this location as a cgi directory, with CGI's handled by
# mod_perl. To mix in cgi's, set a certain file extension to be handled
# this way instead.
# SetHandler perl-script
# PerlHandler ModPerl::Registry
# Options +ExecCGI
# This section specifies that access to anything under this Location
# needs to be authorized by CAS.
AuthName CAS
AuthType custom
PerlAuthenHandler $CAS::Global::Auth::admin->authen
PerlAuthzHandler $CAS::Global::Auth::admin->authz
require valid-user
# This is only needed if you have code that sends a response, but not a
# header
# PerlSendHeader On
</Location>
# The login, NewUser and authenticate handlers have to be outside of the
# restricted location(s) in order to be accessible. Our convention is to have
# a /public directory which CAS::Apache::Authorization allows access to even
# if under a protected base
<Location /CAS/public>
SetHandler perl-script
PerlResponseHandler CAS::Apache::PublicForms
PerlSetVar auth_object CAS::Global::Auth::admin
Satisfy Any
Allow from all
</Location>
# And there needs to be a section handled by UserForms for things like
# edit account, logout etc
<Location /CAS/user>
SetHandler perl-script
PerlResponseHandler CAS::Apache::UserForms
</Location>
# the admin directory contains all of the forms that should only be available
# to CAS administrators, such editing users, adding clients, etc
<Location /CAS/admin>
SetHandler perl-script
PerlResponseHandler CAS::Apache::AdminForms
</Location>