[LON-CAPA-cvs] cvs: loncom /html/adm/help/tex Institutional_Integration_CAS.tex

raeburn raeburn at source.lon-capa.org
Sun Dec 30 08:47:39 EST 2018


raeburn		Sun Dec 30 13:47:39 2018 EDT

  Modified files:              
    /loncom/html/adm/help/tex	Institutional_Integration_CAS.tex 
  Log:
  - Replace generic module name with name of Apereo CAS project's mod_auth_cas
    Apache module.
  
  
Index: loncom/html/adm/help/tex/Institutional_Integration_CAS.tex
diff -u loncom/html/adm/help/tex/Institutional_Integration_CAS.tex:1.2 loncom/html/adm/help/tex/Institutional_Integration_CAS.tex:1.3
--- loncom/html/adm/help/tex/Institutional_Integration_CAS.tex:1.2	Thu Mar 26 22:15:20 2015
+++ loncom/html/adm/help/tex/Institutional_Integration_CAS.tex	Sun Dec 30 13:47:39 2018
@@ -1,16 +1,18 @@
 \label{Institutional_Integration_CAS}
 
 The procedure for enabling institutional Single Sign On (SSO) via a central authentication 
-service (CAS) that is not Shibboleth involves building or installing an Apache module provided 
-by you institution, and then modifying an Apache configuration file on your LON-CAPA server to
-(a) load the module, and (b) configure LON-CAPA to use it, by default, when unauthenticated users 
-access /adm/roles.
+service (CAS) that is not Shibboleth involves building or installing a CAS Apache module. 
+That module might be a home-grown CAS-type module provided by your institution, or it might be 
+the standard mod_auth_cas module, available from the Apereo CAS project (see:
+https://github.com/apereo/mod\_auth\_cas ). In addition, you will need to modify the Apache 
+configuration for your LON-CAPA server to (a) load the module, and (b) configure LON-CAPA
+to use it, by default, when unauthenticated users access /adm/roles.
 
 If your server will be part of the cluster of collaborating institutions, it is possible
 that users from other LON-CAPA domains might visit your server to log-in to LON-CAPA.
 To support that possibility, it is recommended that the CAS log-in page includes a link to point 
 back at /adm/login on your LON-CAPA server, and the link is identified as one to be followed by 
-users from other domains.  See: https://loncapa.msu.edu/adm/roles for an example.
+users from other domains.  See: https://loncapa.msu.edu/adm/roles, for an example.
 
 In order for Apache to use your CAS system you need to set the PerlVar lonOtherAuthen to yes,
 and provide the default domain for SSO users and the authentication type (i.e., the name of
@@ -22,16 +24,16 @@
 
 \begin{verbatim}
 PerlSetVar lonOtherAuthen yes
-PerlSetVar lonOtherAuthenType MyCAS
+PerlSetVar lonOtherAuthenType CAS
 PerlSetVar lonSSOUserDomain <dom>
 
-LoadModule mod_sentinel modules/mod_mycas.so
+LoadModule auth_cas_module modules/mod_auth_cas.so
 \end{verbatim}
 
-where $<$dom$>$ is your domain, and mod\_mycas.so is ths name of the CAS shared object. 
-You might put the config file (mycas.conf) in: /etc/httpd/conf.d/ 
+where $<$dom$>$ is your domain, and mod\_auth\_cas.so is the name of the CAS shared object. 
+You might put the config file (cas.conf) in: /etc/httpd/conf.d/ 
 (CentOS/Red Hat/Scientific Linux), or in /etc/apache2/conf.d/ (SuSE/SLES) or 
-/etc/apache2/conf-available (Ubuntu, and enabled with: sudo a2enconf). 
+/etc/apache2/conf-available (Ubuntu, and enabled with: sudo a2enconf).
 
 \item Add a custom Apache config file to include some optional PerlVars (for logout etc.)
 




More information about the LON-CAPA-cvs mailing list