How can I use CAS to secure my website for on-campus access only?

This FAQ was last modified on: Tuesday, August 14, 2018 02:02pm
Category: 

What is the benefit of this type of authentication?

Georgia Tech uses the Central Authentication System (CAS) to provide a centrally managed, single sign-on solution for campus web applications.  WebHosting has integrated CAS support into the basic server configuration, which allows you to use CAS to restrict access to authenticated Georgia Tech users.

Requirements:

1. mod_auth_cas enabled on your hosting account (All of the web hosting accounts on Plesk have mod_auth_cas enabled globally.)

2. Please submit a request to support@oit.gatech.edu to have the proxy of your site set up for CAS authentication. (Note: Nginx is running in front of Apache on OIT Plesk Web Hosting, therefore, Nginx will interfere with this type of authentication. OIT Web Hosting team can create a rule to overwrite the Proxy from Nginx for your site specifically.) 

What do you need to do to be able to use this authentication feature?

This method uses the mod_cas module for securing directories and files. However, this method does not work for integrated applications such as Drupal or Wordpress. To secure a directory simply create a .htaccess file in the directory and add the following 2 lines:

AuthType Cas

Require valid-user

 

Save the file and the system will automatically see this file on the next request and will validate the user who accesses with CAS.  Using the CAS redirect method involves sending the user to the GT Login Service at login.gatech.edu. The identity of the authenticated user is available via the REMOTE_USER environment variable.

...