[cas-dev] mod_auth_cas-0.9.9

Ames, Phillip phillip.ames at uconn.edu
Fri Aug 17 11:07:05 EDT 2007 

Hello,
I have just committed mod_auth_cas-0.9.9 to SVN.  The goal was to solve
some of the issues that Matt and I had brought up surrounding the scope
of validity for the CAS cookies, since mod_auth_cas deals with
applications at a container layer and not the application layer like the
CAS filters in use on some Java apps.

The following directives were added/changed:

Directive:	CASScope
Default:	Off	
Description:
Use this directive with an argument as a relative path (e.g.
/application/) to specify the scope for which a mod_auth_cas cookie is
valid.  This is beneficial to prevent additional round trips to the CAS
server.  Assume someone authenticates to /application/subdir/ and then
browses to /application/ - without CASScope set, each request would
result in a round trip to the CAS server and a new cookie being created
(one for each directory). CASScope would set one cookie, which will be
presented on access to both directories.  Note that if someone accessed
/application/ and then /application/subdir/ this would not be an issue,
but that order of access can not be guaranteed.  To disable this
feature, the special argument 'Off' will return to per-directory cookie
paths for this directory and subdirectories.

Directive: 	CASRenew
Default:	Off
Description:	Use this directive with an argument as a relative path
(e.g. /application/secure/ for
http://www.example.com/application/secure/*) to force a user to renew
their credentials when accessing that directory.  The argument MUST be a
relative path. To disable this requirement, the special argument 'Off'
will disable this requirement for this directory and subdirectories.

Directive: 	CASGateway
Default:	Off
Description:	Use this directive with an argument as a relative path
(e.g. /application/insecure/ for
http://www.example.com/application/insecure/*) to allow anonymous access
to that directory. The argument MUST be a relative path. To disable this
feature, the special argument 'Off' will reinstate the requirement for
authentication.

Let me know if you experience any problems.  There is no need to upgrade
to this version unless you are dissatisfied with how your current
installation handles "Renew" and "Gateway"

-Phil

More information about the cas-dev mailing list