How can I use mod_auth_cas to authenticate Moodle?how to authenticate once for multiple servers, using only apache configs?Single-Signon options for Exchange 2010Office 365 SSO external DNS redirectCertificates when using cas+apache (mod_auth_cas)Cas-protected site behind apache reverse proxyHow to stop Apache HTTPS ReverseProxy passing basic auth to TomCatApache/Tomcat Webserver using AJP Proxy - How to rewrite/redirect URLApache basic auth with LDAP and reverse proxyIssue to get Cookie: JSESSIONID and auth_cookiewp-admin redirect loop when behind apache reverse proxy
Payment instructions allegedly from HomeAway look fishy to me
What's up with this leaf?
Scrum Master role: Reporting?
When conversion from Integer to Single may lose precision
The eyes have it
Why doesn’t a normal window produce an apparent rainbow?
How Can I Tell The Difference Between Unmarked Sugar and Stevia?
Avoiding cliches when writing gods
Is open-sourcing the code of a webapp not recommended?
How to tell your grandparent to not come to fetch you with their car?
Magento 2: PWA sample data installation error
Comparing and find out which feature has highest shape area in QGIS?
Frame failure sudden death?
Print the string equivalents of a phone number
Give a short name / nick name to a printer in iOS?
Why only the fundamental frequency component is said to give useful power?
bash for loop multiple number ranges
Can anyone identify this tank?
Was the Tamarian language in "Darmok" inspired by Jack Vance's "The Asutra"?
Russian equivalents of "no love lost"
PTFE detoriation temperature
Is an early checkout possible at a hotel before its reception opens?
C++ compiler optimization of unused string
Should an arbiter claim draw at a K+R vs K+R endgame?
How can I use mod_auth_cas to authenticate Moodle?
how to authenticate once for multiple servers, using only apache configs?Single-Signon options for Exchange 2010Office 365 SSO external DNS redirectCertificates when using cas+apache (mod_auth_cas)Cas-protected site behind apache reverse proxyHow to stop Apache HTTPS ReverseProxy passing basic auth to TomCatApache/Tomcat Webserver using AJP Proxy - How to rewrite/redirect URLApache basic auth with LDAP and reverse proxyIssue to get Cookie: JSESSIONID and auth_cookiewp-admin redirect loop when behind apache reverse proxy
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;
What I want
For various reasons, I'd like to see the following authentication procedure work:
- go to moodle.blah.bla
- Apache asks for your login information via mod_auth_cas
- Once authenticated, Apache sends you to moodle.blah.bla/login/index.php?authCAS=CAS
- Moodle then sends you to your CAS server which is already authenticated
- CAS sends you back to moodle as an authenticated user.
What I have
Currently I have confirmed that mod_auth_cas does authenticate my user. I also have successfully authenticated Moodle using their CAS plugin.
The problem
Where I am stuck is putting the two things together.
First, once mod_auth_cas authenticates you, I'm not sure how to send the user on to the correct Moodle url.
Second, when I manually browse to the Moodle CAS auth link, it ends up sending me into a redirect loop.
Firefox has detected that the server is redirecting the request for this address in a way that will never complete.
And Chromium:
ERR_TOO_MANY_REDIRECTS
My thoughts on the problem
For the first issue, I would think that I'd want to redirect only when a specific header is set. Except that I think the header would stick around until the end of the session, thus triggering a redirect for every single page...
For the second issue, is the ticket from mod_auth_cas getting invalidated and thus apache is trying to send me back to the cas server? Even though we just came from there... Which would be a redirect loop.
Any other suggestions on how to get his working?
Server config and specs
My server is running:
- Ubuntu 14.04
- Apache 2.4
- http://packages.ubuntu.com/trusty/libapache2-mod-auth-cas
- Moodle 2.8+
In my vhost:
CASValidateServer Off
CASLoginURL https://casserver/cas/login
CASValidateURL https://casserver/cas/serviceValidate
<LocationMatch "/.*">
AuthType CAS
require valid-user
</LocationMatch>
Moodle is configured to use CAS 2.0.
The CAS server is running 4.x.
apache-2.4 single-sign-on cas moodle
asked Aug 3 '15 at 18:28
David R.David R.
3122416
add a comment |
What I want
For various reasons, I'd like to see the following authentication procedure work:
- go to moodle.blah.bla
- Apache asks for your login information via mod_auth_cas
- Once authenticated, Apache sends you to moodle.blah.bla/login/index.php?authCAS=CAS
- Moodle then sends you to your CAS server which is already authenticated
- CAS sends you back to moodle as an authenticated user.
What I have
Currently I have confirmed that mod_auth_cas does authenticate my user. I also have successfully authenticated Moodle using their CAS plugin.
The problem
Where I am stuck is putting the two things together.
First, once mod_auth_cas authenticates you, I'm not sure how to send the user on to the correct Moodle url.
Second, when I manually browse to the Moodle CAS auth link, it ends up sending me into a redirect loop.
Firefox has detected that the server is redirecting the request for this address in a way that will never complete.
And Chromium:
ERR_TOO_MANY_REDIRECTS
My thoughts on the problem
For the first issue, I would think that I'd want to redirect only when a specific header is set. Except that I think the header would stick around until the end of the session, thus triggering a redirect for every single page...
For the second issue, is the ticket from mod_auth_cas getting invalidated and thus apache is trying to send me back to the cas server? Even though we just came from there... Which would be a redirect loop.
Any other suggestions on how to get his working?
Server config and specs
My server is running:
- Ubuntu 14.04
- Apache 2.4
- http://packages.ubuntu.com/trusty/libapache2-mod-auth-cas
- Moodle 2.8+
In my vhost:
CASValidateServer Off
CASLoginURL https://casserver/cas/login
CASValidateURL https://casserver/cas/serviceValidate
<LocationMatch "/.*">
AuthType CAS
require valid-user
</LocationMatch>
Moodle is configured to use CAS 2.0.
The CAS server is running 4.x.
apache-2.4 single-sign-on cas moodle
asked Aug 3 '15 at 18:28
David R.David R.
3122416
add a comment |
What I want
For various reasons, I'd like to see the following authentication procedure work:
- go to moodle.blah.bla
- Apache asks for your login information via mod_auth_cas
- Once authenticated, Apache sends you to moodle.blah.bla/login/index.php?authCAS=CAS
- Moodle then sends you to your CAS server which is already authenticated
- CAS sends you back to moodle as an authenticated user.
What I have
Currently I have confirmed that mod_auth_cas does authenticate my user. I also have successfully authenticated Moodle using their CAS plugin.
The problem
Where I am stuck is putting the two things together.
First, once mod_auth_cas authenticates you, I'm not sure how to send the user on to the correct Moodle url.
Second, when I manually browse to the Moodle CAS auth link, it ends up sending me into a redirect loop.
Firefox has detected that the server is redirecting the request for this address in a way that will never complete.
And Chromium:
ERR_TOO_MANY_REDIRECTS
My thoughts on the problem
For the first issue, I would think that I'd want to redirect only when a specific header is set. Except that I think the header would stick around until the end of the session, thus triggering a redirect for every single page...
For the second issue, is the ticket from mod_auth_cas getting invalidated and thus apache is trying to send me back to the cas server? Even though we just came from there... Which would be a redirect loop.
Any other suggestions on how to get his working?
Server config and specs
My server is running:
- Ubuntu 14.04
- Apache 2.4
- http://packages.ubuntu.com/trusty/libapache2-mod-auth-cas
- Moodle 2.8+
In my vhost:
CASValidateServer Off
CASLoginURL https://casserver/cas/login
CASValidateURL https://casserver/cas/serviceValidate
<LocationMatch "/.*">
AuthType CAS
require valid-user
</LocationMatch>
Moodle is configured to use CAS 2.0.
The CAS server is running 4.x.
apache-2.4 single-sign-on cas moodle
asked Aug 3 '15 at 18:28
David R.David R.
3122416
What I want
For various reasons, I'd like to see the following authentication procedure work:
- go to moodle.blah.bla
- Apache asks for your login information via mod_auth_cas
- Once authenticated, Apache sends you to moodle.blah.bla/login/index.php?authCAS=CAS
- Moodle then sends you to your CAS server which is already authenticated
- CAS sends you back to moodle as an authenticated user.
What I have
Currently I have confirmed that mod_auth_cas does authenticate my user. I also have successfully authenticated Moodle using their CAS plugin.
The problem
Where I am stuck is putting the two things together.
First, once mod_auth_cas authenticates you, I'm not sure how to send the user on to the correct Moodle url.
Second, when I manually browse to the Moodle CAS auth link, it ends up sending me into a redirect loop.
Firefox has detected that the server is redirecting the request for this address in a way that will never complete.
And Chromium:
ERR_TOO_MANY_REDIRECTS
My thoughts on the problem
For the first issue, I would think that I'd want to redirect only when a specific header is set. Except that I think the header would stick around until the end of the session, thus triggering a redirect for every single page...
For the second issue, is the ticket from mod_auth_cas getting invalidated and thus apache is trying to send me back to the cas server? Even though we just came from there... Which would be a redirect loop.
Any other suggestions on how to get his working?
Server config and specs
My server is running:
- Ubuntu 14.04
- Apache 2.4
- http://packages.ubuntu.com/trusty/libapache2-mod-auth-cas
- Moodle 2.8+
In my vhost:
CASValidateServer Off
CASLoginURL https://casserver/cas/login
CASValidateURL https://casserver/cas/serviceValidate
<LocationMatch "/.*">
AuthType CAS
require valid-user
</LocationMatch>
Moodle is configured to use CAS 2.0.
The CAS server is running 4.x.
apache-2.4 single-sign-on cas moodle
apache-2.4 single-sign-on cas moodle
asked Aug 3 '15 at 18:28
David R.David R.
3122416
asked Aug 3 '15 at 18:28
David R.David R.
3122416
asked Aug 3 '15 at 18:28
David R.David R.
3122416
asked Aug 3 '15 at 18:28
David R.David R.
3122416
asked Aug 3 '15 at 18:28
David R.David R.
3122416
3122416
add a comment |
add a comment |
2 Answers
2
active
oldest
votes
Stop trying to use mod_auth_cas with Moodle. Use the CAS plugin in Moodle on its own.
Why are you trying to put the two things together? Moodle's own CAS plugin is quite sufficient on its own.
I believe that when you have mod_auth_cas and Moodle's CAS, the CAS parameters get used by mod_auth_cas and are either unavailable to Moodle's CAS or have already been used by mod_auth_cas. Since CAS tokens are single-use, either case would mean that Moodle's CAS has no chance of working.
If you can disable mod_auth_cas for /login/index.php?authCAS=CAS.*, you might be able to make this work. Getting that <LocationMatch ...>to match everything except the relevant moodle AuthCAS=CAS URLs is a bit beyond what I want to figure out right now, though.
Another possibility is CASGateway /login/ to tell mod_auth_cas to allow anonymous access to the /login/ directory (so that Moodle's CAS might be able to take over in there). I think that works by directories, not URLs, but if that works you could try CASGateway /login/index.php?authCAS=CAS to limit it further.
answered Aug 4 '15 at 17:26
freiheitfreiheit
12.7k13965
Like I said, for various reasons. They're too long to get into in comments, and not relevant to the actual question. I certainly would rather only use Moodle's plugin. But for my purposes, that's not enough.
– David R.
Aug 6 '15 at 16:41
add a comment |
You might check mod_lua since it permits writing login hooks in lua language. That might give you a way to programatically add what is missing.
answered Jul 9 '16 at 23:14
Darko MileticDarko Miletic
12615
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "2"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f710559%2fhow-can-i-use-mod-auth-cas-to-authenticate-moodle%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
Stop trying to use mod_auth_cas with Moodle. Use the CAS plugin in Moodle on its own.
Why are you trying to put the two things together? Moodle's own CAS plugin is quite sufficient on its own.
I believe that when you have mod_auth_cas and Moodle's CAS, the CAS parameters get used by mod_auth_cas and are either unavailable to Moodle's CAS or have already been used by mod_auth_cas. Since CAS tokens are single-use, either case would mean that Moodle's CAS has no chance of working.
If you can disable mod_auth_cas for /login/index.php?authCAS=CAS.*, you might be able to make this work. Getting that <LocationMatch ...>to match everything except the relevant moodle AuthCAS=CAS URLs is a bit beyond what I want to figure out right now, though.
Another possibility is CASGateway /login/ to tell mod_auth_cas to allow anonymous access to the /login/ directory (so that Moodle's CAS might be able to take over in there). I think that works by directories, not URLs, but if that works you could try CASGateway /login/index.php?authCAS=CAS to limit it further.
answered Aug 4 '15 at 17:26
freiheitfreiheit
12.7k13965
Like I said, for various reasons. They're too long to get into in comments, and not relevant to the actual question. I certainly would rather only use Moodle's plugin. But for my purposes, that's not enough.
– David R.
Aug 6 '15 at 16:41
add a comment |
Stop trying to use mod_auth_cas with Moodle. Use the CAS plugin in Moodle on its own.
Why are you trying to put the two things together? Moodle's own CAS plugin is quite sufficient on its own.
I believe that when you have mod_auth_cas and Moodle's CAS, the CAS parameters get used by mod_auth_cas and are either unavailable to Moodle's CAS or have already been used by mod_auth_cas. Since CAS tokens are single-use, either case would mean that Moodle's CAS has no chance of working.
If you can disable mod_auth_cas for /login/index.php?authCAS=CAS.*, you might be able to make this work. Getting that <LocationMatch ...>to match everything except the relevant moodle AuthCAS=CAS URLs is a bit beyond what I want to figure out right now, though.
Another possibility is CASGateway /login/ to tell mod_auth_cas to allow anonymous access to the /login/ directory (so that Moodle's CAS might be able to take over in there). I think that works by directories, not URLs, but if that works you could try CASGateway /login/index.php?authCAS=CAS to limit it further.
answered Aug 4 '15 at 17:26
freiheitfreiheit
12.7k13965
Like I said, for various reasons. They're too long to get into in comments, and not relevant to the actual question. I certainly would rather only use Moodle's plugin. But for my purposes, that's not enough.
– David R.
Aug 6 '15 at 16:41
add a comment |
Stop trying to use mod_auth_cas with Moodle. Use the CAS plugin in Moodle on its own.
Why are you trying to put the two things together? Moodle's own CAS plugin is quite sufficient on its own.
I believe that when you have mod_auth_cas and Moodle's CAS, the CAS parameters get used by mod_auth_cas and are either unavailable to Moodle's CAS or have already been used by mod_auth_cas. Since CAS tokens are single-use, either case would mean that Moodle's CAS has no chance of working.
If you can disable mod_auth_cas for /login/index.php?authCAS=CAS.*, you might be able to make this work. Getting that <LocationMatch ...>to match everything except the relevant moodle AuthCAS=CAS URLs is a bit beyond what I want to figure out right now, though.
Another possibility is CASGateway /login/ to tell mod_auth_cas to allow anonymous access to the /login/ directory (so that Moodle's CAS might be able to take over in there). I think that works by directories, not URLs, but if that works you could try CASGateway /login/index.php?authCAS=CAS to limit it further.
answered Aug 4 '15 at 17:26
freiheitfreiheit
12.7k13965
Stop trying to use mod_auth_cas with Moodle. Use the CAS plugin in Moodle on its own.
Why are you trying to put the two things together? Moodle's own CAS plugin is quite sufficient on its own.
I believe that when you have mod_auth_cas and Moodle's CAS, the CAS parameters get used by mod_auth_cas and are either unavailable to Moodle's CAS or have already been used by mod_auth_cas. Since CAS tokens are single-use, either case would mean that Moodle's CAS has no chance of working.
If you can disable mod_auth_cas for /login/index.php?authCAS=CAS.*, you might be able to make this work. Getting that <LocationMatch ...>to match everything except the relevant moodle AuthCAS=CAS URLs is a bit beyond what I want to figure out right now, though.
Another possibility is CASGateway /login/ to tell mod_auth_cas to allow anonymous access to the /login/ directory (so that Moodle's CAS might be able to take over in there). I think that works by directories, not URLs, but if that works you could try CASGateway /login/index.php?authCAS=CAS to limit it further.
answered Aug 4 '15 at 17:26
freiheitfreiheit
12.7k13965
edited Aug 6 '15 at 20:56
answered Aug 4 '15 at 17:26
freiheitfreiheit
12.7k13965
answered Aug 4 '15 at 17:26
freiheitfreiheit
12.7k13965
answered Aug 4 '15 at 17:26
freiheitfreiheit
12.7k13965
12.7k13965
Like I said, for various reasons. They're too long to get into in comments, and not relevant to the actual question. I certainly would rather only use Moodle's plugin. But for my purposes, that's not enough.
– David R.
Aug 6 '15 at 16:41
add a comment |
Like I said, for various reasons. They're too long to get into in comments, and not relevant to the actual question. I certainly would rather only use Moodle's plugin. But for my purposes, that's not enough.
– David R.
Aug 6 '15 at 16:41
Like I said, for various reasons. They're too long to get into in comments, and not relevant to the actual question. I certainly would rather only use Moodle's plugin. But for my purposes, that's not enough.
– David R.
Aug 6 '15 at 16:41
Like I said, for various reasons. They're too long to get into in comments, and not relevant to the actual question. I certainly would rather only use Moodle's plugin. But for my purposes, that's not enough.
– David R.
Aug 6 '15 at 16:41
add a comment |
You might check mod_lua since it permits writing login hooks in lua language. That might give you a way to programatically add what is missing.
answered Jul 9 '16 at 23:14
Darko MileticDarko Miletic
12615
add a comment |
You might check mod_lua since it permits writing login hooks in lua language. That might give you a way to programatically add what is missing.
answered Jul 9 '16 at 23:14
Darko MileticDarko Miletic
12615
add a comment |
You might check mod_lua since it permits writing login hooks in lua language. That might give you a way to programatically add what is missing.
answered Jul 9 '16 at 23:14
Darko MileticDarko Miletic
12615
You might check mod_lua since it permits writing login hooks in lua language. That might give you a way to programatically add what is missing.
answered Jul 9 '16 at 23:14
Darko MileticDarko Miletic
12615
answered Jul 9 '16 at 23:14
Darko MileticDarko Miletic
12615
answered Jul 9 '16 at 23:14
Darko MileticDarko Miletic
12615
answered Jul 9 '16 at 23:14
Darko MileticDarko Miletic
12615
12615
add a comment |
add a comment |
Thanks for contributing an answer to Server Fault!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f710559%2fhow-can-i-use-mod-auth-cas-to-authenticate-moodle%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
