Versions Compared

Old Version 2

changes.mady.by.user Neil Sabol

Saved on

compared with

New Version 3

changes.mady.by.user Neil Sabol

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Added instructions for mod_auth_cas

...

mod_auth_cas (for Apache)

Very similar to process above but ended up being less invasive in our environment. Also, in 10.1.1, it appears that ctrl_auth::RequireUser() requires an additional parameter. Code for phpCAS needs minor modification but I've not tested the change.

 

Info

Ensure you have at least 1 CAS user configured in ZPanel as an admin prior to proceeding. You will be locked out if the username in ZPanel does not match the username CAS returns after successful auth.

 

  1. Install and configure both ZPanel and mod_auth_cas for Apache
    1. README for mod_auth_cas is very useful
    2. At a high level, you need to:
      1. Build mod_auth_cas on your ZPanel server
      2. Configure your ZPanel server's Apache instance to use mod_auth_cas
  2.  Make sure mod_auth_cas is configured to protect the ZPanel directory (%zpanel-root%/panel - typically /etc/zpanel/panel)
      1. Use .htaccess or the main Apache
      configuration 
      1. configuration


    Code Block
    languagetext
    titleCAS Authentication Sample
    AuthType CAS
require user someuser
  3.  Edit ZPanel's auth.class.php as follows: (%zpanel-root%/panel/dryden/ctrl/auth.class.php - typically /etc/zpanel/panel/dryden/ctrl/auth.class.php)
    1. Make ZPanel use REMOTE_USER (set by CAS) for authentication
      1. Before

         

        Add self::Authenticate line to beginning of RequireUser() as follows

        Code Block
        languagephp
        title auth.class.php -> static function RequireUser()
        static function RequireUser()
    {
        //Modifications for CAS login
        self::Authenticate($_SERVER['REMOTE_USER'], $_COOKIE['zPass'], false, true, false);
        //End modifications for CAS login
 
        global $zdbh;
        if (!isset($_SESSION['zpuid'])) {
            if (isset($_COOKIE['zUser'])) {
                if (isset($_COOKIE['zSec'])) {

      2. Remove password line from SQL and change array near beginning of Authenticate() as follows:

        Code Block
        languagephp
        titleauth.class.php -> static function Authenticate
        static function Authenticate($username, $password, $rememberme = false, $iscookie = false, $sessionSecuirty)
    {
        After 
        
        global $zdbh;
        $sqlString = "SELECT * FROM
                      x_accounts WHERE
                      ac_user_vc = :username AND
                      ac_enabled_in = 1 AND
                      ac_deleted_ts IS NULL";
 
        $bindArray = array(':username' => $username);

       

    2. That should be all

      1. Navigate to your ZPanel URL and you should receive a CAS login screen

      2. Login via CAS and you will see your ZPanel account