...
mod_auth_cas (for Apache)
Very similar to process above but ended up being less invasive in our environment. Also, in 10.1.1, it appears that ctrl_auth::RequireUser() requires an additional parameter. Code for phpCAS needs minor modification but I've not tested the change.
Info |
---|
Ensure you have at least 1 CAS user configured in ZPanel as an admin prior to proceeding. You will be locked out if the username in ZPanel does not match the username CAS returns after successful auth. |
- Install and configure both ZPanel and mod_auth_cas for Apache
- README for mod_auth_cas is very useful
- At a high level, you need to:
- Build mod_auth_cas on your ZPanel server
- Configure your ZPanel server's Apache instance to use mod_auth_cas
- Make sure mod_auth_cas is configured to protect the ZPanel directory (%zpanel-root%/panel - typically /etc/zpanel/panel)
- Use .htaccess or the main Apache
- configuration
Code Block language text title CAS Authentication Sample AuthType CAS require user someuser
- Edit ZPanel's auth.class.php as follows: (%zpanel-root%/panel/dryden/ctrl/auth.class.php - typically /etc/zpanel/panel/dryden/ctrl/auth.class.php)
- Make ZPanel use REMOTE_USER (set by CAS) for authentication
- Before
Add self::Authenticate line to beginning of RequireUser() as follows
Code Block language php title auth.class.php -> static function RequireUser() static function RequireUser() { //Modifications for CAS login self::Authenticate($_SERVER['REMOTE_USER'], $_COOKIE['zPass'], false, true, false); //End modifications for CAS login global $zdbh; if (!isset($_SESSION['zpuid'])) { if (isset($_COOKIE['zUser'])) { if (isset($_COOKIE['zSec'])) {
Remove password line from SQL and change array near beginning of Authenticate() as follows:
AfterCode Block language php title auth.class.php -> static function Authenticate static function Authenticate($username, $password, $rememberme = false, $iscookie = false, $sessionSecuirty) {
global $zdbh; $sqlString = "SELECT * FROM x_accounts WHERE ac_user_vc = :username AND ac_enabled_in = 1 AND ac_deleted_ts IS NULL"; $bindArray = array(':username' => $username);
- Before
That should be all
Navigate to your ZPanel URL and you should receive a CAS login screen
Login via CAS and you will see your ZPanel account
- Make ZPanel use REMOTE_USER (set by CAS) for authentication