...
Very similar to process above but ended up being less invasive in our environment. Also, in ZPanel 10.1.1, it appears that ctrl_auth::RequireUser() requires an additional parameter. Code for phpCAS needs minor modification but I've not tested the change.
...
- Install and configure both ZPanel and mod_auth_cas for Apache
- README for mod_auth_cas is very useful
- At a high level, you need to:
- Build mod_auth_cas on your ZPanel server
- Configure your ZPanel server's Apache instance to use mod_auth_cas
- Make sure mod_auth_cas is configured to protect the ZPanel directory (%zpanel-root%/panel - typically /etc/zpanel/panel)
- Use .htaccess or the main Apache configuration
Code Block language text title CAS Authentication Sample AuthType CAS require user someuser
- Edit ZPanel's auth.class.php as follows: (%zpanel-root%/panel/dryden/ctrl/auth.class.php - typically /etc/zpanel/panel/dryden/ctrl/auth.class.php)
- Make ZPanel use REMOTE_USER (set by CAS) for authentication
Add self::Authenticate line to beginning of RequireUser() as follows
Code Block language php title auth.class.php -> static function RequireUser() static function RequireUser() { //Modifications for CAS login self::Authenticate($_SERVER['REMOTE_USER'], $_COOKIE['zPass'], false, true, false); //End modifications for CAS login global $zdbh; if (!isset($_SESSION['zpuid'])) { if (isset($_COOKIE['zUser'])) { if (isset($_COOKIE['zSec'])) {
Remove password line from SQL and change array near beginning of Authenticate() as follows:
Code Block language php title auth.class.php -> static function Authenticate static function Authenticate($username, $password, $rememberme = false, $iscookie = false, $sessionSecuirty) { global $zdbh; $sqlString = "SELECT * FROM x_accounts WHERE ac_user_vc = :username AND ac_enabled_in = 1 AND ac_deleted_ts IS NULL"; $bindArray = array(':username' => $username);
That should be all
Navigate to your ZPanel URL and you should receive a CAS login screen
Login via CAS and you will see your ZPanel account
- Make ZPanel use REMOTE_USER (set by CAS) for authentication