...
Download and Install the CAS ISAPI Filter
...
width | 30% |
---|
- Download the CAS ISAPI Installer from https://confluence.ucdavis.edu:8443/confluence/x/eFY
- Run the installer.
...
- The installer now starts with valid default values for all required settings that will result in your entire site being protected by the UC Davis production CAS server. If you wish to customize the settings this table will provide you with information on their function:
Parameter
Description
Default
CAS Server URL
The base URL of the CAS server
https://cas.ucdavis.edu/cas
...
width | 70% |
---|
...
Session Timeout
The time in minutes each local session should last before requiring a roundtrip to the CAS server to confirm authenticated status.
4 hours (240 minutes)
Cache Clean Timeout
The time to wait between cleanings of the authentication cache. If you experience out of memory errors, decrease this.
1 hour (60 minutes)
URL(s)
Strings to match against requested URLS. When matched, CAS authentication is enforced.
/ (Matches all URLs)
CAS Login Path
The path to the login URL on the CAS server
login
CAS Validation Path
The path to the validation URL on the CAS server
serviceValidate
Service URL
When set, users will be directed back to this URL during the initial authentication step.
not set
Authentication Header
The request header that receives the authenticated user ID.
CASUser
Deploy the CAS Filter to your Web Site
...
Windows Server 2003 and earlier | Windows Server 2008 |
---|---|
|
...
|
...
|
...
|
...
|
...
|
...
|
...
|
Column | ||
---|---|---|
| ||
|
# |
Done!
That's it! Test your new protection scheme by using a Web browser to try and access a URL on your Web server with one of the protected path settings you set in this installer. It should redirect you to your CAS authentication server. You can also verify that the dll was loaded correctly by following steps a-f above and checking the status of the recently entered filter. It should have a green arrow to the left pointing up. If not, something would not let the filter load. Check the configuration file and all relevant files listed therein, as well as the location of the dll.
Accessing the authenticated user id
Currently, the The CAS ISAPI module sets a header variable called the "CAS-User" before passing the request on to IISheader by default, this can be overridden during the installation process. In any server-side processing script (ASP, ASP.NET, .NET, Cold Fusion) you will be able to access this variable to get the authenticated user id. Note: Do not use "remote_user" as the header value, Windows asserts complete control over this header and any settings by the ISAPI module will be discarded by Windows.