GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → EsupPortail → nginx-auth-cas-lua

EsupPortail / nginx-auth-cas-lua

Licence: other
CAS authentication for nginx, similar to apache mod-auth-cas

Programming Languages

lua
6591 projects

Labels

nginxcas

Projects that are alternatives of or similar to nginx-auth-cas-lua

CAS
修改好的cas单点登录项目
Stars: ✭ 72 (+260%)
Mutual labels:  cas
kernel xiaomi sm8250
CLO Rebased kernel for Xiaomi SM8250 series devices updated to CAF tag LA.UM.9.12.r1-14700-SMxx50 with AOSP android-4.19-stable merged.
Stars: ✭ 111 (+455%)
Mutual labels:  cas
CRISPRCasTyper
CCTyper: Automatic detection and subtyping of CRISPR-Cas operons
Stars: ✭ 43 (+115%)
Mutual labels:  cas
django-uniauth
A Django app for managing CAS and custom user authentication.
Stars: ✭ 39 (+95%)
Mutual labels:  cas
racket-cas
Simple computer algebra system
Stars: ✭ 58 (+190%)
Mutual labels:  cas
cas-overlay-template
Apereo CAS WAR Overlay template
Stars: ✭ 1,057 (+5185%)
Mutual labels:  cas
doit
spring cloud , CAS , JHipster hybrid sample app
Stars: ✭ 14 (-30%)
Mutual labels:  cas
shiro-cas-spring-boot-starter
spring-boot-starter-shiro-cas
Stars: ✭ 16 (-20%)
Mutual labels:  cas
rascas
Computer Algebra System for Racket
Stars: ✭ 20 (+0%)
Mutual labels:  cas
shib-cas-authn3
Integrates an external CAS Server and Shibboleth IdPv3.
Stars: ✭ 21 (+5%)
Mutual labels:  cas
ent
No description or website provided.
Stars: ✭ 33 (+65%)
Mutual labels:  cas
cas-bootadmin-overlay
CAS Spring Boot Admin Server Overlay Template
Stars: ✭ 20 (+0%)
Mutual labels:  cas
lemonldap-ng
LemonLDAP::NG main code
Stars: ✭ 49 (+145%)
Mutual labels:  cas
java-algebra-system
An extensible, intuitive and easy to use algebra system that is capable of algebraic manipulation, simplification, differentiation, and much more. Reverse engineered from TI-nspire CAS.
Stars: ✭ 36 (+80%)
Mutual labels:  cas
cassette
A simple content-addressable storage system for .NET 4.5 and .NET Core
Stars: ✭ 34 (+70%)
Mutual labels:  cas
TairString
A redis module, similar to redis string, but you can set expire and version for the value. It also provides many very useful commands, such as cas/cad, etc.
Stars: ✭ 99 (+395%)
Mutual labels:  cas
grails-spring-security-cas
No description or website provided.
Stars: ✭ 16 (-20%)
Mutual labels:  cas
cas-management
Apereo CAS Management Web Application
Stars: ✭ 40 (+100%)
Mutual labels:  cas
atomig
Generic and convenient `std` atomics via `Atomic<T>`
Stars: ✭ 32 (+60%)
Mutual labels:  cas
smeagol-galore
A git-based wiki featuring markdown, a WYSIWYG Editor, PlantUML, and much more
Stars: ✭ 21 (+5%)
Mutual labels:  cas
View All Similar Projects ➔

nginx-auth-cas-lua

WARNING, CAS integration is functional, but mileage may vary.

This is a CAS client written entirely using nginx's lua module. It is similar to apache mod_auth_cas.

Installation

Install dependencies

apt install libnginx-mod-http-lua

or

yum install nginx-mod-http-lua

mkdir -p /etc/nginx/lua/resty
cd /etc/nginx/lua/resty/
wget https://raw.githubusercontent.com/ledgetech/lua-resty-http/master/lib/resty/http_headers.lua
wget https://raw.githubusercontent.com/ledgetech/lua-resty-http/master/lib/resty/http_connect.lua
wget https://raw.githubusercontent.com/ledgetech/lua-resty-http/master/lib/resty/http.lua

Install nginx-auth-cas-lua

cd /etc/nginx/lua/
wget https://raw.githubusercontent.com/prigaux/nginx-auth-cas-lua/master/src/cas.lua
wget https://raw.githubusercontent.com/prigaux/nginx-auth-cas-lua/master/src/global_cas_conf.lua

Configuration

  • configure cas_uri in /etc/nginx/lua/global_cas_conf.lua
  • configure various global stuff in nginx config
# needed for resty.http
resolver 8.8.8.8;
lua_ssl_trusted_certificate /etc/ssl/certs/ca-certificates.crt;

lua_package_path '/etc/nginx/lua/?.lua;;';
lua_shared_dict cas_store 10M;
  • protect a location (REMOTE_USER is passed to proxy implicitly):
location /secured {
    access_by_lua_block { require('cas').forceAuthentication() }
    proxy_pass ...;
    ...
}

NB: access_by_lua_block must be before proxy_pass

  • or for FASTCGI protect a location and provide REMOTE_USER explicitly: 
    location /secured {
  access_by_lua_block { require('cas').forceAuthentication() }
  fastcgi_pass ...;
  fastcgi_param REMOTE_USER $http_remote_user;
  ...
}

Known limitations

  • only CAS protocol v2
  • no CAS proxy
  • no CAS single sign out

Various information

  • this work is based on Toshi Piazza's ngx-http-cas-client-lua
  • we could be using ngx.location.capture, but it does not work with HTTP/2.
  • with apache mod_auth_cas, you can not protect both in apache and in backend: mod_auth_cas will always validate the ticket, even if its session is valid. The current nginx-auth-cas-lua code does not have this limitation. NB: if the backend ask for proxy tickets, either use a different url to receive pgtIou, or use
if ($remote_addr !~ "^192[.]168[.]1[.](56|57)$") { # if request is from CAS, let it go to the backend unauthenticated (needed for pgtIOU)
    access_by_lua_block { require('cas').forceAuthentication() }
}
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].