view release on metacpan or  search on metacpan

lib/Apache2/AuthCASpbh.pm  view on Meta::CPAN

Use a different logging level for debugging messages generated by AuthCASpbh
rather than the default "debug", allowing visibility into internal operation
without being overwhelmed by debugging output from unrelated components.
Messages can be logged at any supported Apache level, for example:

	AuthCAS_DebugLevel warn

=item C<AuthCAS_LoginPath>

The URL component added after the AuthCAS_ServerURL value to access the CAS
login service; by default "/login".

=item C<AuthCAS_PGTCallback>

The location of the callback used by the configured CAS server when the request
of a proxy granting ticket is enabled. By default, it is the relative URL
"/cas_pgt" on the server running AuthCASpbh; however, it could also be a fully
qualified URL to point it to an arbitrary location:

	AuthCAS_PGTCallback https://some.other.server/cas_pgt

The URL must be served by L<Apache2::AuthCASpbh::ProxyCB> or a compatible
mechanism that will store the proxy ticket information into the global
AuthCASpbh session.

=item C<AuthCAS_PGTIOU_TTL>

The amount of time in seconds that a proxy granting ticket IOU to proxy
granting ticket value mapping will be maintained in the AuthCASpbh global
session. By default it is 10 seconds, and it is unlikely that value would need
to be overridden in normal circumstances.


=item C<AuthCAS_ProxyAllow>

A list of proxy servers to allow access to the AuthCASpbh protected application
if proxied authentication is desired. Proxied authentication is only enabled
if at least one of AuthCAS_ProxyAllow or AuthCAS_ProxyAllowRE is configured for
the location being accessed. For example:

	AuthCAS_ProxyAllow https://my.frontend.server/cas

=item C<AuthCAS_ProxyAllowRE>

A list of regular expressions to be compared to connecting proxy server to
determine whether or not to allow access to the AuthCASpbh protected
application. Proxied authentication is only enabled if at least one of
AuthCAS_ProxyAllow or AuthCAS_ProxyAllowRE is configured for the location being
accessed. For example:

        AuthCAS_ProxyAllow ^https://[^/]+\.my\.domain/

=item C<AuthCAS_ProxyPath>

The URL component added after the AuthCAS_ServerURL value to access the CAS
proxy ticket issuing service; by default "/proxy".

=item C<AuthCAS_ProxyRequire>

If proxied authentication is enabled, only allow access via proxy credentials,
not direct access by a user; by default disabled.

=item C<AuthCAS_ProxyValidatePath>

The URL component added after the AuthCAS_ServerURL value to access the CAS
proxy ticket validation service; by default "/proxyValidate".
=item C<AuthCAS_RemoveServiceTicket>

Whether or not to remove the ticket parameter from the request arguments (eg,
query string) after it is processed; by default disabled. Note that the value
is only removed from the Apache args variable, not from the unparsed URI; if an
application directly accesses the unparsed URI it will still see the value.

=item C<AuthCAS_RequestPGT>

Whether or not to request a proxy granting ticket when a client service ticket
is validated; by default disabled.

=item C<AuthCAS_ServerURL>

The URL value to access the CAS authentication server; by default
"http://localhost/cas". For example:

	AuthCAS_ServerURL https://idp.my.domain/idp/profile/cas


=item C<AuthCAS_ServiceOverride>

A URL with which to override the computed service URL used when redirecting to
the CAS login page or validating a supplied service ticket. For example:

	AuthCAS_ServiceOverride https://my.service/cas-login


=item C<AuthCAS_ServiceValidatePath>

The URL component added after the AuthCAS_ServerURL value to access the CAS
ticket validation service; by default "/serviceValidate".


=item C<AuthCAS_SessionCleanupInterval>

How frequently (in seconds) to remove expired authentication sessions and
examine the global session to remove orphaned expired proxy ticket mappings; by
default 3600 seconds.

=item C<AuthCAS_SessionCookieName>

The name of the cookie sent to the client to store the AuthCASpbh session
identifier; by default "AuthCAS_Session".

=item C<AuthCAS_SessionCookiePath>

An optional path to include in the session cookie.

=item C<AuthCAS_SessionCookieSecure>

Whether or not to set the secure flag on the session cookie; by default
enabled.