eole-lemonldap/tmpl/pam_cas_auth.conf

# sample pam_cas config

# host from CAS server. mandatory
host %%authWebName

# port from CAS server. Default to 80 or 443, depends from ssl instruction
port 443

# uri to validate ticket. Default to /proxyValidate
uriValidate /proxyValidate

# https or no. values on or off. Default to on.
ssl on

# debug (on) or no (off). debug in syslog, level LOG_DEBUG. Default to off
debug off

# proxy or proxies who deliver Proxy Ticket.
# If no proxy, pam_cas doesn't control it
# It may be several proxy instructions
#proxy https://%%authWebName/proxycas/casimap.php
#proxy https://imp.its.yale.edu/cas/casProxy.php
#proxy https://uportal1.its.yale.edu/CasProxyServlet
#proxy https://uportal2.its.yale.edu/CasProxyServlet

# trusted_ca. mandatory if ssl on.
# It a file in pem format. It can contents several certificates
# If the CAS server certificate is auto-signed, the file must content the certificate
# If the certificate is trusted by an Certificate Autority, The file must content
#    certificate from high level CA
%if not %%is_empty(%%getVar('ssoCALocation', ''))
trusted_ca %%ssoCALocation
%else
trusted_ca /etc/ssl/certs/ca.crt
%end if
Begin of Eole-SSO replacement work We need to provide what EoleSSO provides. For me this 3 new template have to be placed in a dedicated package like eole-sso-client, this templates are not necessary for the server only usefull for the clients. 2018-03-21 14:13:15 +01:00			`# sample pam_cas config`

			`# host from CAS server. mandatory`
			`host %%authWebName`

			`# port from CAS server. Default to 80 or 443, depends from ssl instruction`
			`port 443`

			`# uri to validate ticket. Default to /proxyValidate`
			`uriValidate /proxyValidate`

			`# https or no. values on or off. Default to on.`
			`ssl on`

			`# debug (on) or no (off). debug in syslog, level LOG_DEBUG. Default to off`
			`debug off`

			`# proxy or proxies who deliver Proxy Ticket.`
			`# If no proxy, pam_cas doesn't control it`
			`# It may be several proxy instructions`
Remove all references to eole-sso variable 2018-03-21 14:21:46 +01:00			`#proxy https://%%authWebName/proxycas/casimap.php`
Begin of Eole-SSO replacement work We need to provide what EoleSSO provides. For me this 3 new template have to be placed in a dedicated package like eole-sso-client, this templates are not necessary for the server only usefull for the clients. 2018-03-21 14:13:15 +01:00			`#proxy https://imp.its.yale.edu/cas/casProxy.php`
			`#proxy https://uportal1.its.yale.edu/CasProxyServlet`
			`#proxy https://uportal2.its.yale.edu/CasProxyServlet`

			`# trusted_ca. mandatory if ssl on.`
			`# It a file in pem format. It can contents several certificates`
			`# If the CAS server certificate is auto-signed, the file must content the certificate`
			`# If the certificate is trusted by an Certificate Autority, The file must content`
			`# certificate from high level CA`
			`%if not %%is_empty(%%getVar('ssoCALocation', ''))`
Remove all references to eole-sso variable 2018-03-21 14:21:46 +01:00			`trusted_ca %%ssoCALocation`
Begin of Eole-SSO replacement work We need to provide what EoleSSO provides. For me this 3 new template have to be placed in a dedicated package like eole-sso-client, this templates are not necessary for the server only usefull for the clients. 2018-03-21 14:13:15 +01:00			`%else`
			`trusted_ca /etc/ssl/certs/ca.crt`
			`%end if`