# sample pam_cas config

# host from CAS server. mandatory
host %%authWebName

# port from CAS server. Default to 80 or 443, depends from ssl instruction
port 443

# uri to validate ticket. Default to /proxyValidate
uriValidate /proxyValidate

# https or no. values on or off. Default to on.
ssl on

# debug (on) or no (off). debug in syslog, level LOG_DEBUG. Default to off
debug off

# proxy or proxies who deliver Proxy Ticket.
# If no proxy, pam_cas doesn't control it
# It may be several proxy instructions
#proxy https://%%authWebName/proxycas/casimap.php
#proxy https://imp.its.yale.edu/cas/casProxy.php
#proxy https://uportal1.its.yale.edu/CasProxyServlet
#proxy https://uportal2.its.yale.edu/CasProxyServlet

# trusted_ca. mandatory if ssl on.
# It a file in pem format. It can contents several certificates
# If the CAS server certificate is auto-signed, the file must content the certificate
# If the certificate is trusted by an Certificate Autority, The file must content
#    certificate from high level CA
%if not %%is_empty(%%getVar('ssoCALocation', ''))
trusted_ca %%ssoCALocation
%else
trusted_ca /etc/ssl/certs/ca.crt
%end if