NAME

AuthCASpbh::Authz - CAS SSO authorization for Apache/mod_perl

SYNOPSIS

        PerlModule Apache2::AuthCASpbh::Authz
        PerlAddAuthzProvider cas-attribute Apache2::AuthCASpbh::Authz->authz_attribute
        PerlAddAuthzProvider cas-attribute-re Apache2::AuthCASpbh::Authz->authz_attribute_re
        <Location "/myapp">
                Require cas-attribute memberOf uid=foo,ou=group,dc=example,dc=edu
                Require cas-attribute-re memberOf ^uid=[^,]+-admin,ou=group,dc=example,dc=edu$
                Require cas-attribute department IT Engineering Helpdesk
        </Location>

DESCRIPTION

AuthCASpbh::Authz provides CAS authorization for Apache/mod_perl. It can be used to control access to Apache resources using the authentication and attributes provided by Apache::AuthCASpbh::Authn. Its operation can be managed by the configuration variables described in Apache::AuthCASpbh.

Supported require directives

cas-attribute attribute_name [attribute_value]...

Control access based on specific values for CAS attributes; access is granted if the attribute listed contains one of the values listed. If no values are listed, access is granted if the attribute exists.

cas-attribute-re attribute_name regex...

Control access based on regular expression matching against the listed CAS attribute. Access is granted if any values of the attribute match any of the provided regular expressions.

AVAILABILITY

AuthCASpbh is available via CPAN as well as on GitHub at

https://github.com/pbhenson/Apache2-AuthCASpbh

AUTHOR

Copyright (c) 2018, Paul B. Henson <henson@acm.org>

This file is part of AuthCASpbh.

AuthCASpbh is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

AuthCASpbh is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with AuthCASpbh. If not, see <http://www.gnu.org/licenses/>.

SEE ALSO

Apache2::AuthCASpbh - Overview and configuration details

Apache2::AuthCASpbh::Authn - Authentication functionality

Apache2::AuthCASpbh::ProxyCB - Proxy granting ticket callback module

Apache2::AuthCASpbh::UserAgent - Proxy authentication client