Please login or register to participate.
Wiki Page

SSO with Apache and mod_auth_cas


Here are some easy steps to archive SSO with I think it works with mod_auth_kerb as well - you just have to alter the login name variable.

  1. Remove the version of the WebServerAuth plugin shipped with from the "products" directory (It doesn't work with REMOTE_USER variables).
  2. Download vanilla WebServerAuth from here: and put it in the "products" dir. i.e. Put the Products.WebServerAuth-1.6.tar.gz (or latest version) into the /home/cynin/buildout/products, run tar -zxvf Products.WebServerAuth-1.6.tar.gz and then from the directory /home/cynin/buildout/products/Products.WebServerAuth-1.6/Products/WebServerAuth# run cp * ../../../WebServerAuth/ -r
  3. Re-run buildout. i.e. cynin:/home/cynin/buildout# bin/buildout -c user.cfg
  4. Install WebServerAuth with portal_quickinstaller in Zope manager. i.e. Log onto Zope manager on http://<<cyninserver>>:8080/manage with admin/secret (secret is the default password if you have not changed). and in Zope Manager under Plone QuickInstaller Tool at  /cynin/portal_quickinstaller, if all has gone well, you will notice WebServer 1.6. Check it and click on button Install to install. After the installation it should move down to the Installed Products section.
  5. Go to acl_users and edit web_server_auth: Alter the login name variable to "HTTP_CAS_USER"

Have fun.

How to get single sign-on working with Apache as a proxy for Zope
Comments (2)
miteshpc Mar 18, 2011 04:49 PM
Has somebody tried doing this for Active Directory based a kerberos authentication. I want to find a way to have office users log on automatically. Something like Sharepoint authentication whereby it picks up domain credentails and logs the user into the sharepoint site.
doshi Nov 27, 2013 12:44 PM
Did you ever got it working? I have just installed this software to play with and wondering if it is possible at all.