This site requires JavaScript to be enabled
Knowledge Home | Print

Protecting Web CMS content with CAS

Share URL:      Article: KB0000266 Published: 2014-05-14 Last modified: 2017-07-29


How do I protect Web CMS content with CAS?


Often, there's a need to limit access to part or all of a website to just a subset of users with a campus login ID. This is not a function of the Web CMS. Rather it is a function of the site's hosting server. Here is basic information on how to limit access using the campus's central authentication service (CAS).

Although this is not a CMS topic strictly speaking, it is a question that arises periodically. These directions assume your Web host is running Apache 2.2x or you are using the campus virtual web hosting service. If you aren't using the campus webhosting solution, your Apache instance must allow the use of .htaccess files. You also must have a list of campus login id's (UID) for the users who will be allowed access to the protected content. And of course, you must have access to the Apache host or campus virtual webhost with admin rights.


  1. On the server, in the folder to be protected, create a text file named ".htaccess" with these contents:

    AuthType CAS
    AuthName "UC Davis CAS"

    Require valid-user

    AuthGroupFile "/path/to/auth_groups.txt"

    Require group allowed_users
    Require group group_for_other_content
    Require group another_group_of_users
    Satisfy All
  2. For the "Require group" parameter above, replace "allowed_users" with the name of the list of users who will have access to the protected content.
  3. For the "AuthGroupFile" file path, substitute the "/path/to/" with the actual file path where you will store the UIDs of groups of users who will have access to different areas of sites. Usually, you will want to have this path be outside of the webroot directory.
  4. At the file path of your choosing (/path/to/), create a text file called "auth_groups.txt". Each line in this file will contain the name of the user group(s), followed by a colon, followed by a list of the campus UID of each of the authorized users separated by a space:

    allowed_users: uid1 uid2 uid3
    group_for_other_content: uid1 uid2
    another_group_of_users: uid1 uid2

That's all there is to it. You can edit the /path/to/auth_groups file to delta or add user UIDs as needed for any group or add or delete user groups without needing to restart the web service.

Have Knowledge Base feedback?

Email with any suggestions, updates, or comments regarding the UC Davis Knowledge Base.