About CAS and LDAP for websites

• Best practice
• Policy
• Explanation
• More information

---

Best practice

If you need to limit web access to IU accounts, use IU Login with the CAS protocol. If you need to limit web access to IU Active Directory groups, use CAS with LDAP by including .htaccess files in your website's root directory or subdirectories. For instructions for implementing this preferred method of access control, see Control web page access for Pages and Control web page access to Sitehost.

You can limit access to a list of individual accounts if necessary, but you should use an Active Directory group whenever possible. In many cases, an existing Active Directory group will meet your need.

IU Web Framework note: Access to pages and directories on an IU Web Framework site can be restricted using CAS with LDAP and .htaccess files.

Policy

There is currently no IU policy requiring websites to use CAS with LDAP.

However, Security of Information Technology Resources (IT-12) requires that the maintainers of websites and applications "Provide access to only those persons who are otherwise eligible to use Indiana University technology resources, and require all users be identified and authenticated before access is allowed."

Using CAS with LDAP allows for centralized control of access via the addition of members to and the removal of members from an Active Directory group.

Explanation

Many university websites need to be accessible to the public, but some content and forms need to be restricted to specific users. IU's CAS with LDAP process allows site owners to leverage a centralized login and access management system to control access to sites, directories, and pages.

For instructions for implementing access control using CAS with LDAP, see Control web page access for Pages and Control web page access to Sitehost.

More information

• Control web page access for Pages
• Control web page access to Sitehost