ARCHIVED: About the IUauth retirement on Webserve

This content has been archived, and is no longer maintained by Indiana University. Information here may no longer be accurate, and links may no longer be available or reliable.

In 2015, IUauth will be retired on Webserve. Following is a brief overview of the retirement and instructions for migrating to CAS authentication.

Overview

Webserve currently supports IUauth to restrict access to IU users via .htaccess on the secure server only (see Control web page access for Pages). IUauth is being retired, and the replacement authentication method will be CAS. CAS authentication will work similarly to IUauth, giving the ability to restrict access to IU users via .htaccess, but should be much more familiar to users.

CAS allows a user to log in once and access any CAS-based websites without having to log in again, as long as the session remains active. CAS also gives users a familiar IU-branded screen that they can trust while logging in. Developers will find it easier to integrate CAS into websites using .htaccess, rather than hard coding each restricted page.

CAS and IUauth will co-exist through September 2014 to permit you to make the necessary updates, but IUauth will be retired in October 2014. This change will have no noticeable effect on your account other than users logging in through CAS rather than the old pop-up login.

Note:

To stay informed or provide feedback about IU Login, or to ask questions about developing with it, use the auth-discuss-l mailing list. To subscribe, send email to auth-discuss-l-subscribe@iu.edu.

Migrating from IUauth to CAS

Edit the .htaccess file:

If you are using IUauth in .htaccess, it may look like this:

   AuthUserFile IUauth
   AuthGroupFile /dev/null
   AuthType Basic
   AuthName "IU Network ID"
 
   <Limit GET POST>
   require valid-user
   </Limit>

Make the following changes:
1. Remove the line AuthUserFile IUauth.
2. Replace AuthType Basic with AuthType CAS.

Your new .htaccess file should look like this:

   AuthGroupFile /dev/null
   AuthType CAS
   AuthName "IU Network ID"
 
   <Limit GET POST>
   require valid-user
   </Limit>

Locate and manage IUauth methods in your account

You can use an application utility to identify all locations within the wwws directory where an .htaccess file uses the IUauth method.

Notes:

You can run this command from any directory within your account. Regardless of where you run it, the utility will search your entire wwws directory. (Since IU authentication can't be done in the www directory, the only files impacted by this change are those within the wwws directory of the account.)
You must use a command line program to run this utility, such as PuTTY; see ARCHIVED: Use PuTTY to connect to Webserve Mac users can connect to Webserve via a command line prompt by using the Terminal program; see ARCHIVED: Use Terminal to connect to Webserve

To run the utility:
1. Log into your Webserve account, and type find_htaccess_problems.
2. The application will display a list of path names that identify where in your account these .htaccess files are and will provide you with a total number of .htaccess files that are using IUAuth in the wwws directory. A file will also be created with all of the output text. The file will be located in your login directory, and named Webtech_htaccess_log.txt.
The application is also capable of converting standard IUauth .htaccess files to use CAS.
1. To do so, type the following:
```
    find_htaccess_problems modify
```
2. The application will make a backup copy of each.htaccess file. It will also report any files it is unable to convert with the following:
```
     ### You must modify this non-standard .htaccess file manually ###
```
3. At this point you should test your website(s) and make sure that CAS authentication is working correctly for each .htaccess file.
Should you encounter any issues, you can revert to the backup copies by running the following:
```
find_htaccess_problems revert
```
If everything tests appropriately, you can remove the backup files by running the following:
```
find_htaccess_problems cleanup
```
Important:

This action will permanently delete the backup files. Make sure everything is working correctly before completing this action.