Basic Auth in your LA node without CAS - AtlasOfLivingAustralia/documentation Wiki

If you need to use LA software without CAS Authentication System (for instance in an initial deploy) you need two main steps to protect your /admin/ web interfaces:

Take into account that without CAS there are several things that nowadays will not work in your services like:

Basic Apache Authentication in LA

Lets use collectory service as a sample. You have to get what is authenticated by default via CAS, so we do:

$ grep uri_filter_pattern ansible/roles/collectory/templates/config/*
security.cas.uriFilterPattern={{ collectory_uri_filter_pattern | default('/admin.*,/admin/.*,/admin/.*/.*,/collection.*,/institution.*,/contact.*,/reports.*,/providerCode.*,/providerMap.*,/dataProvider.*,/dataResource.*,/dataHub.*,/manage/.*') }}

and transform this filter in some Basic Auth (in this example using Apache).

You need to a2enmod include for using includes.

Use passwd to create a manage users in, for instance, in /etc/apache2/la-users-password.

Later create /etc/la directory and something like:

# /etc/la/basic-auth.conf
AuthType Basic
AuthName "Authentication Required"
AuthUserFile /etc/apache2/la-users-password
  Require env noauth
  Require env REDIRECT_noauth
  Require valid-user

And create an admin-collectory.conf file requesting auth for each previous CAS filter.

# /etc/la/admin-collectory.conf
<Location /admin>
  Include /etc/la/basic-auth.conf
<Location /collection>
  Include /etc/la/basic-auth.conf
<Location /institution>
  Include /etc/la/basic-auth.conf
<Location /manage>
  Include /etc/la/basic-auth.conf

this sample is truncated.

Later you have to include /etc/la/admin-collectory.conf in your collectory vhost configuration, like:

<VirtualHost *:443>
  Include /etc/la/admin-collectory.conf

  ErrorLog ${APACHE_LOG_DIR}/error.log

Disabling CAS in your inventories

Later you have to leave blank the previous security.cas.uriFilterPattern in each service and disable CAS.

For instance in collectory, after running ansible you should get something like:


in your /data/ala-collectory/config/

Take into account that each service has a different ansible var name for this filter. So with:


adapted to your inventory/ies you'll disable CAS in these services.

In the future, if you install a CAS system, you can comment these filters (son ansible will use the default filter value), and set bypass_cas=false to enable CAS authentication.