To enable Central Authentication Service (CAS), edit user.txt and add lines similar to:
By default, the use of CAS disables EZproxy's normal login methods, including the presentation of the login menu.
This form also supports the general directives Admin, Allow, Authenticated, Banner, Debug, Deny, Group, Invalid, NoGroups, Refused, Stop, Unknown, User, and UsrVar, plus a specialized version of Test to check tag values using an XPath to specify the tag to check. For example:
Test -RE cas:group (Undergrad|Grad); Group +Student
Test //*/cas:group Employees; Group +Employee
Test /cas:authenticationSuccess/cas:groups/cas:group Staff; Group +Staff
NoGroups; Deny unaffiliated.html
For this example to work, config.txt would need to default the Student, Employee, and Staff groups as well.
The Debug directive tells EZproxy to record additional diagnostic messages to messages.txt. This includes recording the entire XML response from the Service Validation URL, which can help in sorting out which attributes are available to use for making authentication decisions.
In all three tests, the tag cas:group is being tested. The first and second tests use an identical search to locate tags, as EZproxy assumes a search from the root across all nodes if no path information is included. The third test uses an absolute path to the tag.