wpCAS
Contents
The Central Authentication Service (CAS) is a single sign-on protocol for the web. Its purpose is to permit a user to log into multiple applications simultaneously and automatically. It also allows untrusted web applications to authenticate users without gaining access to a user’s security credentials, such as a password. The name CAS also refers to a software package that implements this protocol.
wpCAS integrates WordPress or WordPressMU into an established CAS architecture, allowing centralized management and athentication of user credentials in a heterogeneous environment. Authorization of that user’s capabilities is based on native WordPress settings and functions. CAS only authenticates that the user is who s/he claims to be.
Read more, including installation instructions, in the WordPress Plugins Directory.
What happens when users attempt to login?
Users who attempt to login to WordPress are redirected to the central CAS sign-on screen. After the user’s credentials are verified, s/he is then redirected back to the WordPress site. If the CAS username matches the WordPress username, the user is recognized as valid and allowed access.
If the CAS user does not have an account in the WordPress site, an administrator defined function can be called to provision the account or do other actions. By default, CAS users without WordPress accounts are simply refused access.
Can this plugin provision users in WordPress who are authenticated via CAS?
wpCAS makes allows you to call a function to do that, but each environment is different; each environment probably needs its own solution for this. I’ll post the script I use for that soon.
Download & installation
The plugin is hosted in the WordPress Plugins Directory. Look there for download and installation instructions.
Hey, isn’t that…?
This plugin is based in huge part on Stephen Schwink’s CAS Authentication plugin and would be a lot different if I couldn’t lean on Stephen’s excellent work. My primary reasons for branching (under the the terms of the GPL) were that I wanted it to work better with WPMU. And, I needed an easier way to hook-in functions to provision users and wanted to do that while also making it easy to upgrade using SVN (thus the config file).
28 Comments
Comments RSS TrackBack Identifier URI
Leave a comment
Hi Casey – great work on the plugin, got it working first time on a standalone WP installation and looking at implementing it across our some of our WMPU setup, but need to work a bit on managing users. Have you got any examples of provisioning for new users (ie creating a new user in WP if they are authenticated on CAS) or maybe translating some authenticated users to a generic user (one already set up on WP?)
@Paul H:
Your comment kicked me into gear and I just added an example that’s basically what I use. It’s now included with the download and SVN, you can browse it on Trac here:
http://plugins.trac.wordpress.org/browser/wpcas/trunk/provisioning_example.php
Glad you find it useful.
Hi Casey, great work.
Let me suggest a little improvment. I’ve found that the “redirect” works better if you modify wpcas.php as follow:
if ( $user = get_userdatabylogin( phpCAS::getUser())){ // user already exists
// the CAS user has a WP account
wp_set_auth_cookie( $user->ID );
// Standard redirect
if( isset( $_REQUEST['redirect_to'] )) {
wp_safe_redirect( $_REQUEST['redirect_to'] );
exit();
}
// Default redirect to the admin home page
//wp_safe_redirect( admin_url() );
wp_safe_redirect( ‘/wp-admin/’ );
exit();
}else{
I hope this helps,
Luigi
Hi Man,
Can we install multiblogs with your: wpCAS plugin ?
With regards,
Alex
@Alex: It’s compatible with WordPress MU. Does that help?
Hi,
Thx for the plugin. I’ve a question :
whith CAS what is the best solution to transform the admin in a CAS user.
I’ve try to change the name in the database but it’s not sufficient, i must put my login in the function wpmu-functions.php like this : if ($user_login === ‘me’) {return true;} (from : http://www.andrejciho.com/wordpress-mu/wpmu-cas-integration/ )
Thank you
@balecan:
My suggestion is to turn one (or more) of your CAS users into an admin. In WPMU that means going to your WPMU Site Options (site.net/wp-admin/wpmu-options.php) and entering in the user name in the Site Admins field.
I’ve come across a little issue when using the wpcas-conf.php file with WordpressMU:
1) wp-settings.php loads the modules from wp-content/mu-plugins/ using opendir() and readdir(), not necessarily in alphabetical order (not sure what it goes by). There’s no guarantee that the wpcas-conf.php file is read before or after the wpcas.php file. In our case it does read it prior to the wpcas.php file with an “include_once”.
2) Then the wpcas.php file tries to include the wpcas-conf.php file again with a simple “include”. This crashed the execution of wpcas.php without further notice in PHP 5.2.6.
I’ve changed the “include” to “include_once” in wpcas.php and it works fine now.
@Holger Dippel:
Good point. Fixed: http://plugins.trac.wordpress.org/changeset/90024/wpcas/trunk
[...] worth mentioning wpCAS (plugin directory page) in this context. I maintain the plugin and we use it to integrate WPMU with [...]
With 1.04 and 1.05, we have found that users cannot alter their own profiles, at least with WP 2.7. It turns out that user-edit.php clears out the value of pass1 when the document finishes loading so users get presented with these when they submit their changes:
ERROR: You entered your new password only once.
ERROR: Please enter the same password in the two password fields.
I’ve had more luck not even having show_password_fields() put in pass1 and pass2 input fields, and generating a random password with the check_passwords() hook.
Spoke too soon, my old way doesn’t compensate for the clearing. Do you have any suggestions?
@Ben:
Yeah, I created that bug while trying to fix another[1]. I’ll see what I can do.
[1:] http://plugins.trac.wordpress.org/changeset/80423/wpcas/trunk/wpcas.php
HI Mr Bisson,
thank you for the wpcas great plugin, i’ve a question:
i am implementing your plugin with my wpmu and cas server, but the problem is when a search engine(google) search the content of my site it did not show, i cannot verify the google webmaster with them and they said it because my wpmu blog are redirecting to cas server and go back to the blog and the blog header always redirect to cas server header you can look it here http://web-sniffer.net/?url=http%3A%2F%2Fblog.binusian.org&submit=Submit&http=1.1&type=GET&uak=0, here is the forum http://www.google.com/support/forum/p/Webmasters/thread?tid=19df421f463b942a&hl=en -> Question: verification failed on wpmu . Does your plugin always redirect to the cas server even the user did not login ? or i have to custom the wpcas like http://www.andrejciho.com/wordpress-mu/wpmu-cas-integration/#before
Regards,
Adityo
hi ,
i think i have fixed the problem, before i use wpcas plugin 1.03 and i changes it to 1.05 , copy the CAS.php and CAS folder that consist of client.php, domxml-php4-php5.php , languages and PGTStorage to/wp-content/mu-plugins/wpcas but i got this error when i tried to login to wp-login
wpCAS plugin not configured
then i comment wpcas.php line 57 -> /*$wpcas_options['server_path'] == ” ||*/
and i manage to login and googlebot manage to crawling the website http://web-sniffer.net/?url=http%3A%2F%2Fblog.binusian.org&submit=Submit&http=1.1&type=GET&uak=0. Thank you,
Regards,
Adityo
adityo, I had the same problem turns out I didn’t have pear:DB installed.
Now I am getting the following error:
[Thu Apr 09 08:02:34 2009] [error] [client 137.99.80.37] PHP Warning: DOMDocument::loadXML(): Empty string supplied as input in /opt/blogs/wordpress-mu/wp-content/plugins/wpcas/domxml-php4-php5.php on line 42
I have verified that I have a valid CAS ticket.
The function on line 42 is domxml_open_mem($str) and only places this function is called:
client.php: if ( !($dom = domxml_open_mem($text_response))) {
client.php: phpCAS::trace(’domxml_open_mem() failed’);
client.php: if ( !($dom = @domxml_open_mem($cas_response))) {
client.php: phpCAS::trace(’domxml_open_mem() failed’);
client.php: if ( !($dom = domxml_open_mem($text_response))) {
Help!!
I figured out the problem. After sniffing the traffic I realized that the CAS admin gave me the wrong path (1..0). I corrected the path and now CAS authenticated me! Thanks for a great module.
@Ben Stoutenburgh:
1.06 fixes the problem with editing a user’s profile.
http://wordpress.org/extend/plugins/wpcas/
[...] not really part of the Jasig CAS Community (learn more), but I do maintain the wpCAS WordPress CAS client and I’ve started development of a CAS server component for WordPress. That project is on hold [...]
I’m having trouble with 1.06.
I think the problem is the new die() command on line 105 of wpcas.php. It looks like you meant for it to go with the if statement on line 103, but you forgot to add brackets to the if statement.
We are using your library and after login it is returning to the wp-login.php it gives just a blank screen. If I remove the wp-login.php it takes me to the main blog page and I am authenticated. If I disable the plugin, it redirects correctly but of course without the cas login. Do you have any idea of what could be going wrong? Also, what is the simplest way to change the cas/logout?url=http://example.com/blogs to be cas/logout?service=http://example.com/blogs ? When enabled on the CAS server, this will enable the logout to send you back to the blog unauthenticated. The plugin is really nice other than these 2 things. Well done!
Thanks
@Sherwon Harris: I just released a new version that should fix that bug. Please share feedback either way.
I like your logout suggestion. I’ll try to integrate that in the next version.
Hello,
I would like to know if anyone tried to mix the CAS and the basic Wordpress authentication.
I have this need but don’t know how to do … please help.
Thanks by advance.
@bquiller: the plugin isn’t built to mix authentication modes.
Hi,
( first, sorry for my poor english, I’m french )
I’ve tested your plugin for a few days and I like it. I just want to know where I can subscribe to be alerted when a new version is available. Comments RSS on this page ?
Thanks.
Neoh
Hi,,
i did as described in the installation manual, but I don’t get it running. I get this error message: “Class ‘phpCAS’ not found”. It looks like the include of the CAS.php is missing. But adding an include causes this error: “phpCAS error: phpCAS::isAuthenticated(): this method should not be called before phpCAS::client() or phpCAS::proxy()”. I think I am missing something, but don’t know what…
Cheers,
Rouven
Sry, forgot to mention that i meant the provisioning-example.php
[...] wpCAS (long description) [...]