wpCAS
Contents
The Central Authentication Service (CAS) is a single sign-on protocol for the web. Its purpose is to permit a user to log into multiple applications simultaneously and automatically. It also allows untrusted web applications to authenticate users without gaining access to a user’s security credentials, such as a password. The name CAS also refers to a software package that implements this protocol.
wpCAS integrates WordPress or WordPressMU into an established CAS architecture, allowing centralized management and athentication of user credentials in a heterogeneous environment. Authorization of that user’s capabilities is based on native WordPress settings and functions. CAS only authenticates that the user is who s/he claims to be.
Read more, including installation instructions, in the WordPress Plugins Directory.
What happens when users attempt to login?
Users who attempt to login to WordPress are redirected to the central CAS sign-on screen. After the user’s credentials are verified, s/he is then redirected back to the WordPress site. If the CAS username matches the WordPress username, the user is recognized as valid and allowed access.
If the CAS user does not have an account in the WordPress site, an administrator defined function can be called to provision the account or do other actions. By default, CAS users without WordPress accounts are simply refused access.
Can this plugin provision users in WordPress who are authenticated via CAS?
wpCAS makes allows you to call a function to do that, but each environment is different; each environment probably needs its own solution for this. I’ll post the script I use for that soon.
Download & installation
The plugin is hosted in the WordPress Plugins Directory. Look there for download and installation instructions.
Hey, isn’t that…?
This plugin is based in huge part on Stephen Schwink’s CAS Authentication plugin and would be a lot different if I couldn’t lean on Stephen’s excellent work. My primary reasons for branching (under the the terms of the GPL) were that I wanted it to work better with WPMU. And, I needed an easier way to hook-in functions to provision users and wanted to do that while also making it easy to upgrade using SVN (thus the config file).
5 Comments
Comments RSS TrackBack Identifier URI
Leave a comment
Hi Casey - great work on the plugin, got it working first time on a standalone WP installation and looking at implementing it across our some of our WMPU setup, but need to work a bit on managing users. Have you got any examples of provisioning for new users (ie creating a new user in WP if they are authenticated on CAS) or maybe translating some authenticated users to a generic user (one already set up on WP?)
@Paul H:
Your comment kicked me into gear and I just added an example that’s basically what I use. It’s now included with the download and SVN, you can browse it on Trac here:
http://plugins.trac.wordpress.org/browser/wpcas/trunk/provisioning_example.php
Glad you find it useful.
Hi Casey, great work.
Let me suggest a little improvment. I’ve found that the “redirect” works better if you modify wpcas.php as follow:
if ( $user = get_userdatabylogin( phpCAS::getUser())){ // user already exists
// the CAS user has a WP account
wp_set_auth_cookie( $user->ID );
// Standard redirect
if( isset( $_REQUEST['redirect_to'] )) {
wp_safe_redirect( $_REQUEST['redirect_to'] );
exit();
}
// Default redirect to the admin home page
//wp_safe_redirect( admin_url() );
wp_safe_redirect( ‘/wp-admin/’ );
exit();
}else{
I hope this helps,
Luigi
Hi Man,
Can we install multiblogs with your: wpCAS plugin ?
With regards,
Alex
@Alex: It’s compatible with WordPress MU. Does that help?