The Central Authentication Service (CAS) is a single sign-on protocol for the web. Its purpose is to permit a user to log into multiple applications simultaneously and automatically. It also allows untrusted web applications to authenticate users without gaining access to a user’s security credentials, such as a password. The name CAS also refers to a software package that implements this protocol.
wpCAS integrates WordPress or WordPressMU into an established CAS architecture, allowing centralized management and athentication of user credentials in a heterogeneous environment. Authorization of that user’s capabilities is based on native WordPress settings and functions. CAS only authenticates that the user is who s/he claims to be.
What happens when users attempt to login?
Users who attempt to login to WordPress are redirected to the central CAS sign-on screen. After the user’s credentials are verified, s/he is then redirected back to the WordPress site. If the CAS username matches the WordPress username, the user is recognized as valid and allowed access.
If the CAS user does not have an account in the WordPress site, an administrator defined function can be called to provision the account or do other actions. By default, CAS users without WordPress accounts are simply refused access.
Can this plugin provision users in WordPress who are authenticated via CAS?
wpCAS makes allows you to call a function to do that, but each environment is different; each environment probably needs its own solution for this. I’ll post the script I use for that soon.
Download & installation
Hey, isn’t that…?
This plugin is based in huge part on Stephen Schwink‘s CAS Authentication plugin and would be a lot different if I couldn’t lean on Stephen’s excellent work. My primary reasons for branching (under the the terms of the GPL) were that I wanted it to work better with WPMU. And, I needed an easier way to hook-in functions to provision users and wanted to do that while also making it easy to upgrade using SVN (thus the config file).