Central Authentication Service (CAS)

Central Authentication Service (CAS) kp37 Tue, 03/21/2017 - 18:09

What is Central Authentication Service (CAS)?

From Wikipedia (Central Authentication Service):

The Central Authentication Service (CAS) is a single sign-on protocol for the web.[1] Its purpose is to permit a user to access multiple applications while providing their credentials (such as userid and password) only once. It also allows web applications to authenticate users without gaining access to a user's security credentials, such as a password. The name CAS also refers to a software package[1] that implements this protocol.

Georgia Tech implements the CAS service to allow campus members to easily log into campus websites using their GT Account Username and associated password.  However, for a website to utilize CAS, it must be set up correctly, which usually means adding a module, plugin, or library, and configuring it to work with Georgia Tech's CAS servers.

CAS Sub-Topics

CAS and Stand-Alone PHP Applications

CAS and Stand-Alone PHP Applications
kp37 Tue, 03/21/2017 - 18:27

The most common approach for adding Central Authentication Service (CAS) support to a custom stand-alone PHP application is through the phpCAS Library. As of May 2021, the most recent version was phpCAS 1.4.0. Note: If you are using an earlier version you should upgrade as soon as possible to obtain the latest security patches.

The basic approach to using the library is to:

  1. Unpack it into a subdirectory of your application
  2. Require the library's main file, CAS.php
  3. Add the appropriate calls to it before your application does anything that requires the user's identity to be known

It is preferable to store the user's identity in a session cookie for later accesses, so that you are not authenticating the user against the CAS server on every single page access.

The phpCAS documentation has an example of a really simple phpCAS implementation. More information on using phpCAS can be found in the documentation library.

You will also need the campus CAS Server configuration settings.

Note: You would not utilize phpCAS in this manner if you are wanting to add CAS authentication to most content management systems (CMSs), such as Drupal or WordPress. Instead, you should look for a CAS module or plugin for your particular CMS, and use it. These modules and plugins are designed to integrate CAS into the CMS's user management system to give you proper security and a good end user experience. Not every CMS will have a CAS module, but most of the popular CMS's will. If you can't find a CAS module for the CMS you are using, you could look at it's module/plugin API and see if you can write your own module or plugin to integrate phpCAS, but this requires a fairly advanced knowledge of PHP programming, the CMS in question, and the CAS protocol or the phpCAS library.

CAS for WordPress Websites

CAS for WordPress Websites
kp37 Tue, 09/24/2019 - 18:20

Recommended Option

If you want to utilize GT Account based authentication via CAS for a WordPress website, it is highly recommended that you try using the Sites @ Georgia Tech service, which has GT Account authentication already built in.  Once you have your site created, it is very easy to add other users to the site, who can then log in using their own GT Account Username and password.

Alternative Option

If you have an already established WordPress site on OIT Web Hosting or another on-campus hosting solution where you are able to install plugins, and you don't want to recreate your site in the Sites @ Georgia Tech service, there is a plugin that supports CAS authentication:  Authorizer.

After installing the plugin, read the instructions carefully and configure it using the campus CAS Server configuration settings.