wpCAS-w-LDAP allows you to use your own CAS architecture to authenticate users in your WordPress blog. It also allows you to configure an LDAP connection to get user information for user not already members of your WordPress installation.
The Central Authentication Service (CAS) is a single sign-on protocol for the web. Its purpose is to permit a user to log into multiple applications simultaneously and automatically. It also allows untrusted web applications to authenticate users without gaining access to a user’s security credentials, such as a password. The name CAS also refers to a software package that implements this protocol.
Users who attempt to login to WordPress are redirected to the central CAS sign-on screen. After the user’s credentials are verified, s/he is then redirected back to the WordPress site. If the CAS username matches the WordPress username, the user is recognized as valid and allowed access.
Authorization of that user’s capabilities is based on native WordPress settings and functions. CAS only authenticates that the user is who s/he claims to be.
If the CAS user does not have an account in the WordPress site, depending on the plugin’s settings, the user is either
1. Denied access or
1. Added to the user database with the default role set on the plugin’s options page.
LDAP is included as an option for getting user information when they are being added to the database. If LDAP is available on your installation of PHP, you will be given the option of configuring it for this purpose.
- Download phpCAS and place it on your webserver so that it can be included by the wpCAS-w-LDAP plugin.
- Place the plugin folder in your
wp-content/plugins/directory and activate it.
- Set any options you want in Settings -> wpCAS with LDAP or in the
- The plugin starts intercepting authentication attempts as soon as you activate it. Use another browser or another computer to test the configuration.
wpCAS-w-LDAP can be configured either via the settings page in the WordPress dashboard, or via a configuration file. See
wpcasldap-conf-sample.php for an example. If a config file is used, it overrides any settings that might have been made via the settings page and configured portion of that page are hidden.
wpcasldap-conf.php is recommended for the CAS and LDAP portions of an WordPressMU installations, as doing so hides the settings menu from users. The option to use LDAP, add users, and default role can be left to blog administrators.
- What version of phpCAS should I use?
wpCAS-w-LDAP has been tested with phpCAS version 1.0.1.
- Where do I get phpCAS
- How’s it work?
Users who attempt to login to WordPress are redirected to the central CAS sign-on screen. After the user’s credentials are verified, s/he is then redirected back to the WordPress site. If the CAS username matches the WordPress username, the user is recognized as valid and allowed access. If the CAS username does not exist in WordPress, you can define a function that could provision the user in the site.
- What’s the relationship between LDAP and CAS?
There is none.
- What if LDAP is not installed on my server?
- Doesn’t this already exist?
wpCAS-w-LDAP replicates the functionality of wpCAS by Casey Bisson. It adds LDAP functionality to his original code. I created wpCAS-w-LDAP so that when new users are added my WordPressMU install, they will be added with a full set of information.