Title: wpCAS Author: Casey Bisson Published: August 30, 2008 Last modified: March 25, 2010 --- Search plugins This plugin **hasn’t been tested with the latest 3 major releases of WordPress**. It may no longer be maintained or supported and may have compatibility issues when used with more recent versions of WordPress. ![](https://s.w.org/plugins/geopattern-icon/wpcas.svg) # wpCAS By [Casey Bisson](https://profiles.wordpress.org/misterbisson/) [Download](https://downloads.wordpress.org/plugin/wpcas.zip) * [Details](https://pcd.wordpress.org/plugins/wpcas/#description) * [Reviews](https://pcd.wordpress.org/plugins/wpcas/#reviews) * [Installation](https://pcd.wordpress.org/plugins/wpcas/#installation) * [Development](https://pcd.wordpress.org/plugins/wpcas/#developers) [Support](https://wordpress.org/support/plugin/wpcas/) ## Description wpCAS integrates WordPress into an established CAS architecture, allowing centralized management and authentication of user credentials in a heterogeneous environment. [From Wikipedia](http://en.wikipedia.org/wiki/Central_Authentication_Service): > The Central Authentication Service (CAS) is a single sign-on protocol for the > web. Its purpose is to permit a user to log into multiple applications simultaneously > and automatically. It also allows untrusted web applications to authenticate users > without gaining access to a user’s security credentials, such as a password. The > name CAS also refers to a software package that implements this protocol. Users who attempt to login to WordPress are redirected to the central CAS sign-on screen. After the user’s credentials are verified, s/he is then redirected back to the WordPress site. If the CAS username matches the WordPress username, the user is recognized as valid and allowed access. [Authorization](http://en.wikipedia.org/wiki/AuthZ) of that user’s capabilities is based on native WordPress settings and functions. CAS only authenticates that the user is who s/he claims to be. If the CAS user does not have an account in the WordPress site, an administrator defined function can be called to provision the account or do other actions. By default, CAS users without WordPress accounts are simply refused access. ## Installation 1. Download [phpCAS](http://www.ja-sig.org/wiki/display/CASC/phpCAS) and place it on your webserver so that it can be included by the wpCAS plugin. 2. Place the plugin folder in your `wp-content/plugins/` directory and activate it. 3. Set any options you want in Settings -> wpCAS _or_ in the `wpcas-conf.php` file. 4. The plugin starts intercepting authentication attempts as soon as you activate it. Use another browser or another computer to test the configuration. #### wpcas-conf.php wpCAS can be configured either via the settings page in the WordPress dashboard, or via a configuration file. See `wpcas-conf-sample.php` for an example. If a config file is used, it overrides any settings that might have been made via the settings page and that page is hidden. Use of `wpcas-conf.php` is recommended for WordPressMU installations, as doing so hides the settings menu from users. #### WordPressMU Installation 1. Download [phpCAS](http://www.ja-sig.org/wiki/display/CASC/phpCAS) and place it on your webserver so that it can be included by the wpCAS plugin. 2. Place the plugin `wpcas.php` in your `wp-content/mu-plugins/` directory. 3. Make a copy of `wpcas-conf-sample.php`, rename it `wpcas-conf.php`, and put it in your `wp-content/mu-plugins/` directory. 4. Set the options in the config file. 5. The plugin starts intercepting authentication attempts as soon as you activate it. Use another browser or another computer to test the configuration. 6. Consider creating a function to provision user accounts for CAS-authenticated users who do not have WordPress accounts. ## FAQ What version of phpCAS should I use? I’ve only tested it with the 1.0 release available from ja-sig. How’s it work? Users who attempt to login to WordPress are redirected to the central CAS sign-on screen. After the user’s credentials are verified, s/he is then redirected back to the WordPress site. If the CAS username matches the WordPress username, the user is recognized as valid and allowed access. If the CAS username does not exist in WordPress, you can define a function that could provision the user in the site. You keep talking about provisioning users. How? Each environment is different; each environment probably needs its own solution for this. I’ve posted my [user provisioning script](http://maisonbisson.com/projects/wpcas) here, if you find something in there that works, [leave a comment](http://maisonbisson.com/projects/wpcas). What’s the relationship between LDAP and CAS? There is none. This looks familiar… You might be thinking of [Stephen Schwink](http://schwink.net)‘s [CAS Authentication](https://wordpress.org/extend/plugins/cas-authentication/) plugin. This plugin would be a lot different if I couldn’t lean on Stephen’s excellent work. My primary reasons for branching (under the the terms of the GPL) were that I wanted it to work better with WPMU and needed an easier way to hook-in functions to provision users and wanted to do that while also making it easy to upgrade using SVN (thus the config file). ## Reviews There are no reviews for this plugin. ## Contributors & Developers “wpCAS” is open source software. The following people have contributed to this plugin. Contributors * [ Casey Bisson ](https://profiles.wordpress.org/misterbisson/) [Translate “wpCAS” into your language.](https://translate.wordpress.org/projects/wp-plugins/wpcas) ### Interested in development? [Browse the code](https://plugins.trac.wordpress.org/browser/wpcas/), check out the [SVN repository](https://plugins.svn.wordpress.org/wpcas/), or subscribe to the [development log](https://plugins.trac.wordpress.org/log/wpcas/) by [RSS](https://plugins.trac.wordpress.org/log/wpcas/?limit=100&mode=stop_on_copy&format=rss). ## Meta * Version **1.07** * Last updated **16 years ago** * Active installations **100+** * WordPress version ** 2.7 or higher ** * Tested up to **2.7.1** * Language * [English (US)](https://wordpress.org/plugins/wpcas/) * Tags * [authentication](https://pcd.wordpress.org/plugins/tags/authentication/)[cas](https://pcd.wordpress.org/plugins/tags/cas/) [central authentication service](https://pcd.wordpress.org/plugins/tags/central-authentication-service/) [phpCAS](https://pcd.wordpress.org/plugins/tags/phpcas/)[wpCAS](https://pcd.wordpress.org/plugins/tags/wpcas/) * [Advanced View](https://pcd.wordpress.org/plugins/wpcas/advanced/) ## Ratings No reviews have been submitted yet. [Add my review](https://wordpress.org/support/plugin/wpcas/reviews/#new-post) [See all reviews](https://wordpress.org/support/plugin/wpcas/reviews/) ## Contributors * [ Casey Bisson ](https://profiles.wordpress.org/misterbisson/) ## Support Got something to say? Need help? [View support forum](https://wordpress.org/support/plugin/wpcas/) ## Donate Would you like to support the advancement of this plugin? [ Donate to this plugin ](http://MaisonBisson.com/)