The following settings should be adequate for most Georgia Tech developers using Drupal version 6.
The CAS configuration page can be found at: http://yoursite/admin/user/cas
CAS Server Settings
- CAS version — 2.0 or higher
- CAS server — login.gatech.edu
- CAS port — 443
- CAS URI — cas
- Check to see if a user is already logged in? — The function of this setting is unclear. It doesn't seem to do anything, but we (Communications & Marketing) leave it unchecked.
- CAS PEM certificate verification — Do not verify the certificate
- CAS PEM Certificate (phpCAS 0.6 or greater) — leave blank
- Initialize CAS as proxy — unchecked
- CAS PGT storage file format — Plain Text
- CAS PGT storage path — leave blank
- Enable CAS Single Sign Out (CAS server 3.1 or greater) — unchecked
- CAS debugging output filename — leave blank
User Account Settings
- Is Drupal also the CAS user repository — unchecked
- If Drupal is not the user repository, should cas hijack users with the same name? — You will probably want this box checked. This will allow you to create people's Drupal accounts before they log in. If you leave it unchecked, you will need to make user the following box is checked and you will have to get people to log in before you configure their accounts.
- Should Drupal user accounts be automatically created? — If you want any GT user to be able to log into your site, you will want this box checked. If you want to pre-approve selected users, you will want to uncheck this box and make sure the previous box is checked. Warning: if you leave both this box and the previous box unchecked, there will be no way for CAS to associate its users with Drupal accounts.
- Email Domain — mail.gatech.edu
- Users cannot change email address — Checked, unless you want users to be able to use non-GT addresses.
- Users cannot change password — checked
- Auto-assign users to the role(s) — This is entirely up to you. Be warned, however: if you are allowing accounts to be created automatically and you are automatically endowing them with godlike powers, well, you might as well leave your house keys hanging from your mailbox while you're at it.
- Require CAS login for — You may specify protected pages if you have some portion of your site that is to be password-protected. If you are merely using CAS to authenticate site administrators, you make leave these fields blank.
- Force redirection on initial login — If you want all users directed to a particular page upon login, check this box and enter the path in the following field.
- Successful login message — We recommend the default unless you have specific other needs.
- Redirect user on logout — https://login.gatech.edu/cas/login
- Change password URL — https://passport.gatech.edu/
- Registration URL — leave blank
Login Form Settings
- Add CAS link to login forms — Make CAS login default on login forms
- CAS login invitation — default
- Drupal login invitation — default
- Redirection notification message — default