Configure CAS (Drupal 8)

Drupal Version

The following settings should be adequate for most Georgia Tech developers using Drupal version 8.

The CAS configuration page can be found at: http://yoursite/admin/config/people/cas

CAS Server

  • Version — 2.0
  • Hostname — login.gatech.edu
  • Port — 443
  • URI — /cas
  • SSL Verification — Verify using your web server's default certificate authority (CA) chain.

All other sections are optional, but you will want to either:

  • Enable Login link enabled under the GENERAL SETTINGS section (to show a CAS login link on the regular Drupal login form/page).  This could be combined with the GATEWAY feature to speed up login for users already logged into their GT Account.
  • Post a link to /caslogin to your front page
  • Configure the FORCED LOGIN section, should you want to have visiting a path like /user automatically to log the user into CAS

NOTE: The Drupal 8 CAS module uses a different login path (/caslogin) from what CAS used in Drupal 6 and 7, which was /cas .  However, you can easily alias /cas to point to /caslogin if you wish to maintain the old URL as a valid login path.

An explanation on GATEWAY: this feature will check to see if the user is already logged into his/her GT Account and if so log him/her into the website.  If the user is not already logged in, then the user will simply access the site as a guest (anonymous) user.  For this reason, you must also enable the login link setting or post a login link to your front page to allow users to log into the site when they are not already logged into their GT Account.  (All GATEWAY does is to save users the trouble of selecting a login link when they've already logged into their GT Account.)

Important: If you turn on both GATEWAY logins and Auto register users, then every Georgia Tech user who visits your site and is already logged into their GT Account will have a Drupal account created for them on your site.  This can result in your site ending up with thousands of user accounts, which can be a headache when it comes to managing the accounts of users who actually have special editing privileges on your site.  In general, you really don't want to configure a site this way unless you specifically want to allow all Georgia Tech community members to be able to create content and/or post comments to existing content.  An example of this kind of usage is this Georgia Tech Drupal community site.

The FORCED LOGIN feature will require every visitor to have a Drupal account on your site and will log the visitor into their account when first accessing the site in a browser session.  Visitors who do not have a Drupal account will be denied access to the site.  You probably do not want to enable this for the whole site (unless the site is meant to be a private intranet), but it can be useful to enable FORCED LOGIN for subsections of a site (e.g. "/admin/*" to automatically force login when trying to access any administrative page.)