authentication

Configure CAS (Drupal 8)

The following settings should be adequate for most Georgia Tech developers using Drupal version 8.

The CAS configuration page can be found on the black administration toolbar under Configuration -> People -> CAS

Alternatively, you can access the configuration page by adding "/admin/config/people/cas" to the end of your site's front page URL.

CAS Logout Error

Courtesy of Doug Curtis in OIT:


People are receiving a 500 error when using the "GT Logout" link on a Drupal page.  It looks like the problem is that the Drupal CAS module is appending the "service=" query string to the end of the CAS logout URL.  The GT CAS server will accept "url=" query string but it doesn't accept the "service=" query string.  Previously, the CAS service would quietly ignore appended query strings it didn't recognize but that isn't currently the case.

Finding a Person's GT Account Username

The GT Account Username is the standard computer account for everyone at Georgia Tech.  It is used to access a variety of systems including TechWorks, BuzzPort, and Mercury, and can be used to access your Drupal site by installing the CAS module.   

You may often find that need to add someone to a group in Mercury or to your Drupal site, and you need to know the person's GT Account Username.  Here are several ways that you can look up that information:

Solving Post-Migration Login Issues

If you are unable to log in with CAS after migrating a site, make sure you copied the .htaccess file in the root of your site (httpdocs on OIT Web Hosting). 

Please note that this file may be hidden to some file browsers. If so, configure your file browser to show hidden files.

Technical Details

CAS requires that Clean URLs be enabled. When Clean URLs is enabled, Drupal edits the .htaccess file to properly handle normal-looking URLs. 

Two-Factor Authentication

All Georgia Tech users who have been enabled for two factor authentication (2FA) are required to log into CAS with their two-factor token via the Duo 2FA service.  As of summer 2017, this includes virtually all campus employees, and will soon include all students.

So, long story short, there is no reason to add your own two-factor authentication to your Drupal websites - you would, in effect, just be creating three-factor authentication, which would likely create more headaches than benefits.

Updating the CAS Library to the Latest Version

While the phpCAS library is pretty stable, its maintainers do still release updates periodically, and every now and then one of those updates is to fix a security issue. Below are step-by-step instructions for how to update your phpCAS library to the most current, secure version.

For this example, we will update from version 1.3.2 to version 1.3.3, but the same steps should apply to updating between any versions of the phpCAS library (which allows logins with GTaccounts to our drupal sites).

Whitepages GT Directory Server

There is a public-facing LDAP server from which you can pull general directory information from without authentication.  This server is only accessible from servers and workstations located on one of the Georgia Tech campus subnets.

Connection Settings

Use the default settings, unless otherwise stated beow: