CAS

As announced by the Office of Information Technology on 2/4/2021:

The following settings should be adequate for most Georgia Tech developers using Drupal version 10.

The CAS configuration page can be found on the black administration toolbar under Configuration -> People -> CAS

Alternatively, you can access the configuration page by adding "/admin/config/people/cas" to the end of your site's front page URL.

Courtesy of Doug Curtis in OIT:

People are receiving a 500 error when using the "GT Logout" link on a Drupal page.  It looks like the problem is that the Drupal CAS module is appending the "service=" query string to the end of the CAS logout URL.  The GT CAS server will accept "url=" query string but it doesn't accept the "service=" query string.  Previously, the CAS service would quietly ignore appended query strings it didn't recognize but that isn't currently the case.

CAS is capable of delivering some GTED attributes for the person logging in to Drupal, as part of the login process.  This means you don't have to configure and maintain an LDAP module nor manage an LDAP service account (read: no need to keep up with an expiring service account password).

If you are using the CAS module for user authentication, you can require users to be logged in to their GT accounts before they can access specific pages on your Drupal site.

While the phpCAS library is pretty stable, its maintainers do still release updates periodically, and every now and then one of those updates is to fix a security issue. Below are step-by-step instructions for how to update your phpCAS library to the most current, secure version.

For this example, we will update from version 1.3.2 to version 1.3.3, but the same steps should apply to updating between any versions of the phpCAS library (which allows logins with GTaccounts to our drupal sites).

Integration between LDAP and CAS allows you to grab user data fields and attributes available from the campus LDAP servers while still authenticating users via CAS. 

Central Authentication Service (CAS) based single sign-on is the main method of doing authentication via GT Account Usernames for Drupal website logins.  Once users have logged into the GT CAS system, the can access any Georgia Tech website that utilizes CAS without having to enter their GT Account Username again, as long as they don't completely close their browser or clear their browser's cookie cache.

Drupal and CAS utilize different logout functions. Sending the user to /logout will log the user out of your site only and just return the user to the front/home page.

Sending the user to /caslogout will log the user out of your site and redirect the user to the logout page for CAS.

One way to send users to the CAS logout page without hunting down and changing every script that calls logout is to set up /logout as an alias for /caslogout.

The following settings should be adequate for most Georgia Tech developers using Drupal version 7.

The CAS configuration page can be found on the black administration toolbar under Configuration -> People -> CAS Settings

Alternatively, you can access the configuration page by adding "/admin/config/people/cas" to the end of your site's front page URL.