Setting up SSO on a Site

Required Modules. SSO requires several modules to be installed.

• If not installed update the make file.
• Modules are:
1. CAS (Drupal.org)
2. CAS Attributes (Drupal.org)
3. CAS Roles (Drupal.org)
4. Redirect (drupal.org)
5. OULIB_CAS (oulibraries github)
6. Intranet_custom (oulibraries github)
• Deploy code to get Enable modules:

Enable modules.

Converting LDAP-based User Accounts

Note: This step should not have to be done anymore. It was a one time need.

User accounts that were created with LDAP authentication can be converted to CAS accounts with

drush oulib-cassify

The command will convert all LDAP accounts.

CAS config settings

Most CAS settings will be imported for you. (See additional settings screenshots below)

• CAS Login Invitation: Login
• Redirection Notification Msg: [blank]
• Successful Login Msg: [blank]
• Users Cannot Change Password: “should be checked”
• Redirection - Check with the CAS server to see if the user if already logged in?
• Once per browser sessions
• Attributes: Fetch CAS Attributes
• Everytime a user logs in: [checked]
• CAS Attribute Mappings: E-Mail Address
• Email address [cas:attribute:email]
• CAS Roles: Attribute for Roles
• Cas:attribute:membership
• CAS Roles Mapping: individual per site

Disable LDAP

Set up Login Blocks

• Logout button needs to be created as a custom block with link /caslogout. The style needs to be similar to main libraries Log out button block.
• Set the visibility rules to authenticated or anonymous as needed   
• <p class="logoutButton"><a class="btn btn-primary" href="/caslogout">Logout</a></p>
• Login button should be the newly installed CAS login button

Set up redirect of user/logout to <front>

Galileo’s World

• Edit the panel for the home page
• Log in header and text goes into login left
• User login gets disabled
• Cas button goes in login right...which is under misc.
• Override title...make it blank
• Add a manual log out button to login right
• Get from one of the other test sites
• Create the custom block
• Add visibility rule to logout...everyone should see it except anonymous
• Move user menu to login left

Note: These ‘Specific pages’ and ‘Excluded Pages’ are from the libraries’ main site. These will differ for each site.