Setting up SSO on a Site

Owned by Jayson Marsh (Unlicensed)
May 01, 2019
3 min read

Required Modules. SSO requires several modules to be installed.

    • If not installed update the make file.
    • Modules are:
      1. CAS (Drupal.org)
      2. CAS Attributes (Drupal.org)
      3. CAS Roles (Drupal.org)
      4. Redirect (drupal.org)
      5. OULIB_CAS (oulibraries github)
      6. Intranet_custom (oulibraries github)
    • Deploy code to get Enable modules:

Enable modules.



Converting LDAP-based User Accounts

Note: This step should not have to be done anymore. It was a one time need.


User accounts that were created with LDAP authentication can be converted to CAS accounts with

drush oulib-cassify


The command will convert all LDAP accounts.


CAS config settings

Most CAS settings will be imported for you. (See additional settings screenshots below)

  • CAS Login Invitation: Login
  • Redirection Notification Msg: [blank]
  • Successful Login Msg: [blank]
  • Users Cannot Change Password: “should be checked”
  • Redirection - Check with the CAS server to see if the user if already logged in?
    • Once per browser sessions
  • Attributes: Fetch CAS Attributes
    • Everytime a user logs in: [checked]
  • CAS Attribute Mappings: E-Mail Address
    • Email address [cas:attribute:email]
  • CAS Roles: Attribute for Roles
    • Cas:attribute:membership
  • CAS Roles Mapping: individual per site


Disable LDAP


Set up Login Blocks

  • Logout button needs to be created as a custom block with link /caslogout. The style needs to be similar to main libraries Log out button block.
    • Set the visibility rules to authenticated or anonymous as needed   
    • <p class="logoutButton"><a class="btn btn-primary" href="/caslogout">Logout</a></p>
  • Login button should be the newly installed CAS login button


Set up redirect of user/logout to <front>


Galileo’s World

  • Edit the panel for the home page
  • Log in header and text goes into login left
  • User login gets disabled
  • Cas button goes in login right...which is under misc.
    • Override title...make it blank
  • Add a manual log out button to login right
    • Get from one of the other test sites
    • Create the custom block
    • Add visibility rule to logout...everyone should see it except anonymous
  • Move user menu to login left




Note: These ‘Specific pages’ and ‘Excluded Pages’ are from the libraries’ main site. These will differ for each site.