CAS server (SSO) with user-attribute release

Authentication ::: auth_casattras
Maintained by Charles Fulton, Adam Franco
A CAS (SSO) authentication module for Moodle that uses released attributes rather than LDAP for user information.

CAS server (SSO) with user-attribute release v3.7.2

Moodle 3.7, 3.8, 3.9, 3.10, 3.11
Released: Saturday, July 11, 2020, 1:33 AM

CAS server (SSO) with user-attribute release

Build Status

This is an authentication plugin for Moodle that authenticates users via a Central Authentication Service (CAS) server and populates the Moodle user-account's attributes from user-attributes included in the CAS response.

This method does not make use of LDAP for user-attribute lookup, allowing its use in situations where there is no LDAP server that includes user information, or there are multiple LDAP servers that include user information.

This authentication method makes use of the attributes returned by the phpCAS library's phpCAS::getAttributes() function and which are often returned from modern CAS servers.

Requirements

  • Moodle 3.7 (build 2019052000 or later)
  • A CAS server that supports attribute-release via one of...
    1. The SAML 1.1 protocol
    2. The CAS 2.0 protocol with the serviceValidate JSP customized to include attributes
    3. [coming soon] The CAS 3.0 protocol

Installation

  1. Download the source for this authentication module and place it in moodle/auth/casattras/. This can be accomplished with

        cd /path/to/my/moodle/
        git clone https://github.com/middlebury/Moodle-auth_casattras.git auth/casattras
    
  2. Log into Moodle as a site adminstrator. You should be prompted to run a database update to install the plugin.

  3. If you are going to configure SSL certificate validation of the CAS server (to prevent man-in-the-middle attacks on the login response) then save the certificate-authority certificate (CA-cert) to the filesystem where it is readable by Moodle and note its path.

Configuration

  1. Log into Moodle as a site administrator.
  2. If you don't already, make sure that you have a manual authentication-type admin account that you can log in with.
  3. Log in with the manual authentication-type admin account to ensure that you won't get locked out while changing around authentication settings.
  4. In Moodle, go to Site Administration -> Plugins -> Authentication -> Manage Authentication
  5. Edit the settings for CAS server (SSO) with user-attribute release to fit your CAS server.
  6. If configuring CAS server certificate validation, enter the CA-cert path for the "Certificate path" field.
  7. Edit the "Data Mapping" fields to match the user-attributes returned by your CAS server.
  8. Save the configuration.
  9. Disable the built-in CAS server (SSO) authentication type. This authentication plugin uses a newer version of phpCAS which would conflict with the built-in CAS server (SSO) authentication type, so both cannot be enabled at the same time.
  10. Enable the CAS server (SSO) with user-attribute release authentication type.

Migration

The following sample database query would migrate users from the cas authentication method to casattras:

UPDATE mdl_user SET auth='casattras' WHERE auth='cas';

Author

Charles Fulton (fultonc@lafayette.edu) Adam Franco

Version information

Version build number
2020071000
Version release name
v3.7.2
Can be updated from
v3.7.0 (2020032600), v3.7.1 (2020060900)
Maturity
Stable version
MD5 Sum
c2362b1fccbdaf0a5fa0b055d68d5472
Supported software
Moodle 3.7, Moodle 3.8, Moodle 3.9, Moodle 3.10, Moodle 3.11
  • Latest release for Moodle 3.7
  • Latest release for Moodle 3.8
  • Latest release for Moodle 3.9
  • Latest release for Moodle 3.10
  • Latest release for Moodle 3.11

Version control information

Version control system (VCS)
GIT
VCS repository URL
VCS branch
main
VCS tag
v3.7.2

Default installation instructions for plugins of the type Authentication

  1. Make sure you have all the required versions.
  2. Download and unpack the module.
  3. Place the folder (eg "myauth") in the "auth" subdirectory.
  4. Visit http://yoursite.com/admin to finish the installation