Pressbooks CAS Single Sign-On

Contributors: conner_bw, greatislander Tags: pressbooks, sso, cas Requires at least: 6.1.1 Tested up to: 6.1.1 Stable tag: 2.2.0 License: GPLv3 or later License URI: https://www.gnu.org/licenses/gpl-3.0.html

CAS Single Sign-On integration for Pressbooks.

Description

Plugin to integrate Pressbooks with Central AuthenticationService (CAS) single sign-on architectures.

Users who attempt to login to Pressbooks are redirected to the central CAS sign-on screen. After the user’s credentials are verified, they are redirected back to the Pressbooks network. If we match a Pressbooks user by CAS username (stored in user_meta table), the user is recognized as valid and allowed access. If no match, then try to match a Pressbooks user by email (and store a successful match in user_meta table for next time). If the CAS user does not have an account in Pressbooks, a new user can be created, or access can be refused, depending on the configuration.

Installation

composer require pressbooks/pressbooks-cas-sso

Or, download the latest version from the releases page and unzip it into your WordPress plugin directory: https://github.com/pressbooks/pressbooks-cas-sso/releases

Then, activate and configure the plugin at the Network level.

Read the integrations documentation for more info: https://docs.pressbooks.org/integrations/cas-sso/

Security Considerations

Set the PB_CAS_CERT_PATH environment variable to configure validation of the CAS server. Used by CURLOPT_CAINFO for peer and host verification:

putenv( 'PB_CAS_CERT_PATH=/path/to/cachain.pem' ); // Path to the CA chain that issued the CAS server certificate

Advanced Configuration

The email can be filtered, example: add_filter( 'pb_integrations_multidomain_email', function( $email, $uid, $plugin ) { /* Custom use case, return $email */ }, 10, 3 );

Because this plugin uses the fabulous apereo/phpCAS library, many other configuration variables can be tweaked.