Home / Resources / Ws2l / CAS Configuration

CAS Configuration

CAS (Central Authentication Service) is the recommended replacement for the WebAuth module for single signon authentication. Below are some steps and config settings to get CAS up and running quickly on your ASU Drupal site.

BTW, a big thanks to Nate Wilken, Joe McDonald and Jason Harper for making CAS available at ASU.


  1. Required: You must turn on SSL for your site.  For sites on Pantheon, add this code to your settings.php file (/sites/default/settings.php):
     # Force https on Pantheon
    if (isset($_SERVER['PANTHEON_ENVIRONMENT'])) {
      if (!isset($_SERVER['HTTP_X_SSL']) || $_SERVER['HTTP_X_SSL'] != 'ON') {
        header('HTTP/1.0 301 Moved Permanently');
        header('Location: https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
      else {
        // This is required by some Drupal modules that are Apache-centric
        $_SERVER['HTTPS'] = 'on';
  2. Required: You must use the ASU Header.  You can add the header files manually, or if your site is in Drupal 7, the ASU Brand Module makes it easy to add the header and footer to any Drupal theme.
  3. Download the CAS module from http://drupal.org/project/cas and install in your /sites/all/modules folder.
  4. Download the CAS library from https://wiki.jasig.org/display/CASC/phpCAS.
  5. I extracted the CAS library files and uploaded them to my CAS module folder, so that my path looks like /sites/all/modules/cas/CAS/CAS.php (other possible locations are given on drupal.org)
  6. Go to your modules page (/admin/modules) and enable CAS.
  7. Go to your roles page (/admin/people/permissions/roles) and add a new user role called "cas user".
  8. Configure CAS at /admin/config/people/cas. The configuration settings I used are below.


Here are the settings we're using:

UPDATE: 7-27-11
When using the asuzen theme for Drupal 6 with SSL turned on, if you get an "Unauthenticated application" error on login:

In template.php, search for
$vars['asu_sso_signinurl'] = '/cas?destination='.urlencode(drupal_get_path_alias($_GET['q']));
and replace with
$proto = 'https://';
$host = $_SERVER['SERVER_NAME'];
$port = ($_SERVER['SERVER_PORT'] == 80 ? '' : ':' . $_SERVER['SERVER_PORT']);
$vars['asu_sso_signinurl'] = $proto . $host . $port . '/cas?destination='.urlencode