Duplicate Users When Using CAS

  • Resolved fightinfett

    (@fightinfett)


    10 years, 3 months ago

    When we use CAS (only) to authenticate users, we are seeing a duplicate user account created. (e.g., User “jdoe” already exists in the system. After authentication, a new user named “[email protected]” appears in the list.) We would much rather have CAS Authenticate the user and then confirm that the user already exists in the user database rather than create a new user account with an @domain.com attached to the end. In other words, we would like the CAS service and WordPress to use the same user database tables. Is this possible? Are we missing something? (It also appears that the CAS Version selector does not include a version that you describe as being supported.) (CAS Version 4)

Viewing 1 replies (of 1 total)
  • Plugin Author Paul Ryan

    (@figureone)

    10 years, 2 months ago

    Authorizer does it’s user lookups using email addresses, not usernames. This is mostly a security feature, since most password reset features are performed via email, making it the canonical reference for that user.

    What you’re seeing is that the existing WordPress user jdoe doesn’t have the same email address as the email address returned by the CAS server when jdoe logs in. Authorizer will first try to create the jdoe account, see it already exists, and fall back to creating a new [email protected] username to prevent collision with the other user that has a different email address.

    To avoid this, make sure the email addresses match.

    Also, CAS server version is different than CAS protocol version. Here are the protocol versions defined in the phpCAS source:
    https://developer.jasig.org/cas-clients/php/1.3.4/docs/api/group__public.html
    You’re probably running server version 4, but it implements either protocol version 3 or SAML. A little info here:
    https://github.com/Jasig/phpCAS/issues/164#issuecomment-121506112

Viewing 1 replies (of 1 total)

The topic ‘Duplicate Users When Using CAS’ is closed to new replies.