Title: Duplicate Users When Using CAS
Last modified: August 31, 2016

---

# Duplicate Users When Using CAS

 *  Resolved [fightinfett](https://wordpress.org/support/users/fightinfett/)
 * (@fightinfett)
 * [10 years, 3 months ago](https://wordpress.org/support/topic/duplicate-users-when-using-cas/)
 * When we use CAS (only) to authenticate users, we are seeing a duplicate user 
   account created. (e.g., User “jdoe” already exists in the system. After authentication,
   a new user named “jdoe@domain.com” appears in the list.) We would much rather
   have CAS Authenticate the user and then confirm that the user already exists 
   in the user database rather than create a new user account with an [@domain](https://wordpress.org/support/users/domain/).
   com attached to the end. In other words, we would like the CAS service and WordPress
   to use the same user database tables. Is this possible? Are we missing something?(
   It also appears that the CAS Version selector does not include a version that
   you describe as being supported.) (CAS Version 4)

Viewing 1 replies (of 1 total)

 *  Plugin Author [Paul Ryan](https://wordpress.org/support/users/figureone/)
 * (@figureone)
 * [10 years, 2 months ago](https://wordpress.org/support/topic/duplicate-users-when-using-cas/#post-7113456)
 * Authorizer does it’s user lookups using email addresses, not usernames. This 
   is mostly a security feature, since most password reset features are performed
   via email, making it the canonical reference for that user.
 * What you’re seeing is that the existing WordPress user jdoe doesn’t have the 
   same email address as the email address returned by the CAS server when jdoe 
   logs in. Authorizer will first try to create the jdoe account, see it already
   exists, and fall back to creating a new [jdoe@domain.com](https://wordpress.org/support/topic/duplicate-users-when-using-cas/jdoe@domain.com?output_format=md)
   username to prevent collision with the other user that has a different email 
   address.
 * To avoid this, make sure the email addresses match.
 * Also, CAS server version is different than CAS protocol version. Here are the
   protocol versions defined in the phpCAS source:
    [https://developer.jasig.org/cas-clients/php/1.3.4/docs/api/group__public.html](https://developer.jasig.org/cas-clients/php/1.3.4/docs/api/group__public.html)
   You’re probably running server version 4, but it implements either protocol version
   3 or SAML. A little info here: [https://github.com/Jasig/phpCAS/issues/164#issuecomment-121506112](https://github.com/Jasig/phpCAS/issues/164#issuecomment-121506112)

Viewing 1 replies (of 1 total)

The topic ‘Duplicate Users When Using CAS’ is closed to new replies.

 * ![](https://ps.w.org/authorizer/assets/icon-256x256.jpg?rev=1967453)
 * [Authorizer](https://wordpress.org/plugins/authorizer/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/authorizer/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/authorizer/)
 * [Active Topics](https://wordpress.org/support/plugin/authorizer/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/authorizer/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/authorizer/reviews/)

## Tags

 * [cas](https://wordpress.org/support/topic-tag/cas/)
 * [duplicate](https://wordpress.org/support/topic-tag/duplicate/)
 * [user](https://wordpress.org/support/topic-tag/user/)

 * 1 reply
 * 2 participants
 * Last reply from: [Paul Ryan](https://wordpress.org/support/users/figureone/)
 * Last activity: [10 years, 2 months ago](https://wordpress.org/support/topic/duplicate-users-when-using-cas/#post-7113456)
 * Status: resolved