Single sign-on (CAS) replaces LDAP

All sites in the OIT-managed WordPress environment now use Princeton University's Central Authentication Service (CAS) for authorizing access to protected pages, including the WordPress admin dashboard. This replaces the LDAP-integrated WordPress login page.

Screenshot of old and new login pages

The old WordPress log-in page is on the left; the CAS log-in page is on the right.

Accessing /wp-admin or wp-login.php will automatically redirect to the CAS login page. After authentication through CAS with a Princeton netID and password, a logged-in user will be directed back to the original WordPress site. If a netID uses Duo two-factor authentication, Duo will work the same here as with any other CAS-enabled site.

One feature that is not available with the new CAS solution is the ability to bulk add authorized users to a site. We hope to find or write a plugin that will re-enable this feature.

Enabling CAS was one of the last milestones before migrating all of the sites in our managed WordPress environment to a cloud hosting provider.

Leave a Reply