Enabling CAS server authentication
An administrator can enable CAS server authentication as follows:
- Go to Site administration > Plugins > Authentication > Manage authentication and click the eye icon opposite CAS server (SSO). When enabled, it will no longer be greyed out.
- Click the settings link, configure as required, then click the 'Save changes' button.
One caveat for those converting from LDAP or other authentication mechanisms:
For any user that you wish to authenticate with CAS but which already has been using LMS, and thus has an entry in the LMS database, you will need to change the value of the "auth" field for the user in the mdl_user table. So, if they used LDAP before, but now you wish for them to use CAS and their username is "foobar" you'll need to edit the database with some SQL something like: UPDATE mdl_user SET auth='cas' where auth='ldap' and username='foobar'; Without this change the user will constantly be presented with a failed login message, but otherwise no clue as to why login failed even though their credentials were accepted by the CAS server.
Enabling CAS accounts syncronisation
The CAS users sync job (\auth_cas\task\sync_task) scheduled task is responsible for creating and updating user information, and suspending and deleting CAS accounts.
After enabling CAS server authentication, an administrator need to enable and configure the CAS users sync job as follows:
- Go to Site administration > Server > Scheduled tasks and click the gear icon opposite CAS users sync job.
- Select the desired frequency of running and enable the task by un-ticking the disabled checkbox.
 | Warning: It is important to make sure that all CAS settings are working properly before enabling the CAS users sync job (as well as backing up your database and moodledata folders), since incorrect CAS configuration can result in users being wrongly deleted! |