Introduction
Table of Contents
DIT requires that all Pantheon Drupal sites utilize the following configuration:
- Set their user registration settings to be that Administrators are the only ones who can create accounts.
- All user accounts should use CAS for sign-on.
- Remove user accounts for those who no longer need access to the site.
User Registration Settings
Site owners should set their user registration settings to be that Administrators are the only ones who can create accounts.This keeps the authenticated user count to only those who need access to the site for editing and administration, and helps prevent spam accounts.
The user account settings can be found under Configuration in the top menu, then selecting People, then Account Settings, or directly at yoursite.umd.edu/admin/config/people/accounts
We recommend that the "when cancelling a user account" setting is set to "delete the account and make its content belong to the Anonymous user", this setting prevents deleted user content from being removed.
Once the changes have been made, click the 'Save configuration' button at the bottom of the page.
Add a new CAS user
In compliance with the IT-20 directive, all user accounts must use CAS for sign-on. To add a CAS user, select "Add CAS user(s) from the top menu dropdown under People, or from the People menu itself, click the "+Add CAS user(s) button.
Enter the CAS usernames one per line, provide them with the appropriate role if necessary, and click the "create new accounts" button to finish adding the users.
Convert a local account into a CAS account.
To update a user's account to be a CAS account, find the user in question under the "People" tab from the top menu, or from yoursite.umd.edu/admin/people. Click the 'Edit' button on the right for that individual. From the persons account info screen, check the box "Allow user to log in via CAS" and fill out the new CAS username field, then scroll to the bottom of the page to save the changes. Non-CAS login methods will no longer work for the user once these changes have been made.
Remove user accounts
It may be necessary from time to time to remove a user account, examples include an editor or administrator moving on, or a spam account that was registered before the above settings were changed.
To review the list of user accounts for a site, click on the People button from the top menu, or directly at (your site).umd.edu/admin/people.
To cancel an individual user account, find the user in the People list (searching by email or username can help expedite the search) and select the 'Edit' button for the account on the right.
At the bottom of the user page, select "Cancel account"
On the confirmation page, select weather to keep the user content or delete it, depending on your needs. We recommend as a default to delete the account and set its contents to be owned by anonymous.
Click the confirm button to finish deleting the account.
Bulk Actions
It is also possible to remove users in bulk by selecting multiple at once via the check marks on the left side of the users list. The filters can help with grouping user accounts for bulk actions such as filtering for 'blocked' accounts. Then select the appropriate action from the bulk actions dropdown at the bottom of the screen.
CAS
module
The Drupal CAS module is installed by default on sites provisioned with the UMD Terp theme, but can be added to a site as well.
For instructions on getting started with managing and updating a Pantheon Drupal site, we have the following KB article.
For installing the module itself once you are up and running with the above instructions, running the following command while in the site code folder will add the CAS module to your sites codebase:
composer require drupal/cas:^3
From there you will need to add and commit the changes to the site code repository and push them to Pantheon. On Pantheon you can review the changes and then promote them to your sites test and live environments. Finally you will need to configure your CAS module to connect to the UMD CAS servers, the configuration settings are detailed below. (note, you will need to either configure CAS on each environment separately, or you can configure the module on the live site, and copy the live site database back to the test and dev environments, provided you do not have any separate work on the test or dev environments that needs to not be overwritten).
Configuration
The following settings will allow the CAS module to function on a site:
CAS Protocol version:
2.0
HTTP Protocol:
HTTPS
Hostname:
login.umd.edu
Port:
443
Path:
/cas
The rest of the settings can be left as default unless specifically needed to be configured for your site.