Use CalNet Authentication for UC Berkeley sites

We strongly recommend using CalNet authentication for all UC Berkeley sites. It is more secure than standard authentication.

We have preregistered ALL UC Berkeley Pantheon development and test URLs with the CalNet admin team. It is not necessary to register individual dev and test sites. We have also preregistered ALL live environments using their live-EXAMPLE.pantheon.berkeley.edu URLs. You still have to register your actual production domain (in the form EXAMPLE.berkeley.edu) with CalNet before you launch.

Web Platform Services has developed two Drupal 7 modules (D7 only) to make CalNet authentication easy:

  • UC Berkeley CAS includes everything you need to start authenticating with CalNet. Use the latest release available for your Drupal version.
    UC Berkeley Env Conf sets the CAS and LDAP servers automatically based on the server environment. For local, development, and testing environments, your site will use the test servers. On the Pantheon live environment it will use the live servers. Use the latest release available for your Drupal version.

Please be aware that the test CAS and LDAP servers are not updated as often as the live servers.

Follow the installation instructions in the UC Berkeley CAS readme file.

Using UC Berkeley CAS

After enabling UC Berkeley CAS, you must immediately create a CalNet account for yourself and assign it the administrator role. There are two ways to do this:

Adding your account using the "Add CAS user" function while logged in as user 1

  1. Find your numeric CalNet UID - you can go to https://calnet.berkeley.edu/directory/ and log in or look yourself up
  2. On your Pantheon site, go to /admin/people/cas/create
  3. Enter the numeric UID you found in step 1 and click Create new account
  4. You will see a message indicating that an account has been created, with a link to the user page
  5. Click the link to the user page
  6. Click the Edit tab on the user page
  7. Scroll down to the Roles section
  8. Check the box for the administrator role
  9. Click Save
  10. You will now be able to log in to your local, dev, or test environment using CalNet

Adding your account using a different browser while logged in as user 1

  1. Open a different browser - not just a new window
  2. Go to the CAS login URL for your site: /cas
  3. You will be redirected to the CalNet login page
  4. Log in with your CalNet UID
  5. You will be returned to your site home page with a message that you have logged in and an account has been created
  6. Switch to the other browser, in which you are logged in as user 1
  7. Go to /admin/people
  8. You will see your CalNet account listed, with no role assigned
  9. Check the checkbox corresponding to your account
  10. In the Update options select list, select the option to add the administrator role
  11. Click Update
  12. You will now be able to log in to your local, dev, or test environment using CalNet

CalNet Authentication for your Live Site

Before you launch your site, you must register your domain with the CalNet admin team. It is not necessary to register your dev or test URLs; those have been preregistered for everyone.

For new sites, we recommend registering as soon as you have decided what your permanent domain will be. For sites moving to Pantheon, we recommend that you register just before you fill out the offsite hosting request form.

See Launch your Pantheon site for instructions.

CalNet Authentication on WordPress Sites

There are plugins available for WordPress that allow you to use CalNet authentication. See CASifying WordPress.

You will need to choose and configure a plugin that meets your needs; Web Platform Services does not provide custom CalNet integrations for WordPress.