Not a developer? Go to

Plugin and Theme Directory

Central Authentication Service v1.2

By Byrne Reese
Posted April 16, 2013, in Developer.



You need to specify the following three configuration directives in your mt-config.cgi.


Must be set to 1


Must be “CAS”


The URL where CAS is located. Do not include the “/login” part. For example, it should be like http://localhost:8080/cas for the default installation of CAS server.


The URL where a user can logout from CAS. Do include the “/logout” part. For example, it should be like http://localhost:8080/cas/logout for the default installation of CAS server.

SingleCommunity 1

This last setting is needed to SSO login across multiple blogs

Additionally, if your network does not allow outbound HTTP request from inside Movable Type application, you will be required to add the MT_CAS_ValidationURL configuration directive.


The URL of the server which offers validation service (usually the same server you specify to AuthLoginURL). Do not include “/serviceValidate” part. For example it should read like http://localhost:8080 (no trailing slash). Default value is undefined. If not specified, AuthLoginURL will be used to validate session ticket.



ObjectDriver DBI::mysql
Database mt
DBUser user
DBPassword password

AuthenticationModule CAS
AuthLoginURL http://localhost:8080/cas
AuthLogoutURL http://localhost:8080/cas/logout
MT_CAS_ValidationURL http://server_name_inside_firewall:8080

# Or if you use SSL
#AuthLoginURL https://localhost:8443/cas
#AuthLogoutURL https://localhost:8443/cas/logout
#MT_CAS_ValidationURL https://server_name_inside_firewall:8443

Editing JavaScript Template

The consumer side of the login process works as below. In order for the browser to navigate to the correct address, users may need to edit JavaScript (or GlobalJavaScript, depending on what template sets they use) template to specify the login URL of MT used in second step.

  • User clicks “Sign In” link on the blog entry to comment.
  • MT accepts the request first, and redirect to CAS login URL.
  • User logs in to CAS.
  • CAS redirects back to the original blog entry.

If you use the plugin with Community Blog or Community Forum template set, or to be more precise, if you use the plugin with GlobalJavascript global template, You have to modify the template in a line.

Find mtSignIn function, and modify the line below:

var url = '<$mt:CGIPath$><$mt:CommunityScript>?__mode=login&blog_id=<$mt:BlogID$>';

… to below:

var url = '<$mt:CGIPath$><$mt:CommunityScript>?__mode=cas_login&blog_id=<$mt:BlogID$>';

… so it will request __mode=cas_login instead of __mode=login.

If you use the plugin with either Classic Blog or Professional Website template set, you don’t have to modify JavaScript template.




Byrne Reese

Byrne Reese was previously the Product Manager of Movable Type at Six Apart, where he had also held positions as the Manager of Platform Technology and Product Manager for TypePad. Byrne is a huge supporter of the Movable Type user and developer community. He dedicates much of his time to promoting and educating people about Movable Type as well as building the tools and plugins for Movable Type that are showcased on Majordojo. He contributes regularly to open source; and he is an advocate for open protocols and standards like Atom and OpenID.