CMS-login

How to request a CMS user account

Ask another CMS developer to create a Drupal account with password authentication

Please see the CMS knowledge base for the most current information.

SSOi is handled by the simplesaml_php module. It connects existing accounts to the Active Directory user via their email address and user name.
Once the connection has been established by the the user logging in with their PIV card, the system will update their CMS account with username and email address changes from their Active Directory account.
Logging in via username and passwords will be turned off once the SSOi system has proven to be reliable.
Config settings are split to allow debugging data on DEV but not STAGING or PROD.
Accounts are connected in authmap by VAUID (a number that is specific to a single user.)
Email addresses are synced at each login for changes with adUPN (the user's email address) and that email is also used to connect existing accounts to initial logins with SSOi.
Usernames are synced at each login to the adUPN (the user's email address).

If the simplesaml_php module is able to authenticate the user with the authentication name provided by SSOi, it will log the user in. (See externalLoginRegister in the SimplesamlphpDrupalAuth service)
If not, the module will attempt to match the name provided with a Drupal user account name (See externalRegister in the SimplesamlphpDrupalAuth service)
If this does not succeed, It will call hook_simplesamlphp_auth_existing_user as a last-ditch attempt to match a user. We implement this hook in the va_gov_login module and attempt to match the user by email address.