Central Authentication Service (CAS)
Central Authentication Service (CAS) is a Single Sign-On solution for web services. CAS allows different web services to authenticate to one authoritative source of trust, as well as permitting a user to access multiple applications while providing their credentials only once. Web applications can authenticate users without having to handle private information, such as passwords. In addition to authentication, CAS is also able to assert user information for the authenticated user in the form of LDAP attributes and values.
A CAS client is required to interface with the CAS server. There are a number of CAS clients available for a wide variety of programming languages, web servers, and middleware. For more information on configuring your CAS client, you can reference the Further CAS Assistance links below.Â
The University’s CAS implementation consists of 4 main production CAS servers in a high availability configuration. The servers have been distributed among multiple data centers to provide redundancy in the event of a disaster. The diagram below shows the server layout, as well as the basic workflow. For more detailed information on how the CAS protocol works, see The CAS Protocol for Application Owners.Â
Click on this image to view it at full size.