Central Authentication Service (CAS)

What is CAS

JA-SIG Central Authentication Service (CAS) is an enterprise level, open-source, single sign-on solution with a Java server component and various client libraries written in a multitude of languages including PHP, PL/SQL, Java, and more. CAS is a http-based protocol that requires each of its components to be accessed through specific URIs.

CAS is authentication, not authorization.

Single sign-on is a session/user authentication process that allows a user to provide his or her credentials once in order to access multiple applications. The single sign-on authenticates the user to access all the applications he or she has been authorized to access. It eliminates future authentication requests when the user switches applications during that particular session. Unauthenticated users are diverted to the authentication service, usually login service, and returned only after successful authentication.

CAS achieves its single sign-on feature through cookies. The cookie will be destroyed when the user logs out of CAS or when the user closes the browser. The cookie generated by CAS is called TGT Cookie (ticket granting cookie) which contains a unique ID and expiration time. 

CAS provides different authentication handlers to authenticate credentials. Developers can use their own authentication handler, too. CAS authenticates credentials of type username/password, X509 certificates, etc. To authenticate different type of credentials, different type of authentication handlers are used.