CAS Central Authentication Service


Overview

JA-SIG Central Authentication Service is an enterprise level, open-source, single sign on solution with a Java server component and various client libraries written in a multitude of languages including PHP, PL/SQL, Java, and more. CAS is http based protocol that requires each of its components to be accessed through specific URIs. CAS was originally developed by Yale University for Single Sign on.

Note: CAS is authentication, not authorization.

Single sign on is a session/user authentication process that allows a user to provide his or her credentials once in order to access multiple applications. The single sign on authenticates the user to access all the applications he or she has been authorized to access. It eliminates future authentication requests when the user switches applications during that particular session. Unauthenticated users are diverted to the authentication service usually login service and returned only after successful authentication.

CAS achieves single sign on feature through cookies. The cookie will be destroyed when the user logs out of CAS or when he closes the browser. The cookie generated by CAS is called TGT Cookie (Ticket granting cookie) which contains an unique id, expiration time. The expiration time generally is 8hrs.


CAS provides different authentication handlers to authenticate credentials. Developer can use his own authentication handler too. CAS authenticates credentials of type username/password, X509 certificates, etc. To authenticate different type of credentials, different type of authentication handlers are used.

CAS also provides "Remember Me" feature. Developer can configure this feature in the different configuration files and when user clicks on "Remember Me" check box on the login form, his credentials are remembered for the configured period of time (default is 3 months) and he will be redirected to respective service url without displaying login form even when he opens a new browser window.

Next page>>


blog comments powered by Disqus