Central Authentication Service (CAS)

Numerous password prompts and different credentials required for each system have created the need for institutions to adopt a secure single sign-on authentication process. The open source JASIG Central Authentication Service (CAS) creates a secure way for users to access multiple services with a single sign-on. Unicon can help you integrate CAS with a variety of applications including uPortal, Sakai, as well as Apache, Java, PHP, and Perl clients.

What is CAS?

CAS is a mechanism for accomplishing centralized single sign-on, thereby tightening the security risk profile of a campus, increasing user convenience around authentication, increasing developer convenience around securely adding authentication to web applications across a variety of platforms, and affording opportunities for implementing institution-appropriate workflows and business rules around authentication. Although it is a Java-based central authentication server, the client can be implemented in several languages including Apache, Java, PHP, and Perl.

What is Single Sign-On?

Single sign-on allows a user to enter his or her name and password once and gain access to multiple applications or systems. Utilizing this authentication process eliminates the need for multiple prompts when the user switches from one application to the next.

Web single sign-on works strictly with applications accessed with a web browser. The request to access a web resource is intercepted either by a component in the web server, or by the application itself. Unauthenticated users are diverted to an authentication service and returned only after a successful authentication.

Why Adopt CAS?

While the most prominent appeal of CAS that is centralizes the user login implementation and experience, there are many other advantages, including these listed below.

• Participating applications do not touch the end user's password, and therefore cannot expose this password if they are compromised
• Offers features for proxy authentication
• Ability to enforce uniform enterprise authentication and authorization policies across the system
• End to end user audit sessions to improve security reporting and auditing
• Removes application developers from having to understand and implement identity security in their applications
• Usually results in significant password help desk cost savings

History of CAS

CAS 1.0 was originally developed by Yale University as an easy-to-use single sign-on for the web, and consisted of servlets and JSP pages. Later, Yale introduced its second version, CAS 2.0 that included proxy authentication and was developed for a large user community. In 2004, CAS became a JASIG project. Together with Yale and Rutgers, JASIG produced the open source CAS 3.0 with the goal of making CAS flexible and extendable to meet the varying requirements of other institutions. Today, CAS has proved itself as a trusted intermediary as universities and colleges worldwide have adopted CAS as their authentication service.

About JASIG?

The Java Architectures Special Interest Group (JASIG) is a nonprofit, independent organization of IT professionals who share an interest in the use and advancement of open source software in the administration of higher education. JASIG promotes the use of Java technologies and architectures within the higher education community and supports the development and adoption of low cost, flexible, open source solutions that adhere to best practices and open standards. JASIG provides hosting and representation for several open source projects including the Central Authentication Service (CAS) and uPortal.