Central Authentication Service

CAS is a Web single sign-on (SSO) system orginally created by Yale University. CAS uses a simple yet robust authentication protocol, the CAS protocol, which is conceptually similar to Kerberos. CAS has been widely deployed in recent years and is now developed and distributed by JA-SIG. Virginia Tech implemented CAS in August 2005.

• Service registration not required for services in vt.edu DNS namespace
• Added support for PDC/eToken authentication
• Removed VT single sign-out extensions
• Implemented SAML-based attribute release (attribute release details)
• Implemented SAML-based single sign-out
• Implemented JPATicketRegistry for Oracle-backed ticket storage
• Active-active load balanced configuration
• Migrate servlet container from JBoss 4.0.4 to Tomcat 6

• Services MUST be secured by SSL/TLS
• Services MUST be accessed by URLs containing a DNS name when requesting or validating CAS service tickets (e.g. https://198.82.10.10/ would not be allowed to authenticate to CAS)
• All services in the vt.edu DNS namespace may use CAS without registration
• Third party services (outside vt.edu DNS namespace) MUST register to use CAS
• All services may be subject to a security review by the security office

Once your have ensured your service meets the policy and technical requirements for CAS integration, you must integrate your application using an available CAS client. The Middleware group maintains detailed CAS client integration instructions for a number of common software platforms. In any case the CAS integration process is straightforward and well documented; for a knowledgeable application developer or systems integrator integration takes no more than a couple days.