What is CAS?
CAS, or the Central Authentication Service, is an open source enterprise single sign-on solution with a wide range of clients and supported protocols. A JASIG project, CAS started at Yale University to address the needs of the Higher Education community, but has since expanded to be the single sign-on solution for over 1,000 organizations as diverse as U.C. Berkeley, H-E-B Grocery Company, and Sony Online. Recently, CAS has added support for OpenID and SAML 1.1, and is currently working on support for Information Cards and SAML 2.
* An open and well-documented protocol * Support for other open protocols such as OpenID and SAML * An open-source Java server component * A library of clients for Java, .Net, PHP, Perl, Apache, uPortal, and others * Integration with uPortal, BlueSocket, TikiWiki, Mule, Liferay, Moodle and others * Community documentation and implementation support * An extensive community of adopters
How is it used?
A service provider that wants to provide controlled access to a web resource installs one of the many CAS client adaptors, available both for programming languages such as Java/Acegi, C#/.Net, and Ruby, webservers such as Apache and IIS, and applications such as uPortal, Wordpress and Zimbra. The service provider then redirects all authentication requests to a central authentication server, and is sent back a ticket when a user successfully authenticates.
The central authentication server supports a wide range of authenticators, including username/password, Kerberos, and X.509 certificates. These authenticators are validated against a wide range of back-end authentication solutions, from a local database to remote back-ends such as Active Directory or Radius. On a successful authentication, the server redirects the user back to the protected resource with a valid ticket, which the resource then validates against the authentication server.
Originally, CAS was implemented using its own CAS protocol, but has recently added support for OpenID, SAML 1.1, and limited support for SAML 2.0 (Google Account integration). Designed to be used in conjunction with a portal, CAS also implements sophisticated proxy authentication support.
What is the vision of the CAS community?
The CAS and JASIG communities focus on developing shipping software that works. Our design goal is first and foremost that CAS will be Supple, Extensible and Elegant. It will be a joy to install, configure and run.
While CAS was originally built to meet the internal authentication needs of the higher education community, its flexibility and ease of deployment has led to a wide range of deployments in many diverse sectors. The original development centered on an open, but proprietary protocol, with current and future development based on open standards such as SAML, OpenID, and InfoCard. More recently, CAS has recognized the need for authentication to extend beyond the traditional enterprise boundary, and is adding support for federated and user-centric identity.
What is its status?
CAS was originally developed at Yale University in 1999. Version 1 provided single sign-on across multiple web applications, allowed trusted and untrusted services to authenticate users without having access to their passwords, simplified procedures that applications need to follow in order to perform authentication, and localized authentication to a single web application, making it easier for users to safeguard their passwords and allowing for flexibility in authenticators and authentication back ends. Version 2 added support for proxy authentication.
CAS became a JASIG project in 2004, and version 3, a complete re-write that allowed for easier local customization, was released in 2005. Version 3.1, released in August 2007, added support for SAML 1.1 and OpenID.
How to learn more
Who is involved?
CAS has a wide range of developers and an active supporting community, both from the higher-ed sector and a diverse range of other businesses and organizations.
How to participate
Join the CAS Community Discussion, CAS Developers Discussion, or CAS Announcements mailing lists. See http://www.ja-sig.org/products/cas/community/lists/index.html for more info.