 | This articleneeds additional citations forverification. Please helpimprove this article byadding citations to reliable sources. Unsourced material may be challenged and removed. Find sources: "Central Authentication Service" – news ·newspapers ·books ·scholar ·JSTOR(March 2023) (Learn how and when to remove this message) |
TheCentral Authentication Service (CAS) is asingle sign-on protocol for theweb.[1] Its purpose is to permit a user to access multiple applications while providing their credentials (such as user ID and password) only once. It also allows web applications to authenticate users without gaining access to a user's security credentials, such as a password. The nameCAS also refers to asoftware package that implements this protocol.
The CAS protocol involves at least three parties: aclient web browser, the webapplication requesting authentication, and theCAS server. It may also involve aback-end service, such as a database server, that does not have its own HTTP interface but communicates with a web application.
When the client visits an application requiring authentication, the application redirects it to CAS. CAS validates the client's authenticity, usually by checking a username and password against a database (such asKerberos,LDAP orActive Directory).
If the authentication succeeds, CAS returns the client to the application, passing along aservice ticket. The application then validates the ticket by contacting CAS over a secure connection and providing its own service identifier and the ticket. CAS then gives the application trusted information about whether a particular user has successfully authenticated.
CAS allows multi-tier authentication viaproxy address. A cooperatingback-end service, like a database or mail server, can participate in CAS, validating the authenticity of users via information it receives from web applications. Thus, a webmail client and a webmail server can all implement CAS.
CAS was conceived and developed byShawn Bayern ofYale UniversityTechnology and Planning. It was later maintained by Drew Mazurek at Yale. CAS 1.0 implemented single-sign-on. CAS 2.0 introduced multi-tier proxy authentication. Several other CAS distributions have been developed with new features.
In December 2004, CAS became a project of theJava in Administration Special Interest Group (JASIG), which is as of 2008 responsible for its maintenance and development. Formerly called "Yale CAS", CAS is now also known as "Jasig CAS". In 2010, Jasig entered into talks with the Sakai Foundation to merge the two organizations. The two organizations were consolidated as Apereo Foundation in December 2012.
In December 2006, theAndrew W. Mellon Foundation awarded Yale its First Annual Mellon Award for Technology Collaboration, in the amount of $50,000, for Yale's development of CAS.[2] At the time of that award CAS was in use at "hundreds of university campuses (among other beneficiaries)".
In April 2013, CAS Protocol specification 3.0 was released.[3]
 | This sectioncontainsinstructions or advice. Wikipedia is not a guidebook; please helprewrite such content to be encyclopedic or move it toWikiversity,Wikibooks, orWikivoyage.(March 2023) |
The Apereo CAS server that is the reference implementation of the CAS protocol today supports the following features:
