CAS (Central Authentication Service) Home

CAS was developed by Yale University to provide a Web based (Browsers, HTTP, HTML) Single Sign-On service with a protocol modeled on Kerberos. With CAS, users with a Web browser can login once and use a variety of applications. Each application trusts CAS to authenticate the user and present an identity string (the Netid at Yale). The user has the same Netid to all applications, but only CAS sees and processes the password. Alternatives to CAS include Windows AD login (for machines and servers that are all part of the Yale Windows domain) and SAML authentication (Shibboleth and ADFS) when the user is at Yale but the application is in another campus or company.

Originally CAS was written at Yale as a simple Java Servlet.

In 2010 Yale adopted the JASIG version of the CAS server codebase (Release 3.4.2) to use the open source community sponsored version of CAS. Because Unix production services had standardized on JBoss 5 and CAS was distributed to run on Tomcat, Yale put a lot of work into making CAS run in the JBoss server without library conflicts. This produced a unique non-standard configuration and build process.

In 2015 Yale upgraded CAS to Release 3.5.3 running on JBoss EAP 6.1. This version of JBoss has completely redesigned class loading in a system of modules so JBoss and applications can use different versions of the same library dependency. The JBoss Cache did not work well for us, so we will use Ehcache instead, although the "Cushy" group of modules was created for possible future use. All JBoss specific customization is discarded and we have returned to the standard JASIG build process.

Because Yale no longer prefers JBoss, there is a project to migrate the current CAS release to new VMs running Tomcat and the latest versions of RHEL and Java.

• CAS Technology Information
• CAS Development Conventions at Yale
• Yale CAS Customizations
• DR CAS and Shibboleth