Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Central Authentication Service
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
{{Short description|Single sign-on protocol}} {{More citations needed|date=March 2023}} <span lang="es-419">The</span> '''Central Authentication Service''' ('''CAS''') is a [[single sign-on]] protocol for the [[World Wide Web|web]].<ref name=casSpec>{{cite web|title=JASIG CAS Protocol Page|url=https://apereo.github.io/cas/5.1.x/protocol/CAS-Protocol.html|publisher=Apereo/JASIG|accessdate=24 June 2016}}</ref> Its purpose is to permit a user to access multiple applications while providing their credentials (such as user ID and password) only once. It also allows web applications to authenticate users without gaining access to a user's security credentials, such as a password. The name ''CAS'' also refers to a [[software suite|software package]] that implements this protocol. ==Description== The CAS protocol involves at least three parties: a ''client'' web browser, the web ''application'' requesting authentication, and the ''CAS server''. It may also involve a ''back-end service'', such as a database server, that does not have its own HTTP interface but communicates with a web application. When the client visits an application requiring authentication, the application redirects it to CAS. CAS validates the client's authenticity, usually by checking a username and password against a database (such as [[Kerberos (protocol)|Kerberos]], [[LDAP]] or [[Active Directory]]). If the authentication succeeds, CAS returns the client to the application, passing along a [[Ticket (IT security)|service ticket]]. The application then validates the ticket by contacting CAS over a secure connection and providing its own service identifier and the ticket. CAS then gives the application trusted information about whether a particular user has successfully authenticated. CAS allows multi-tier authentication via [[Proxy server|proxy address]]. A cooperating ''back-end'' service, like a database or mail server, can participate in CAS, validating the authenticity of users via information it receives from web applications. Thus, a webmail client and a webmail server can all implement CAS. ==History== CAS was conceived and developed by [[Shawn Bayern]] of [[Yale University]] [https://web.archive.org/web/20081014012455/http://tp.its.yale.edu/ Technology and Planning]. It was later maintained by Drew Mazurek at Yale. CAS 1.0 implemented single-sign-on. CAS 2.0 introduced multi-tier proxy authentication. Several other CAS distributions have been developed with new features. In December 2004, CAS became a project of the [[Jasig|Java in Administration Special Interest Group (JASIG)]], which is as of 2008 responsible for its maintenance and development. Formerly called "Yale CAS", CAS is now also known as "Jasig CAS". In 2010, Jasig entered into talks with the Sakai Foundation to merge the two organizations. The two organizations were consolidated as Apereo Foundation in December 2012. In December 2006, the [[Andrew W. Mellon Foundation]] awarded Yale its First Annual Mellon Award for Technology Collaboration, in the amount of $50,000, for Yale's development of CAS.<ref>{{cite book|url=http://rit.mellon.org/awards/matcpressrelease.pdf|title=Mellon Award for Technology Collaboration press release}}</ref> At the time of that award CAS was in use at "hundreds of university campuses (among other beneficiaries)". In April 2013, CAS Protocol specification 3.0 was released.<ref name=casSpec3.0>{{cite web|title=CAS Protocol Specification 3.0|url=https://apereo.github.io/cas/6.2.x/protocol/CAS-Protocol-Specification.html|accessdate=6 November 2020}}</ref> ==Implementations== {{how-to|section|date=March 2023}} ===Apereo CAS Implementation=== The Apereo CAS server that is the reference implementation of the CAS protocol today supports the following features: * CAS v1, v2 and v3 Protocol * [[Security Assertion Markup Language|SAML]] v1 and v2 Protocol * [[OAuth]] Protocol * OpenID & OpenID Connect Protocol * WS-Federation Passive Requestor Protocol * Authentication via [[Java Authentication and Authorization Service|JAAS]], [[Lightweight Directory Access Protocol|LDAP]], RDBMS, [[X.509]], Radius, [[SPNEGO]], [[JSON Web Token|JWT]], Remote, Trusted, BASIC, [[Apache Shiro]], [[MongoDB]], Pac4J and more. * Delegated authentication to WS-FED, Facebook, Twitter, SAML IdP, [[OpenID]], [[OpenID Connect]], CAS and more. * Authorization via ABAC, Time/Date, REST, Internet2's Grouper and more. * HA clustered deployments via [[Hazelcast]], [[Ehcache]], JPA, [[Memcached]], [[Apache Ignite]], MongoDB, [[Redis]], Couchbase and more. * Application registration backed by [[JSON]], LDAP, [[YAML]], JPA, Couchbase, MongoDB and more. * Multifactor authentication via Duo Security, SAASPASS, [[YubiKey]], RSA, [[Google Authenticator]] ([[Time-based One-time Password algorithm|TOTP]]) and more. * Administrative UIs to manage logging, monitoring, statistics, configuration, client registration and more. * Global and per-application user interface theme and branding. * Password management and password policy enforcement. ===Django Implementation=== ====Django CAS Server==== * django-mama-cas:<ref name=django-mama-cas>{{cite web|title=django-mama-cas|website=[[GitHub]]|date=16 February 2022|url=https://github.com/jbittel/django-mama-cas}}</ref> A Django Central Authentication Service (CAS) single sign-on server ====Django CAS Client==== * django-cas-ng:<ref name=django-cas-ng>{{cite web|title=django-cas-ng|url=https://djangocas.dev}}</ref> Django CAS 1.0/2.0/3.0 client authentication library, support Django 2.0, 2.1, 2.2, 3.0 and Python 3.5+ ==See also== *[[CoSign single sign on]] *[[JOSSO]] *[[List of single sign-on implementations]] *[[OpenAM]] *[[OpenID]] *[[Security Assertion Markup Language|SAML]] *[[SAML-based products and services]] *[[Shibboleth (software)]] ==References== <references /> ==External links== *[http://webauth.stanford.edu/ Stanford WebAuth] {{Webarchive|url=https://web.archive.org/web/20100711220438/http://webauth.stanford.edu/ |date=2010-07-11 }} *[http://www1.umn.edu/is/cookieauth/aboutcah.html University of Minnesota CookieAuth] *[https://github.com/apereo/cas Apereo CAS Project] *[https://github.com/jbittel/django-mama-cas django-mama-cas] *[https://djangocas.dev django-cas-ng] {{Authentication APIs}} [[Category:Java platform software]] [[Category:Free security software]] [[Category:Computer access control protocols]] [[Category:Access control software]]
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)
Pages transcluded onto the current version of this page
(
help
)
:
Template:Authentication APIs
(
edit
)
Template:Cite book
(
edit
)
Template:Cite web
(
edit
)
Template:How-to
(
edit
)
Template:More citations needed
(
edit
)
Template:Short description
(
edit
)
Template:Webarchive
(
edit
)