CAS, which stands for Central Authentication Service, is both an authentication mechanism and an enterprise single sign on server for web applications. Applications that utilize CAS all participate in the same single sign on session, meaning that once a user successfully authenticates with CAS, he or she won't be prompted again for the duration of the session. In addition, CAS allows a web application to see who authenticated, but protects the user's password from individual applications, allowing for a much more secure computing environment.

 

The Jasig Central Authentication Service was originally developed by Yale University. It has since become a Jasig project.

 

SFU has added a number of extensions to CAS (mostly authorization features such as integration with our mail list system), but we have maintained compatibility with Jasig CAS, so applications that support Jasig CAS should work at SFU without modification.

 

CAS authentication is used in one of two ways. One way is to add a small amount of custom code to your application to handle the required authentication. For a description of using CAS in this way, click here. Alternately, a runtime module (mod_auth_cas) is available for the Apache HTTP Server which allows you to protect either static web content or dynamic web applications on the entire server (or a configurable subset of the server's content), or via .htaccess files.

 

It is worth noting that although CAS privides some simple authorization services, CAS in general provides authentication to valid SFU Computing Accounts. It does provide some features to help with access control but it is up to your application to determine who is authorized (allow / disallow) to access your system.