What is CAS (Central Authentication Service)?
Sign in once, sign in all.
CAS is a single sign-on solution (SSO) for the web. With CAS you can access multiple SFU web applications without having to re-enter your Computing ID and password each time. CAS also protects your password information from application developers, as it allows web applications to authenticate you without gaining access to your password.
Which SFU applications use CAS?
CAS-enabled SFU applications have a consistent login screen.
More than 500 SFU web applications hosted on campus and in the cloud use CAS. However, this doesn’t include every single web application at SFU. You can tell if an application uses CAS by the look of the login screen. Here are some examples:
- SFU Mail
- AEM (author.sfu.ca)
Non-CAS sign in
- SFU Vault
- The single sign-on doesn’t work across browsers. Open multiple CAS-enabled SFU applications in the same browser to avoid the chore of re-entering your login credentials.
- Sign out of a CAS-enabled application doesn’t immediately sign you out of all opened CAS-enabled applications. Please lock or sign out of your device, if you are momentarily stepping away or have finished your work.
- Not all SFU applications use CAS. Therefore, you will need to enter your SFU credentials to sign in non-CAS applications, even if you have signed in CAS-enabled applications in the same browser.
Best practices for single sign-on (SSO) and single log-out (SLO)
- CAS SSO is recommended for web applications that require authentication services, for both on premise and cloud applications.
- SLO is recommended once a user requests a logout from a CAS protected web application. This will simultaneously log the user out of the application and invalidate the CAS token.
Have a question or request?
Fill out the CAS Service Application Form, if you have questions or want to request CAS implementation for your applications.