User account | The University of Arizona Online

Central Authentication Service (CAS) is an open-source single sign-on solution that provides services to authenticate users from multiple user accounts. It was developed to overcome the limitation of having to create and manage a separate login for every application.

This is a key advantage of CAS when compared to other authentication methods such as LDAP and SQL. The main thing about this is authentication process can only happen on the CAS server which means applications that authenticate with CAS never see the user’s credentials.

Central Authentication Service is a security solution that provides a centralized mechanism for web application to authenticate their users without gaining access to the user’s security credentials. CAS essentially has 3 main parties, namely a web browser, the application requesting authentication and the Central Authentication Service server. There may be additional components such as database server which provides backend services and communicates with the web application and also other than them there is no chance of having any human being involved in this process.

Working of Central Authentication Service

Central Authentication Service is an authentication service that provides secure single sign-on and web single sign-on for the purpose of authenticating users. When a user tries to log into a web application, CAS automatically redirects them to the CAS server and checks their credentials against a database. Once the credentials are validated, another application ticket is returned to the user in order to allow them access to their requested resource.

The ticket then gets validated by CAS which in turn provides information about the user whether it is successfully authenticated or not.

Steps for CAS:

  • The web application redirects the user to the CAS server login.
  • Once the login process is completed , CAS server in turn takes the user to the web application with a security ticket.
  • Now the web application sends a request to the CAS server for validating service ticket.
  • If the service ticket is valid it is known that the user is successfully authenticated.

Using CAS Authentication in Web Applications and Websites

The CAS server has very significant role in developing web applications that require authentication. You can use the CS CAS server or OIT CAS server for developing any website that requires authentication, but developing with CS CAS is recommended due to its features and ease of use.

One can use the OIT CAS server in case there is no CS account. The most important thing in here is that one can use any of the server while building a web application or any website, because both have the same functioning and protocol with only change in URL.

CAS is an open source library which can be used by any language and platform. It provides a simple way to add authentication to your web services.

How is Central Authentication Service related to Authentication and Authorization

CAS authenticates the users but might not authorize them as authorization is specific to each application. In other words, when any user tries to go into the web application using CAS then the web application receives the Net ID of the user which means your app has the information of the user who logged in.

Applications must maintain the list using Net ID to differentiate the b/w users who can update it which means these users are authorized and the users who not can update or edit it which means these users are not authorized.


Leave a Reply

Your email address will not be published. Required fields are marked *