Sunday, May 3, 2009

CAS: Central Authentication Service

Last school year my boss came back from the COSN conference and was quite excited about the single sign-on systems he had seen demonstrated there, specifically, CAS (Central Authentication Service) and Shibboleth. After spending quite a bit of time researching these two technologies which were completely new to me, I determined that in our infrastructure currently we didn't have the need for Shibboleth, which is more of a federated authentication architecture between organizations. Shibboleth seems to me to be a lot like what OpenID is trying to accomplish throughout the open source community, and at the time, it just didn't seem like something we needed.

CAS on the other hand was something that was going to be needed badly throughout our organization in the very near future. What CAS does is split apart the authentication layer from the actual data source and provides a web-based single sign-on architecture throughout your organization. CAS allows you to use any LDAP or even database backend as the authentication authority. For us, we needed to use Active Directory, as that is where all of our usernames and password currently reside, luckily, this works just fine with CAS as well.

As part of everything that I am doing in my current position, I have fully documented the steps necessary to get this setup from the ground up. I need to double check the document a little bit better to make sure it is fit for public consumption, but when I do, I will post it here as a step by step document for people looking to set this up in their organization.

Just as a further side note on what can be setup to authenticate with CAS, we are currently authenticating our Google Apps setup (more on this in another post), Moodle, Wordpress, and an application custom built for us by contractors. There are also instructions on their website for authenticating many other systems such as Outlook Web Access, Joomla, PeopleSoft, and many others.


Unknown said...

Great! I am writing a webapp and am looking for some step by step process to implement CAS. We have CAS servers. This is my first time dealing with CAS. How does my app know that it has to have the user authenticated before someone can submit forms?

Kris Hagel said...

I am unsure what exactly needs to be done programatically to get your application to use CAS for authentication. Look into the libraries available for each language. I know developers who have done it, and they say it is a fairly simple tasks.