Central Authentication Service (CAS)

Central Authentication Service (CAS)

What is Central Authentication Service (CAS)?

From Wikipedia (Central Authentication Service):

The Central Authentication Service (CAS) is a single sign-on protocol for the web.[1] Its purpose is to permit a user to access multiple applications while providing their credentials (such as userid and password) only once. It also allows web applications to authenticate users without gaining access to a user's security credentials, such as a password. The name CAS also refers to a software package[1] that implements this protocol.

Georgia Tech implements the CAS service to allow campus members to easily log into campus websites using their GT Account Username and associated password.  However, for a website to utilize CAS, it must be set up correctly, which usually means adding a module, plugin, or library, and configuring it to work with Georgia Tech's CAS servers.

CAS Sub-Topics

kp37 Tue, 03/21/2017 - 18:09

CAS and Stand-Alone PHP Applications

CAS and Stand-Alone PHP Applications

The most common approach for adding Central Authentication Service (CAS) support to a custom stand-alone PHP application is through the phpCAS Library.  As of mid 2017, the most recent version was phpCAS 1.3.5.  Note: If you are using an earlier version you should upgrade as soon as possible to obtain the latest security patches.

The basic approach to using the library is to unpack it into a subdirectory of your application, require the library's main file, then add the appropriate calls to it before you application does anything that requires the user's identity to be known.  It is preferable to store the user's identity in a session cookie for later accesses, so that you are not authenticating the user against the CAS server on every single page access.

The phpCAS documentation has an example of a really simple phpCAS implementation.  More information on using phpCAS can be found in the documentation library.

Note:  You would not utilize phpCAS in this manner if you are wanting to add CAS authentication to most content management systems (CMSs), such as Drupal or WordPress.  Instead, you should look for a CAS module or plugin for your particular CMS, and use it.  These modules and plugins are designed to integrate CAS into the CMS's user management system to give you proper security and a good end user experience.  Not every CMS will have a CAS module, but most of the popular CMS's will.  If you can't find a CAS module for the CMS you are using, you could look at it's module/plugin API and see if you can write your own module or plugin to integrate phpCAS, but this requires a fairly advanced knowledge of PHP programming, the CMS in question, and the CAS protocol.

kp37 Tue, 03/21/2017 - 18:27