The CAS Protocol Revision Working Group is collaborating on updating the CAS Protocol such that it:
- is consistent with current Jasig CAS 3.x server behavior (de facto standard), and adds
- attributes to CAS payload (a common customization)
The current status of the 3.0 spec draft can be found in the official GitHub repository at
The working draft is in Google Docs: https://docs.google.com/document/d/1l0o60mLfXF4bkQdwRSH4i6P-IJQki3-v-zyoOAjxDd4/edit
CAS-1284 - Validate and adopt CAS3 protocol rev Resolved
Related CAS4.0 issue: CAS-1283 - New p3 endpoints for service and proxy validation: Add attributes to the CAS validate response per update spec Resolved
The main work of covering all the current (3.x) features is completed, but needs review and discussion. The following is a brief summary of what was added:
- /login parameters "METHOD", "rememberMe",
- /logout parameter "service" with a description of its implication to the behaviour
- SLO completely added. Also with an on section 4 which briefly describes the Single Log Out feature and security implications.
- cas attributes in responses
- /proxyValidate added
- /samlValidate added (it is currently in 3.5, which this CAS Spec covers. In 4.0, this might be removed - to be discussed)
- Declare Release Candidate Status - notify cas-dev, cas-user, cas-announce?
- Community Review/Feedback - April 8th - April 20nd
- Committer/Contribute Consensus Vote April 22nd - April 26th
- Process for release (committer vote?)
- When to release?
- License - Apache2, Creative Commons
- Copyright - Apereo?