Columbia University has been using CAS since April 2012. Before that, a locally implemented system named Wind was used. Wind was deployed in 2004, and was based on CAS protocols.
Info about CAS at Columbia is at https://cuit.columbia.edu/cas-authentication
Some quick facts:
- CAS is integrated with Kerberos and an OpenLDAP directory.
- Deployed customizations to CAS include: password expiration, the legacy "WIND" responses, and DUO multi-factor authentication. With DUO we support MFA required and "optional" services.
- We require service registration, aka "whitelisting".
- CAS is used as the authentication method for Shibboleth.