Skip to end of metadata
Go to start of metadata
Table of Contents


This is the starting page for the new CAS user manual. It is a work in progress and may or may not accurately describe current production versions of CAS or CAS client software. This page and its subordinates are primarily intended for editors, reviewers, and potential contributors.

1. Introduction

CAS is a multiprotocol Web single sign-on (SSO) product composed of a single logical server component that services authentication requests from multiple clients that communicate via one or more supported protocols.

2. Architecture

The CAS architecture can be described in terms of system components including the clients and server that communicate via supported protocols.

3. Planning and Deployment Considerations

Planning a CAS deployment requires consideration of the application and platform ecosystem, security considerations, availability, and capacity planning.

  • 3.1. System IntegrationEnterprise deployment planning begins with careful consideration of existing software and systems to be integrated with CAS including applications, identity management and authentication services, and other supporting enterprise services.
  • 3.2. Security ConsiderationsCAS deployment requires consideration of enterprise security concerns such as integration with IDM software, PKI, and security policy.
  • 3.3. Availability and Capacity PlanningEvery enterprise deployment of CAS should be vitally concerned with availability and performance obtained through careful capacity planning.
  • 3.4. Deployment ScenariosWe present some popular deployment scenarios for CAS with commentary on availability and performance characteristics.

4. Installation

This chapter provides instructions for installing a functional CAS environment according to the simplest deployment scenario.

5. Customization

  • 5.1. Configuration ManagementThe Maven WAR Overlay process is strongly recommended for maintaining all CAS server customizations.
  • 5.2. AuthenticationThe CAS server authentication configuration is the most obvious and important aspect of deployment.
  • 5.3. Security PolicyCAS provides a number of configuration points to enforce various aspects of security policy including ticket/token expiration policy, authentication throttling, and cryptographic strength of identifiers.
  • 5.4. General FeaturesCAS exposes configuration points for a variety of features including SSO session behavior.
  • 5.5. High Availability ConfigurationSystem configuration, CAS server configuration, and client configuration should be considered together when considering high availability deployments.
  • 5.6. UI Design and BrandingThe CAS user interface is easily customized using standard Web technologies such as CSS and HTML templates.
  • 5.7. Service ManagementThe service management feature supports configuration of service authorization, attribute release, and SSO behavior for services that access the CAS server.

6. Client Integration

CAS clients exist for a large number of platforms, application frameworks, and applications.

7. Monitoring and Management

Once a functional CAS has been integrated into the enterprise, monitoring and management functions are required to ensure adequate performance and availability.

  • 7.1. LoggingCAS server application logging provides essential data to support availability and performance monitoring.
  • 7.2. AuditingCAS supports a rich auditing framework that can provide queryable data to support availability and performance monitoring as well as data to support security investigations.
  • 7.3. Enterprise Monitoring IntegrationCAS provides several facilities that can be leveraged for integration with enterprise monitoring systems.

8. Troubleshooting

A general troubleshooting guide is provided as well as a FAQ with solutions to common errors/problems.

9. Upgrading

This section provides instructions for specific version upgrades.

10. Extending CAS

CAS supports extensions that provide additional functionality for special needs and environments.