CAS is a multiprotocol Web single sign-on (SSO) product composed of a single logical server component that services authentication requests from multiple clients that communicate via one or more supported protocols.
The CAS architecture can be described in terms of system components including the clients and server that communicate via supported protocols.
Planning a CAS deployment requires consideration of the application and platform ecosystem, security considerations, availability, and capacity planning.
- 3.1. System Integration — Enterprise deployment planning begins with careful consideration of existing software and systems to be integrated with CAS including applications, identity management and authentication services, and other supporting enterprise services.
- 3.2. Security Considerations — CAS deployment requires consideration of enterprise security concerns such as integration with IDM software, PKI, and security policy.
- 3.3. Availability and Capacity Planning — Every enterprise deployment of CAS should be vitally concerned with availability and performance obtained through careful capacity planning.
- 3.4. Deployment Scenarios — We present some popular deployment scenarios for CAS with commentary on availability and performance characteristics.
This chapter provides instructions for installing a functional CAS environment according to the simplest deployment scenario.
- 5.1. Configuration Management — The Maven WAR Overlay process is strongly recommended for maintaining all CAS server customizations.
- 5.2. Authentication — The CAS server authentication configuration is the most obvious and important aspect of deployment.
- 5.3. Security Policy — CAS provides a number of configuration points to enforce various aspects of security policy including ticket/token expiration policy, authentication throttling, and cryptographic strength of identifiers.
- 5.4. General Features — CAS exposes configuration points for a variety of features including SSO session behavior.
- 5.5. High Availability Configuration — System configuration, CAS server configuration, and client configuration should be considered together when considering high availability deployments.
- 5.6. UI Design and Branding — The CAS user interface is easily customized using standard Web technologies such as CSS and HTML templates.
- 5.7. Service Management — The service management feature supports configuration of service authorization, attribute release, and SSO behavior for services that access the CAS server.
CAS clients exist for a large number of platforms, application frameworks, and applications.
Once a functional CAS has been integrated into the enterprise, monitoring and management functions are required to ensure adequate performance and availability.
- 7.1. Logging — CAS server application logging provides essential data to support availability and performance monitoring.
- 7.2. Auditing — CAS supports a rich auditing framework that can provide queryable data to support availability and performance monitoring as well as data to support security investigations.
- 7.3. Enterprise Monitoring Integration — CAS provides several facilities that can be leveraged for integration with enterprise monitoring systems.
A general troubleshooting guide is provided as well as a FAQ with solutions to common errors/problems.
This section provides instructions for specific version upgrades.
CAS supports extensions that provide additional functionality for special needs and environments.