...
This is simplified in the case where the uPortal and CAS applications are both being hosted on the same machine, since a self-signed localhost certificate will be sufficient. In the more general case where uPortal and CAS are hosted on separate machines, each machine will need a server certificate that the other machine trusts. All clients of the CAS server will need to trust the CAS server certificate – for this reason CAS servers often use commercial certificates purchased from http://www.verisign.com, http://www.thawte.com Verisign, Thawte, etc.
uPortal can be configured to use any of several security contexts. To use CAS for uPortal authentication, the YaleCasContext security context must be the selected context. uPortal security contexts are configured to receive one or more "principals" and "credentials" read from the Login servlet request. In particular, CAS receives the request parameter "ticket" as its credential. It validates this ticket against the CAS server configured in the portal.properties file.
...