Ticket expiration policy is the primary configuration point for CAS security policy.
Although there are many other aspects of security policy that can impact overall security policy of an SSO solution, e.g. password expiration, most of those are outside the scope of CAS configuration. Password expiration is probably the most requested security policy feature of CAS on the cas-user list, and there have been some attempts to provide extension to CAS for this feature. LDAP Password Policy Enforcement is one such solution.
- Ticket Expiration Policy — CAS supports a pluggable and extensible policy framework to control the expiration policy of ticket-granting tickets (TGT) and service tickets (ST).
- Remember Me — Starting with CAS 3.2.1, CAS has support for long term Ticket Granting Tickets, a feature referred to as "Remember Me".
- Throttling Login Attempts