Security Policy

Owned by Marvin Addison
Last updated: Jun 07, 2016 by Misagh Moayyed
1 min read

New CAS documentation site

CAS documentation has moved over to apereo.github.io/cas, starting with CAS version 4.x. The wiki will no longer be maintained. For the most recent version of the documentation, please refer to the aforementioned link.

Ticket expiration policy is the primary configuration point for CAS security policy.

Although there are many other aspects of security policy that can impact overall security policy of an SSO solution, e.g. password expiration, most of those are outside the scope of CAS configuration. Password expiration is probably the most requested security policy feature of CAS on the cas-user list, and there have been some attempts to provide extension to CAS for this feature. LDAP Password Policy Enforcement (LPPE) is one such solution.

  • Ticket Expiration PolicyCAS supports a pluggable and extensible policy framework to control the expiration policy of ticket-granting tickets (TGT) and service tickets (ST).
  • Remember MeStarting with CAS 3.2.1, CAS has support for long term Ticket Granting Tickets, a feature referred to as "Remember Me".
  • Throttling Login Attempts