One-Sheet Marketing Material

Background

Jasig Central Authentication Service (CAS) is a web single sign on service designed with enterprises in mind. Originally developed at Yale University, CAS is now managed by Jasig, and its development is led by institutions such as Rutgers, Virginia Tech, as well as individuals from France and Belgium.

CAS is a full-featured open source single sign on service that has been deployed at universities, non-profits, non-government organizations, governments, small businesses, and large corporations in many countries including the United States, Canada, France, Spain, United Kingdom, Portugal, Turkey, Italy, Germany, China, India, Japan, Australia, and New Zealand.

Single sign on servers allow integrated applications to share a single sign on session, meaning users are only required to log in once, and they are logged into multiple applications without those applications ever seeing the user's password. Using a single sign on server reduces security risks and allows for easier integration with 3rd party or external services.

What is Jasig?

Jasig is a non-profit consortium of educational institutions and commercial affiliates that sponsors open source software projects for higher education. Jasig organizes conferences in support of open source software planning, design, development, and implementation. Jasig currently sponsors the uPortal and Central Authentication Service (CAS) projects, and is currently incubating potential projects like Bedework, OpenRegistry, and various portlets.
and implementation.

Roadmap

CAS is an ever-evolving project. CAS3 is a very stable and mature product, and receives regular maintenance udpates from the community. Development on the new CAS4 release has started. CAS4 is looking to include SAML2 support, federation support, a reworked architecture, a more enhanced service management tool, better clustering support, as well as an enhanced user experience with regards to logging in.

Community Support

One of the best aspects of the CAS project is the community support surrounding it. CAS currently supports two mailing lists, one for community support, and one for development questions. These can be accessed either through email or by using one of the services such as Nabble. In addition, CAS has a publicly available Issue Tracker where one can submit bug reports and feature requests.

CAS development operates under the guidance of a project steering committe comprised of developers, board members, and stakeholders.

Finally, if you require commercial support, Unicon, a Jasig Commercial Affiliate, offers its own Cooperative Support program modeled after the successful uPortal Cooperative Support program.

Supported Platforms

The Jasig Central Authentication Service is designed to run on any Java 1.5 or higher virtual machine, and in any container that supports the Servlet 2.4 or higher specification. Its been tested on the Sun Java 1.5 and 1.6 JVMs, as well as in the Tomcat, Jetty, and JBoss containers.

No service would be useful if there wasn't a large quantity of clients available to ease integration. Jasig officially supports Java, .NET, PHP, and Apache module clients. The community has contributed clients for languages ranging from Cold Fusion, Ruby, and Perl to IIS, PAM, and PL/SQL. Official CAS support is also included in SpringSource's Spring Security project as well as Jasig's uPortal project. Finally, the Java client includes modules to ease integration with Atlassian's Confluence and JIRA.

The community has also contributed their expertise in "CASifying" a wide range of applications including Joomia, OpenCms, FishEye & Crucible, Roller, Liferay, Wordpress, Zimbra, Banner and Peoplesoft.

Features

CAS supports the CAS1 and CAS2 protocols allowing for simple single sign on, as well as proxy authentication. Proxy authentication allows an application, such as a portal, to access additional resources or applications (such as grades) on your behalf without your password and a secure and controlled manner. The addition of SAML 1.1 allows for the exchange of attributes between the CAS server and CAS clients. Partial SAML2 support allows for integration with Google Apps for Education, allowing universities that have deployed CAS to take advantage of institutional GMail.

CAS can easily integrate with any organizations authentication system. Out of the box, CAS includes authentication support for LDAP (including Active Directory), databases, SPNEGO/NTLM, X.509 certificates, container, and RADIUS. It also includes an extensive plugin API to easily write your own authentication support.

For the enterprise-minded, CAS includes multiple options for deploying in a clustered environment. Deployers can choose from BerkeleyDB, JBossCache, Memcache, or a database storage system for clustering. Other important enterprise features include the ability to audit who is accessing which service, as well as gathering statistics about each server.

Finally, CAS has been designed from the ground up using current best practices to be an extensible platform with well-defined plugin APIs based on community use cases. In addition, its build using "de facto" standard libraries including Spring, Maven2, Person Directory, JSPs, and more meaning your skills carry from CAS to your applications, and vice versa.

Applications with CAS support