UC Davis CAS Service
- Brian Donnelly
- Tom Poage (Unlicensed)
Central Authentication Service (CAS) at UC Davis
About CAS
CAS is:- Enterprise level single sign on for the web
- A trusted source
- A proxy authenticator
CAS was initially created by Yale University, and has since become a Jasig project codeveloped with Yale and Rutgers universities. The main CAS web site can be found at https://www.apereo.org/projects/cas.
CAS Status
Version | Base Service URL | Configuration |
|---|---|---|
5.2.2 | https://cas.ucdavis.edu/cas/ | Four-way cluster |
UC Davis CAS Service Details
The CAS service at UC Davis has the following parameters
Login URL | https://cas.ucdavis.edu/cas/login |
|---|---|
| CAS v3 validation URL | https://cas.ucdavis.edu/cas/p3/serviceValidate |
CAS v2 validation URL | https://cas.ucdavis.edu/cas/serviceValidate |
| CAS v1 validation URL | https://cas.ucdavis.edu/cas/validate |
Logout URL | https://cas.ucdavis.edu/cas/logout |
Ticket Parameter | ticket |
Service Parameter | service    (URL encoded) |
CAS Information
CAS Single Sign Out
CAS includes a number of security features that are designed to limit the damage caused by a security breach in a client application. Specifically, CAS scopes the CAS TGT cookie, which holds the Single Sign On credentials to only be delivered to the CAS server itself. CAS client applications therefore do not have access to any central credential which could be used to gain access to other CAS protected services. CAS clients instead perform a service ticket validation, which results in CAS providing and authenticated user id to the requesting client application. It is then up to the client application to set up a secure session and handle expiration and renewal of that session.
Therefore, a user's CAS single sign on session consists of a single TGT scoped to the CAS server and numerous sessions scoped to the client application servers. This presents a problem when attempting to log the user out of all services during the CAS logout process.
CAS Testing Server
Version | Base Service URL | Configuration |
|---|---|---|
| 5.2.2 | https://ssodev.ucdavis.edu/cas/ | Four-way cluster |
Casifying Web Servers and Applications
A CAS authentication module is likely available for most modern web servers and programming languages, and a number of common web-applications have CAS authentication modules available.
Support
Web Resources
- The Apereo CAS website has a wealth of documentation supporting the deployment of CAS authentication.
Contact Us
- For UC Davis-specific implementation questions please email: websso@ucdavis.edu