Saturday, 13 April 2013

Central Authentication Service(CAS)


CAS is a trusted way of authenticating a user. CAS provides an enterprise single sign-on protocol for a web.

What is a single sign-on protocol?

A single sign on protocol allows a user to enter a user name password once and gain access to multiple applications or systems.  So CAS enables a user of several applications to log in once, providing credentials and use all the applications or modules. From the application's side, this eliminates multiple prompts which are needed when user switches from one application to the other. 

A single sign on protocol operates very strictly with the applications which are being accessed by a web browser. It operates in a nice way.

Lets say there is a request to access a web resource which is using single-sign on. This request is initially being obstructed by a component in the web browser, or by the resource/application it self. So then what happens is that, the unauthenticated users are diverted to an authentication service and returned only after a successful authentication. 

Following are the advantages of using CAS

  • CAS has a centralized user login implementation and experience.
  • The application pool which uses the central authentication service does not know the password of the user so that there exist less opportunity for a password to be exposed by a weak application.
  • CAS offers features for proxy authentication as well.
  • Ability to enforce uniform enterprise authentication and authorization policies across a system is another advantage.
  • End to end user audit sessions to improve security reporting and auditing is another benefit.
  • Application developers are at ease as they are relieved from understanding and implementing identity security  in applications.


Image courtesy : https://confluence.ucdavis.edu/confluence/display/IETP/About+CAS