CAS is the Central Authentication Service for UGent. CAS allows you to log on to secured UGent pages using your account.
If you develop web applications which require user authentication, you can make use of CAS.
CAS provides single sign on and single sign out and can return extra parameters along with the authenticated login name.
Tip: on the CAS (Centrale Authentication Service): introduction-page you find the answers to questions as "What is CAS?/ What is Central Authentication?", "How long do I remain logged on?", "How do I log out?".
How CAS works
CAS follows the same principle as webauth. Your web application directs the user to the CAS login page.
Following authentication, CAS redirects the user to the original web application, which was passed within the url as service parameter.
If the user is logged on to another web application, no login page will be presented. (= Single Sign On)
For single sign out, CAS sends a POST request to all applications the user is logged on to.
CAS can be tested following the instructions below. Please send your remarks about CAS or the webauth compatibility module to login@UGent.be.
We provide a webauth compatibility module to allow enough time for you to migrate your web applications to CAS.
You can test it in your applications, replacing "https://webauth.ugent.be/" by "https://webauthx.ugent.be/".
As a result, the user will get to see the CAS login page.
Shortly, the current webauth implementation will be suspended; "https://webauth.ugent.be/" will then refer to the compatibility module. According to plan, the compatibility module will be turned off by the beginning of july 2009. By then your web applications must be migrated to CAS.
Setting up a CAS client
Registration is required.
Enter the following:
your web application url
a short descriptionof your web application
the attributes you wish to use
CAS uses your web application url to compare the service parameter with the registered web applications. If a CAS redirect occurs in several pages of an application, you can enter the main url, followed by 2 *s (= wildcards). Be careful if you have other web applications in the same domain.
By default, the login name (uid) is returned. Following LDAP attributes are available on demand:
In this way, you can request LDAP attributes without having to resort to adressing the UGent LDAP from within your application. Based on the requirements of your applications, the above attribute list may be adapted.
Use CAS for authentication only, not for session management. You should provide session management in your application.
Make sure that the authenticated login name is stored after succesful authentication.
From now on your application uses CAS.
Remark: The attributes are stored in a HashTable, each attribute is an arraylist of Strings.
The Single Sign Out is not implemented. If you wish to use it, you will have to take care of it.
More information on Single Sign Out can be found on the cas help pages.