CAS Open source SSO Solutions

CAS Free SSO Solution

Multilingual Single Sign On With Delegated Authentication

Central Authentication Service is open source SSO software which provides authentication and authorization features using OpenID, OAuth, and SAML protocols


Web applications are rapidly growing and businesses tend to target several areas with intentions to provide services and tools. There is a huge number of users increasing day by day and data security and data management are becoming main concerns for the enterprise businesses. However, the open source community has provided many solutions to coup these concerns, and Single Sign On is one of them.

CAS is a free and open source SSO solution and it uses CAS a ticket-based protocol that is exclusively built to provide user authentication and authorization. The architecture of this protocol is based on client and server collaboration. CAS server authenticates users and grant access to the applications. Whereas, CAS client takes care of retrieving information of the users granted by the CAS server.

This open source software not only supports its own CAS protocol but also supports OpenID, OAuth, OpenID Connect, REST, WsFederation, and SAML protocols. CAS has a complete ecosystem for the integrations with third parties which maintains the high trust levels by using public/private key pairs.

CAS is mainly written in Java and provides comprehensive documentation regarding deployment and development. There is a strong community backing up Central Authentication Service.

System Requirements

  • JDK 11
  • Apache Tomcat
  • Docker (optional)


  • OAuth v2 Protocol
  • OpenID & OpenID Connect Protocol
  • Password Management
  • Various Deployment Options
  • Multifactor authentication 
  • Multilingual
  • Sign-in / Sign-out
  • Many Authentication Mechanisms (e.g. JAAS, LDAP, RDBMS)
  • WS-Federation Passive Requestor Protocol
  • Easy to Set-Up
  • Integrations With Third Parties
  • Many Authorization Mechanisms (e.g. ABAC, Time/Date, REST )
  • UI To Manage Logs
  • UI To Manage Monitoring And Stats
  • Delegated Authentication To Facebook, Twitter And More

Installation Instructions

Run the following command to clone the repo:

git clone This email address is being protected from spambots. You need JavaScript enabled to view it.:apereo/cas.git cas-server

After successful clone, run the following command:

cd cas-server
git checkout master

Now, build the codebase via the following command:

./gradlew build install --parallel -x test -x javadoc -x check

You can use -x <task> to entirely skip/ignore a phase in the build. (i.e. -x test-x check).

If you have no need to let Gradle resolve/update dependencies and new module versions for you, you can take advantage of the --offline flag when you build which tends to make the build go a lot faster.

Using the Gradle daemon also is a big help. It should be enabled by default.

Enabling Gradle’s build cache via --build-cache can also significantly improve build times.

If you are using Windows, you may find -DskipNpmLint=true needed for the build due to line ending difference between OS

For configuring SSL, the thekeystore file must include the SSL private/public keys that are issued for your CAS server domain. You will need to use the keytool command of the JDK to create the keystore and the certificate. The following commands may serve as an example:

keytool -genkey -alias cas -keyalg RSA -validity 999 -keystore /etc/cas/thekeystore -ext san=dns:$REPLACE_WITH_FULL_MACHINE_NAME

In your /etc/hosts file (on Windows: C:\Windows\System32\Drivers\etc\hosts), you may also need to add the following entry:

The certificate exported out of your keystore needs to also be imported into the Java platform’s global keystore:

keytool -export -file /etc/cas/config/cas.crt -keystore /etc/cas/thekeystore -alias cas
sudo keytool -import -file /etc/cas/config/cas.crt -alias cas -keystore $JAVA_HOME/jre/lib/security/cacerts

where JAVA_HOME is where you have the JDK installed (i.e /Library/Java/JavaVirtualMachines/jdk[version].jdk/Contents/Home).

Execute the following commands to deploy:

cd webapp/cas-server-webapp-tomcat
../../gradlew build bootRun --parallel --offline --configure-on-demand --build-cache --stacktrace

By default CAS will be available at

Running in Docker

For Docker, Docker image is located at Docker Hub. Run the following command to pull down the Docker Image:

docker pull apereo/cas:v[A.B.C]

where [A.B.C] represents the image tag that is mapped to the CAS server version.