CAS Free SSO Solution
Multilingual Single Sign On With Delegated Authentication
Central Authentication Service is open source SSO software which provides authentication and authorization features using OpenID, OAuth, and SAML protocols
Web applications are rapidly growing and businesses tend to target several areas with intentions to provide services and tools. There is a huge number of users increasing day by day and data security and data management are becoming main concerns for the enterprise businesses. However, the open source community has provided many solutions to coup these concerns, and Single Sign On is one of them.
CAS is a free and open source SSO solution and it uses CAS a ticket-based protocol that is exclusively built to provide user authentication and authorization. The architecture of this protocol is based on client and server collaboration. CAS server authenticates users and grant access to the applications. Whereas, CAS client takes care of retrieving information of the users granted by the CAS server.
This open source software not only supports its own CAS protocol but also supports OpenID, OAuth, OpenID Connect, REST, WsFederation, and SAML protocols. CAS has a complete ecosystem for the integrations with third parties which maintains the high trust levels by using public/private key pairs.
CAS is mainly written in Java and provides comprehensive documentation regarding deployment and development. There is a strong community backing up Central Authentication Service.
- OAuth v2 Protocol
- OpenID & OpenID Connect Protocol
- Password Management
- Various Deployment Options
- Multifactor authentication
- Sign-in / Sign-out
- Many Authentication Mechanisms (e.g. JAAS, LDAP, RDBMS)
- WS-Federation Passive Requestor Protocol
- Easy to Set-Up
- Integrations With Third Parties
- Many Authorization Mechanisms (e.g. ABAC, Time/Date, REST )
- UI To Manage Logs
- UI To Manage Monitoring And Stats
- Delegated Authentication To Facebook, Twitter And More
Run the following command to clone the repo:
git clone firstname.lastname@example.org:apereo/cas.git cas-server
After successful clone, run the following command:
cd cas-server git checkout master
Now, build the codebase via the following command:
./gradlew build install --parallel -x test -x javadoc -x check
You can use
-x <task> to entirely skip/ignore a phase in the build. (i.e.
If you have no need to let Gradle resolve/update dependencies and new module versions for you, you can take advantage of the
--offline flag when you build which tends to make the build go a lot faster.
Using the Gradle daemon also is a big help. It should be enabled by default.
Enabling Gradle’s build cache via
--build-cache can also significantly improve build times.
If you are using Windows, you may find
-DskipNpmLint=true needed for the build due to line ending difference between OS
For configuring SSL, the
thekeystore file must include the SSL private/public keys that are issued for your CAS server domain. You will need to use the
keytool command of the JDK to create the keystore and the certificate. The following commands may serve as an example:
keytool -genkey -alias cas -keyalg RSA -validity 999 -keystore /etc/cas/thekeystore -ext san=dns:$REPLACE_WITH_FULL_MACHINE_NAME
/etc/hosts file (on Windows:
C:\Windows\System32\Drivers\etc\hosts), you may also need to add the following entry:
The certificate exported out of your keystore needs to also be imported into the Java platform’s global keystore:
keytool -export -file /etc/cas/config/cas.crt -keystore /etc/cas/thekeystore -alias cas sudo keytool -import -file /etc/cas/config/cas.crt -alias cas -keystore $JAVA_HOME/jre/lib/security/cacerts
JAVA_HOME is where you have the JDK installed (i.e
Execute the following commands to deploy:
cd webapp/cas-server-webapp-tomcat ../../gradlew build bootRun --parallel --offline --configure-on-demand --build-cache --stacktrace
By default CAS will be available at
Running in Docker
For Docker, Docker image is located at Docker Hub. Run the following command to pull down the Docker Image:
docker pull apereo/cas:v[A.B.C]
[A.B.C] represents the image tag that is mapped to the CAS server version.
You may find the following links relevant: