Skip over navigation

Central Authentication Service (CAS)


The OIT Central Authentication Service (CAS) is a centrally managed authentication service that can be used by Web applications in lieu of developing their own login mechanism.  Rather than having an application create a login page of its own, a CAS-enabled Web application would redirect each user attempting to access it to CAS, which would authenticate the user on behalf of the Web application and, upon successful login, would send the user back to the Web application indicating what netID successfully logged in.

The benefits of using CAS for your Web application

  • CAS provides a consistent, secure, authoritative means of authentication for web applications,

  • CAS is robust – in production at dozens of universities and commercial organizations and maintained by an active user community.

  • Developers no longer need to develop their own authentication mechanism.

  • A user can login once for any application that uses the same CAS service.

  • Individual sites no longer collect passwords. This is especially important for Web applications hosted by external third parties.

Note - It is our policy that new Web applications hosted by external third parties must use CAS.  Additionally, we strongly encourage the use of CAS for all new custom applications, whether hosted at the University or externally, and the incorporation of CAS into existing Web applications as they are modified in the future.

Information for Web developers and implementers

CAS currently uses the Princeton domain netID and password, often referred to as your Active Directory, Windows, or Exchange account, not the Sun LDAP directory most commonly referred to as just LDAP.  While most people have their passwords synchronized between these two directories, some elect to maintain separate "Windows" and "LDAP" passwords, so your users will need to be aware of the distinction.

CAS only provides authentication services.  It does not provide any authorization services, e.g., permitting access to services based upon specific directory attributes.

The OIT CAS SharePoint site provides documentation about implementation and design specifications.

  • Princeton University specific information regarding CAS implementation can be found at:

                https://sp.princeton.edu/oit/sdp/cas

  • A CAS PowerPoint presentation can be found at:

                https://sp.princeton.edu/oit/sdp/CAS/Tools/CAS-WDA.ppt