Central Authentication System
The Central Authentication System (CAS) is a single-sign-on system for the web. It permits users to access multiple applications while providing their login credentials just once. It also allows web applications to authenticate users without gaining access to a user's security credentials, such as a password. The name CAS also refers to a software package that implements this protocol.
The CAS protocol involves at least three parties: a client web browser, the web application requesting authentication, and the CAS server. It may also involve a back-end service, such as a database server, that does not have its own HTTP interface but communicates with a web application. When the client visits an application requiring authentication, the application redirects it to CAS. CAS validates the client's authenticity, usually by checking a username and password against a database.
If the authentication succeeds, CAS returns the client to the application, passing along a service ticket. The application then validates the ticket by contacting CAS over a secure connection and providing its own service identifier and the ticket. CAS then gives the application trusted information about whether a particular user has successfully authenticated.
CAS allows multi-tier authentication via proxy address. A cooperating back-end service, like a database or it-system, can participate in CAS, validating the authenticity of users via information it receives from web applications. Thus, a web portal client and a backend server can all implement CAS.
CAS also includes an admin site (CAS frontend) where admin users can configure registration forms, manage other users and the systems that are using CAS for authentication.