Getting Started with CPUT’s CAS

The CPUT Web Office has implemented an open source project, Central Authentication Service (CAS), to enable single-sign-on (SSO) for web based applications. We have branded this as a “Universal Login” service for CPUT web-users.

Information required to setup CAS for you site

If you are a web developer or systems administrator interested in setting up CAS for your web-based applications here are some basic pieces of information that you will need to configure your site:

CAS Server: enter.cput.ac.za
CAS port: 443
CAS URI: https://enter.cput.ac.za/cas
Logout Destination: https://enter.cput.ac.za/cas/logout

The following information may also be useful:

CAS homepage and documenation: http://www.jasig.org/cas

CASLoginURL https://enter.cput.ac.za/cas/login
CASValidateURL https://enter.cput.ac.za/cas/serviceValidate
CASProxyValidateURL https://enter.cput.ac.za/cas/proxyValidate

JASIG CAS Client Implementation

While we are not able to provide development assistance with enabling CAS for customer websites, the process is well documented and many web administrators have succeeded in enabling CAS on their own. Here are some helpful pointers:

JASIG CAS Client implementation info: https://wiki.jasig.org/display/CASC/Home

SSL Verification: The SSL certificate offered by¬†https://enter.cput.ac.za/cas/ is signed by GoDaddy and provides the full certificate chain back to the issuing CA’s root certificate. For the security of our users and your application we advise you take the appropriate steps within your framework to verify the authenticity of the presented certificate.

CAS Logout: We consider it a best practice to perform logout by destroying your applications cookies and then destroying the user’s CAS session by forwarding them to the CAS logout page at https://enter.cput.ac.za/cas/logout. This prevents accidental re-authentication in your application with the remaining enter.cput.ac.za session cookies.

SAML: For clients unable to implement CAS or already implementing SAML we also support SAML 1.1 in our CAS server, for details on CAS specific details of requesting and validating SAML artifacts please see: https://wiki.jasig.org/display/CASUM/SAML+1.1

REST Authentication: For RESTful interactions, we have implemented the REST API as documented here: https://wiki.jasig.org/display/casum/restful+api

How CAS works

How CAS works

As a developer at CPUT, here’s why you should use CAS instead of direct connection to Active Directory

CAS is central, already configured, trusted and monitored to ensure continuous uptime, updates and security.

Comments are closed.