The CPUT Web Office has implemented an open source project, Central Authentication Service (CAS), to enable single-sign-on (SSO) for web based applications. We have branded this as a “Universal Login” service for CPUT web-users.
Information required to setup CAS for you site
If you are a web developer or systems administrator interested in setting up CAS for your web-based applications here are some basic pieces of information that you will need to configure your site:
The following information may also be useful:
CAS homepage and documenation: http://www.jasig.org/cas
JASIG CAS Client Implementation
While we are not able to provide development assistance with enabling CAS for customer websites, the process is well documented and many web administrators have succeeded in enabling CAS on their own. Here are some helpful pointers:
JASIG CAS Client implementation info: https://wiki.jasig.org/display/CASC/Home
SSL Verification: The SSL certificate offered by https://enter.cput.ac.za/cas/ is signed by GoDaddy and provides the full certificate chain back to the issuing CA’s root certificate. For the security of our users and your application we advise you take the appropriate steps within your framework to verify the authenticity of the presented certificate.
CAS Logout: We consider it a best practice to perform logout by destroying your applications cookies and then destroying the user’s CAS session by forwarding them to the CAS logout page at https://enter.cput.ac.za/cas/logout. This prevents accidental re-authentication in your application with the remaining enter.cput.ac.za session cookies.
SAML: For clients unable to implement CAS or already implementing SAML we also support SAML 1.1 in our CAS server, for details on CAS specific details of requesting and validating SAML artifacts please see: https://wiki.jasig.org/display/CASUM/SAML+1.1
REST Authentication: For RESTful interactions, we have implemented the REST API as documented here: https://wiki.jasig.org/display/casum/restful+api
As a developer at CPUT, here’s why you should use CAS instead of direct connection to Active Directory
CAS is central, already configured, trusted and monitored to ensure continuous uptime, updates and security.