At the University of Saskatchewan, we use CAS to simplify how you access our services—with CAS, you only need to log in once to access all CAS-managed services. This is referred to as single sign-on. For example, if you log in to PAWS, you will be able to access services such as Blackboard or wikis without having to log in again.
Using CAS with Websites/Applications
The Apache CAS Authentication module (mod_auth_cas) is available on www, homepage and several other servers. To use CAS on these servers, you can just edit a .htaccess file on your website. For example:
AuthName "Network Services"
For more information on .htaccess files, please see Supported Programming Languages and Tools - www.
Developers can also install mod_auth_cas on their own servers.
The source code is available from: http://www.jasig.org/cas/client-integration.
Apache mod_auth_cas works well for static websites and applications that rely on the web server to handle authentication.
Applications that handle their own authentication need to be modified to work with CAS. Some applications support CAS out of the box, for others a developer would need to modify the application code and use a CAS client library. Please see http://www.jasig.org/cas/client-integration for more information.
Generally speaking, each CAS application keeps track of sessions separately, which raises the question, when people log out of your application do you also log them out of CAS? If you do, then do you leave them on the CAS logout screen or send them to another page?
With CAS, you can do either, by adding either a 'url=' or 'service='
parameter to the CAS logout call. For example:
If you use 'url=' the link you provide is displayed on the CAS logout page. If you use 'service=' people are redirected instead.
Known Issues with CAS
Mac Office 2016 following logout
- Affects Office 2016 on Mac users. After first access and logout, the CAS cookie remains in effect but not valid for it’s normal life (10 hours).
- Managed computers that are enrolled with the JAMF Casper Suite will have an application deployed that will delete these cookies on write to ensure those users do not encounter this issue.
- Unmanaged machines will have to either sign out, or delete the cookie file manually.
- Or, wait until the 10-hour window has passed, at which point the login is no longer valid and the user will be prompted to sign in again.
- Just signing out does not correct the situation.
Modifying documents across sharepoint sites
- Occurs when Mac Office 2016 users are editing documents in multiple sharepoint host sites.
- Related to “Mac Office 2016 following logout” issue.
Sharepoint mobile applications
- Introduced by Microsoft security patch w.r.t. providing “followed links / sites”
- Work around - have users work in a browser