CAS for Administrators Training Course


CAS, or Central Authentication Service, is an open-source, enterprise-level, single-sign-on protocol for the web. CAS gives users access to multiple applications using a single sign-on and allows web applications to authenticate users without giving them access to user passwords. CAS has a Java server component and various client libraries written in PHP, PL/SQL, Java, and more.

In this instructor-led, live training (online or onsite), we discuss CAS’s architecture and features and practice installing and configuring a CAS server.

By the end of this training, participants will be able to:

  • Have an understanding of CAS’s implementation of SSO (Single-Sign-On Authentication).
  • Have the necessary practice to deploy and manage their own authentication server.

Format of the Course

  • Interactive lecture and discussion.
  • Lots of exercises and practice.
  • Hands-on implementation in a live-lab environment.

Course Customization Options

  • To request a customized training for this course, please contact us to arrange.


  • An understanding of security concepts (authentication, authorization etc.)
  • Familiarity with Linux and the command line


  • System administrators

Course Outline


  • The case for SOS (Single-Sign-On-Authentication)
  • CAS vs LDAP vs OpenID

An overview of the CAS Architecture

  • System components
  • CAS Server
  • CAS clients
  • Supported protocols
  • Software components
    • Spring MVC/Spring Webflow
    • Ticketing
    • Authentication

Building CAS as an Overlay Project

  • Building and deploying with Gradle, Maven and Docker
  • Using custom and third-party source
  • Managing dependencies

Configuring Authentication in CAS

  • Orchestrating authentication handlers with authentication manager
  • Choosing authentication handlers and schemes
  • Testing the default authentication scheme
  • Principal Resolution
  • Transforming the user id
  • Setting up “Remember Me” long-term authentication
  • Setting up proxy authentication
  • Multi-factor authentication (MFA)
  • Limiting failed login attempts with login throttling
  • Configuring an SSO session cookie

Attribute Resolution and Release

  • Principal-Id attribute: receiving authenticated userid
  • Attribute release policy: Releasing attributes to applications
  • Caching attributes: Caching resolved attributes
  • Encrypting attributes: Conditionally encrypting attributes


Summary and Next Steps

Leave a Reply

Your email address will not be published. Required fields are marked *