explaingit

apereo/cas

11,327JavaAudience · ops devopsComplexity · 4/5Setup · hard

TLDR

Apereo CAS is a Java-based single sign-on server used mainly in education: users log in once and access many apps without re-authenticating. It supports SAML, OAuth, OpenID Connect, LDAP, multi-factor auth, and high-availability clustering.

Mindmap

mindmap
  root((cas))
    What it does
      Single sign-on
      Central authentication
      Multi-app access
    Protocols
      SAML 1 and 2
      OAuth 2
      OpenID Connect
    Auth Sources
      LDAP directories
      Relational databases
      External providers
    Deployment
      WAR Overlay approach
      Docker container
      HA clustering
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

Things people build with this

USE CASE 1

Deploy a central login server so users only need to authenticate once to access all your organization's internal applications

USE CASE 2

Connect an existing LDAP or Active Directory as the user source and configure service registration for apps that need SSO

USE CASE 3

Add multi-factor authentication (Duo Security, YubiKey, Google Authenticator) to your organization's login flow

USE CASE 4

Run CAS across multiple servers in a high-availability cluster using Redis or MongoDB to eliminate a single point of failure

Tech stack

JavaDockerRedisMongoDBLDAP

Getting it running

Difficulty · hard Time to first run · 1day+

Deployment via WAR Overlay requires Java and Maven or Gradle knowledge, high-availability setup adds Redis or MongoDB as clustering backends.

In plain English

Apereo CAS is a single sign-on server for organizations that want their users to log in once and then access many different applications without being asked to log in again. "Single sign-on" means that a user authenticates in one place, and that credential is trusted across connected services. CAS is the server that sits in the middle and handles that trust. The project is written in Java and maintained by Apereo, a nonprofit that supports open-source software used in education. It is free to use and has been in active development for many years, with the current stable release line at version 7.3. CAS supports a wide range of authentication standards. On the protocol side it covers the CAS protocol (versions 1, 2, and 3), SAML (versions 1 and 2), OAuth 2, OpenID Connect, and WS-Federation. On the identity source side it can verify users against LDAP directories, relational databases, certificate-based systems, RADIUS servers, MongoDB, Apache Cassandra, and several others. It can also hand off login to external identity providers such as Google, social login systems, or other SAML and OpenID Connect providers. Multi-factor authentication is built in, with support for Duo Security, YubiKey, Google Authenticator, and WebAuthn (the standard behind passkeys). High-availability deployments are supported through several clustering options including Redis, MongoDB, Hazelcast, and DynamoDB, so organizations can run CAS across multiple servers without a single point of failure. There is an admin interface for monitoring and configuration, and integrations exist for notification services like Twilio and Amazon SES for sending one-time codes by SMS or email. The recommended way to deploy it is through a "WAR Overlay" approach, which lets you customize and extend the server without forking the main codebase. Docker container packaging is also supported. Commercial support is available through third parties listed in the project documentation.

Copy-paste prompts

Prompt 1
I'm deploying Apereo CAS using the WAR Overlay approach for single sign-on. Walk me through the initial setup: what files I need, how to configure LDAP as the user source, and how to register a test service application.
Prompt 2
I want to add Duo Security multi-factor authentication to our Apereo CAS deployment. What configuration properties do I need and which CAS modules do I include in the WAR Overlay?
Prompt 3
Our CAS deployment needs to support OpenID Connect so our web apps can use it as an identity provider. Show me the key configuration properties to enable OIDC and register a client application.
Prompt 4
I want to run Apereo CAS in a Docker container for local development and testing. Give me the Docker run command and the minimum configuration to get a working CAS login page.
Open on GitHub → Explain another repo

← apereo on gitmyhub — every repo by this author, as a profile.

Verify against the repo before relying on details.