Purdue CAS Information
Summer 2011 CAS Server Upgrade
On May 11 2011, the Identity and Access Management Office will upgrade the Central Authentication Service (CAS) from version 3.3.2 to 3.4.6. The production CAS url https://www.purdue.edu/apps/account/cas will not change, just the code behind the url. The 3.4.6 version is completely backwards compatible with the 3.3.2 version, and uses the same CAS protocol, so you should not need to update your CAS client. However, we recommend that you consider verifying your current applications against the 3.4.6 version. The 3.4.6 version that will be installed on May 11 2011 is now available on our QA tier at https://webservices-test.itns.purdue.edu/apps/account/cas-server-uber-webapp-3.4.6. The 3.4.6 version includes puid, name, and I2A2 characteristic information along with a successful serviceValidate CAS ticket check. If you discover any issues with the new version, please contact us at email@example.com for assistance.
BoilerWeb April 2011 CAS Presentation
The presentation slides can be found here.
The Identity and Access Management Office (IAMO) offers a web single sign on service, using the Central Authentication Service (CAS) developed by Yale University and now maintained by JA-SIG under an open source license.
Benefits of using CAS vs. I2A2 For Web Authentication
Many web servers on campus already use I2A2 for Purdue Career Account authentication, so why use the CAS service? (Many thanks to the folks in the College of Science for creating the following list of benefits).
Authorization and CAS Server Versions
The Purdue CAS server deployment passes back the Career Account login of the authenticated user to the CAS client. However, it is good practice to use puid instead of login as a key in application databases. To support an application obtaining the puid, name and I2A2 characteristics for the authenticated login, the IAMO provides several options to map a login to puid/name/characteristics, in order of preference:
Requesting CAS Access
To obtain access to the Purdue IAMO CAS Server, you will first need to fill out a Service Level Agreement (SLA) between your group and the IAMO. Please fill out section VII Client Definitions: section A, VIII Signatures: section A and IX Appendix A: sections A, B, C D and E. Once you have this filled out, forward the hard copy to: IAMO Director / ITAP / ROSS. Please allow 3-5 business days for processing.
Installing and Configuring CAS in your web server (information for server administrators)
Lots of information can be found on the CAS Client Home Page. You can easily CASify any WAR in Tomcat, see the Java client page for details. CASifying Apache applications has been done with mod_auth_cas, although some have used mod_perl with the Perl client or phpCAS to avoid dealing with compiling mod_auth_cas.
Purdue's Production CAS Server urls:
(version 3.3.2 prior to May 11 2011, version 3.4.6 starting May 11 2011): loginUrl: https://www.purdue.edu/apps/account/cas/login validateUrl: https://www.purdue.edu/apps/account/cas/serviceValidate or https://www.purdue.edu/apps/account/cas/samlValidate logoutUrl: https://www.purdue.edu/apps/account/cas/logout
Your web server ip address(es) will need to be authorized for access to the serviceValidate/samlValidate urls, which we will do as part of processing the SLA.
CAS BoilerKey support
The Purdue CAS server now supports authenticating with the Purdue BoilerKey. Please see the CAS BoilerKey configuration page for more information.
Please contact firstname.lastname@example.org.
Purdue University, West Lafayette, IN 47907, (765) 494-4600
© 2010 - 2013 Purdue University | An equal access/equal opportunity university | Copyright Complaints
If you have trouble accessing this page because of a disability, please contact the CSC at email@example.com or (765) 494-4000.