Purdue CAS Information
The Identity and Access Management Office (IAMO) offers a web single sign on service, using the Central Authentication Service (CAS). IAMO is running CAS version 3.5.3 as of 8/2/2015. Implementing CAS 4.x is currently targeted for early 2016.
Please also see here for an overview of all of the IAMO web authentication offerings.
Benefits of using CAS vs. I2A2 For Web Authentication
Many web servers on campus already use I2A2 for Purdue Career Account authentication, so why use the CAS service? (Many thanks to the folks in the College of Science for creating the following list of benefits).
Authorization and CAS Server Versions
The Purdue CAS server deployment passes back the Career Account login of the authenticated user to the CAS client. However, it is good practice to use puid instead of login as a key in application databases. To support an application obtaining the puid, name and I2A2 characteristics for the authenticated login, the IAMO provides several options to map a login to puid/name/characteristics, in order of preference:
We have a test page available here to help demonstrate the attribute names and format available.
Requesting CAS Access
To obtain access to the Purdue IAMO CAS Server, you will first need to fill out a Service Level Agreement (SLA) between your group and the IAMO. Please fill out section VII Client Definitions: section A, VIII Signatures: section A and IX Appendix A: sections A, B, C D and E. Once you have this filled out, forward the hard copy to: IAMO Director / ITAP / ROSS. Please allow 3-5 business days for processing.
We have recently changed authorizing CAS service ticket checks from application server ip address to CAS service url. In fact so recent that our SLA hasn't quite caught up yet. The CAS service url is where the browser is redirected after successful CAS authentication (and shows up to the user at the top of the CAS login page as "You have asked to login to:". If the necessary CAS service url(s) aren't obvious from the SLA contents, we'll consult the technical contact on the SLA to get the applicable CAS service url(s). IAMO is developing a web application to submit SLAs and maintain CAS service urls, however no target date has been set yet for completion.
Installing and Configuring CAS in your web server (information for server administrators)
Lots of information can be found on the CAS Client Home Page. You can easily CASify any WAR in Tomcat, see the Java client page for details. CASifying Apache applications has been done with mod_auth_cas, although some have used mod_perl with the Perl client or phpCAS to avoid dealing with compiling mod_auth_cas.
BoilerWeb April 2011 CAS Presentation
The presentation slides can be found here.
Purdue's Production CAS Server urls:
loginUrl: https://www.purdue.edu/apps/account/cas/login validateUrl: https://www.purdue.edu/apps/account/cas/serviceValidate or https://www.purdue.edu/apps/account/cas/samlValidate logoutUrl: https://www.purdue.edu/apps/account/cas/logout
CAS BoilerKey support
The Purdue CAS server now supports authenticating with the Purdue BoilerKey. Please see the CAS BoilerKey configuration page for more information.
Please contact firstname.lastname@example.org.
Purdue University, West Lafayette, IN 47907, (765) 494-4600
© 2010 - 2013 Purdue University | An equal access/equal opportunity university | Copyright Complaints
If you have trouble accessing this page because of a disability, please contact the CSC at email@example.com or (765) 494-4000.