Central Authentication Service (CAS)

ghit.me License


Welcome to the home of the Central Authentication Service project, more commonly referred to as CAS. CAS provides enterprise single sign-on for the web and attempts to be a comprehensive platform for your authentication and authorization needs.

CAS is an open and well-documented authentication protocol. The primary implementation of the protocol is an open-source Java server component by the same name, hosted here.

Contributions Contributing Guide


The following features are supported by the CAS project:

  • CAS v1, v2 and v3 Protocol
  • SAML v1 and v2 Protocol
  • OAuth Protocol
  • OpenID & OpenID Connect Protocol
  • WS-Federation Passive Requestor Protocol
  • Authentication via JAAS, LDAP, RDBMS, X.509, Radius, SPNEGO, JWT, Stormpath, Remote, Trusted, BASIC, Apache Shiro, MongoDb, Pac4J and more.
  • Delegated authentication to WS-FED, Facebook, Twitter, SAML IdP, OpenID, OpenID Connect, CAS and more.
  • Authorization via ABAC, Time/Date, REST, Internet2's Grouper and more.
  • HA clustered deployments via Hazelcast, Ehcache, JPA, Memcached, Apache Ignite, MongoDb, Redis, Couchbase and more.
  • Application registration backed by JSON, LDAP, YAML, JPA, Couchbase, MongoDb and more.
  • Multifactor authentication via Duo Security, YubiKey, RSA, Google Authenticator and more.
  • Administrative UIs to manage logging, monitoring, statistics, configuration, client registration and more.
  • Global and per-application user interface theme and branding.
  • Password management and password policy enforcement.

The foundations of CAS are built upon: Spring Boot, Spring Cloud and Thymeleaf.

Development Dependency Status Codacy Badge CLA assistant Dependency Status

To build the project locally, please follow this guide.

Documentation Gitter Stack Overflow JavaDoc

Deployment Build Status Maven Central Github Releases

It is recommended to build and deploy CAS locally using the WAR Overlay method. This approach does not require the adopter to explicitly download any version of CAS, but rather utilizes the overlay mechanism to combine CAS original artifacts and local customizations to further ease future upgrades and maintenance.

Note: Do NOT clone or download the CAS codebase directly. That is ONLY required if you wish to contribute to the development of the project. Utilize the WAR Overlay method instead to build and deploy your CAS instance.

Related Repositories



Apereo Java CAS Client ...



Rack-CAS is simple Rack middleware to perform CAS client authentication. ...



Apereo .NET CAS Client ...



A CAS OmniAuth Strategy ...



Django CAS (Central Authentication Service) client ...

Top Contributors

mmoayyed leleuj serac battags frett dima767 mindblender apetro robertoschwald wgthom doodelicious tduehr jdlich jtgasper3 seanrbaker rallportctr rdev5 rkorn86 zawn mikeroda yisiqi fesnault edwins JanuszP cparaiso wcrowell alexhenrie steve-gregory anthony-o kirill-vlasov


-   v5.0.0.RC2 zip tar
-   v5.0.0.RC1 zip tar
-   v5.0.0.M3 zip tar
-   v5.0.0.M2 zip tar
-   v5.0.0.M1 zip tar
-   v4.2.6 zip tar
-   v4.2.5 zip tar
-   v4.2.4 zip tar
-   v4.2.3 zip tar
-   v4.2.2 zip tar
-   v4.2.1 zip tar
-   v4.2.0 zip tar
-   v4.2.0-RC3 zip tar
-   v4.2.0-RC2 zip tar
-   v4.2.0-RC1 zip tar
-   v4.1.9 zip tar
-   v4.1.8 zip tar
-   v4.1.7 zip tar
-   v4.1.6 zip tar
-   v4.1.5 zip tar
-   v4.1.4 zip tar
-   v4.1.3 zip tar
-   v4.1.2 zip tar
-   v4.1.1 zip tar
-   v4.1.0 zip tar
-   v4.1.0-RC2 zip tar
-   v4.1.0-RC1 zip tar
-   v4.0.7 zip tar
-   v4.0.6 zip tar
-   v4.0.5 zip tar