Welcome to the home of the Central Authentication Service project, more commonly referred to as CAS. CAS is an enterprise multilingual identity provider and single sign-on solution for the web and attempts to be a comprehensive platform for your authentication and authorization needs.
CAS is an open and well-documented authentication protocol. The primary implementation of the protocol is an open-source Java server component by the same name hosted here, with support for a plethora of additional authentication protocols and features such a SAML2, OpenID Connect, MFA and many many more.
If you have already identified an enhancement or a bug, it is STRONGLY recommended that you submit a pull request to address the case. There is no need for special ceremony to create separate issues. The pull request IS the issue and it will be tracked and tagged as such.
| Version | Reference |
|---|---|
 |
Link |
 |
Link |
 |
Link |
Additional resources are available as follows:
It is recommended to deploy CAS locally using the WAR Overlay method. Cloning or downloading the CAS codebase is ONLY required if you wish to contribute to the development of the project.
We recommend that you review this page to get started with your CAS deployment.
The following features are supported by the CAS project:
- CAS v1, v2 and v3 Protocol
- SAML v1 and v2 Protocol
- OAuth v2 Protocol
- OpenID Connect Protocol
- WS-Federation Passive Requestor Protocol
- Authentication via JAAS, LDAP, RDBMS, X.509, Radius, SPNEGO, JWT, Remote, Apache Cassandra, Trusted, BASIC, MongoDB and more.
- Delegated (social) authentication to external identity providers such as WS-FED, SAML2, OpenID Connect, OAuth CAS and more.
- Authorization via Heimdall, OpenFGA, OPA, ABAC, Time/Date, REST, Internet2's Grouper and more.
- HA clustered deployments via Hazelcast, JPA, Hazelcast, Memcached, Apache Ignite, MongoDB, Redis, DynamoDb, and more.
- Application registration backed by JSON, LDAP, YAML, Google Cloud, JPA, MongoDB, DynamoDb, Redis and more.
- Multifactor authentication via Duo Security, Simple MFA, YubiKey, RSA, Google Authenticator, WebAuthn FIDO2 and more.
- Administrative UIs to manage logging, monitoring, statistics, configuration, client registration and more.
- Email and SMS notification options via Twilio, Mailgun, SendGrid, Amazon SES and more.
- User attribute consent and management via LDAP, RDBMS, MongoDB, DynamoDb and more.
- Global and per-application user interface theme and branding.
- Password management and password policy enforcement.
- Integration options with Apache Syncope, SCIM, Swagger, Shibboleth IdP, Keycloak, Okta, and more.
- Deployment options using Apache Tomcat, Jetty, Undertow, packaged and running as Docker containers.
The foundations of CAS are built upon: Spring Boot and Spring Cloud.
- To build the project locally, please follow this guide.
- The release schedule is available here.
Apereo CAS is 100% free open source software managed by Apereo, licensed under Apache v2. Our community has access to all releases of the CAS software with absolutely no costs. We welcome contributions from our community of all types and sizes. The time and effort to develop and maintain this project is dedicated by a group of volunteers and contributors. If you (or your employer) benefit from this project, please consider becoming a Friend of Apereo and contribute.
Commercial support options may be found here.
![@renovate[bot]](https://avatars.githubusercontent.com/in/2740?s=64&v=4){kind=small}
