CAS is an Open source single sign on software

CAS Free SSO Solution

Multilingual Authentication Software With Logs Management

Central Authentication Service is an open source SSO tool that provides authentication and authorization features using OpenID, OAuth, and SAML protocols.


Web applications are rapidly growing and businesses tend to target several areas with intentions to provide services and tools. There is a huge number of users increasing day by day and data security and data management are becoming the main concerns for enterprise businesses. However, the open source community has provided many solutions to coup these concerns, and single sign on software is one of them.

CAS is a free and open source single sign on system and it uses CAS a ticket-based protocol that is exclusively built to provide user authentication and authorization. The architecture of this protocol is based on client and server collaboration. CAS server authenticates users and grants access to the applications. Whereas, the client of this single sign on technology takes care of retrieving information of the users granted by the CAS server.

This open source software not only supports its own CAS protocol but also supports OpenID, OAuth, OpenID Connect, REST, WsFederation, and SAML protocols. CAS has a complete ecosystem for the integrations with third parties which maintains the high trust levels by using public/private key pairs.

CAS is mainly written in Java and provides comprehensive documentation regarding deployment and development. There is a strong community backing up this single sign on software.

System Requirements

  • JDK 11
  • Apache Tomcat
  • Docker (optional)


  • OAuth v2 Protocol
  • OpenID & OpenID Connect Protocol
  • Password Management
  • Various Deployment Options
  • Multifactor authentication 
  • Multilingual
  • Sign-in / Sign-out
  • Many Authentication Mechanisms (e.g. JAAS, LDAP, RDBMS)
  • WS-Federation Passive Requestor Protocol
  • Easy to Set-Up
  • Integrations With Third Parties
  • Many Authorization Mechanisms (e.g. ABAC, Time/Date, REST )
  • UI To Manage Logs
  • UI To Manage Monitoring And Stats
  • Delegated Authentication To Facebook, Twitter And More


Run the following command to clone the repo:

    git clone cas-server

After successful clone, run the following command:

    cd cas-server

    git checkout master

Now, build the codebase via the following command:

    ./gradlew build install --parallel -x test -x javadoc -x check

You can use -x <task> to entirely skip/ignore a phase in the build. (i.e. -x test-x check).

If you have no need to let Gradle resolve/update dependencies and new module versions for you, you can take advantage of the --offline flag when you build which tends to make the build go a lot faster.

Using the Gradle daemon also is a big help. It should be enabled by default.

Enabling Gradle’s build cache via --build-cache can also significantly improve build times.

If you are using Windows, you may find -DskipNpmLint=true needed for the build due to line ending difference between OS

For configuring SSL, the thekeystore file must include the SSL private/public keys that are issued for your CAS server domain. You will need to use the keytool command of the JDK to create the keystore and the certificate. The following commands may serve as an example:

    keytool -genkey -alias cas -keyalg RSA -validity 999 -keystore /etc/cas/thekeystore -ext san=dns:$REPLACE_WITH_FULL_MACHINE_NAME

In your /etc/hosts file (on Windows: C:\Windows\System32\Drivers\etc\hosts), you may also need to add the following entry:

The certificate exported out of your keystore needs to also be imported into the Java platform’s global keystore:

    keytool -export -file /etc/cas/config/cas.crt -keystore /etc/cas/thekeystore -alias cas
    sudo keytool -import -file /etc/cas/config/cas.crt -alias cas -keystore $JAVA_HOME/jre/lib/security/cacerts

where JAVA_HOME is where you have the JDK installed (i.e /Library/Java/JavaVirtualMachines/jdk[version].jdk/Contents/Home).

Execute the following commands to deploy:

    cd webapp/cas-server-webapp-tomcat
    ../../gradlew build bootRun --parallel --offline --configure-on-demand --build-cache --stacktrace

By default CAS will be available at [](

Running in Docker

For Docker, Docker image is located at Docker Hub. Run the following command to pull down the Docker Image:

    docker pull apereo/cas:v[A.B.C]

where [A.B.C] represents the image tag that is mapped to the CAS server version.