You are viewing the development documentation for the Apereo CAS server. The functionality presented here is not officially released yet. This is a work in progress and will be continually updated as development moves forward. You are most encouraged to test the changes presented.To view the documentation for a specific Apereo CAS server release, please choose an appropriate version. The release schedule is available here.
A CAS client is also a software package that can be integrated with various software platforms and applications in order to communicate with the CAS server using or or more supported protocols. CAS clients supporting a number of software platforms and products have been developed.
Other unofficial or incubating CAS clients may be found here. Given the above projects are unofficial and not under direct maintenance of CAS, their availability and accuracy may vary.
- CASified Python web application using Flask
- CASified Java web application using Java CAS Client
- Go CLI for CAS admin endpoints
- Smoke Testing CAS HA Deployments
- CASified Bootiful Java web application
- CASified Bootiful Java web application via Spring Security
The following programming frameworks have built-in support for CAS:
Build your own CAS client
As a lot of CAS clients already exist, there is little opportunity to develop a CAS client and it should be avoided as much as possible. Indeed, creating your own client is not an easy job and you’re most likely to generate security breaches.
Though, if you really need to create your own CAS client, please be aware of these incomplete guidelines:
- Rely on a static internal configuration instead of leveraging the behaviour on received inputs which can be forged
- Ensure that all outside inputs are properly decoded and encoded when used calls to CAS or other services
- Ensure that input is validated and that overly large inputs are discarded.