RubyCAS-Server is an implementation of the server-end of JA-SIG's CAS protocol, providing a cross-domain single sign-on solution for web applications.

Overview

RubyCAS-Server gives you:

Why you would want/need this:

CAS vs. OpenID

At the risk of oversimplification, CAS is the preferred choice over OpenID for large, top-down organisations who want to leverage an existing user base. For example, CAS is often deployed by universities that maintain a large, centralized database of users and provide services via a variety of platforms/frameworks.

RubyCAS-Server is also used by many smaller sites. This is likely because the server is considerably easier to deploy than a comparable OpenID solution, especially when one wants to wrap single-sign-on around an existing user base.

A good explanation of the difference between CAS and OpenID is available on Stack Overflow.

The Full Explanation

The idea behind CAS is similar to the way Yahoo, Google, and other major portal sites allow the user to authenticate using a central welcome page. Your CAS server provides the login page where the user enters their username and password. After successful authentication, the server dishes out 'service tickets' that grant access to your CAS-protected services/sites. Your CAS-protected services never see the user's real credentials, and logging in to one service grants authentication for all other services. The user only sees the login page once, the first time they try to access a CAS-protected service -- hence "single sign-on".

RubyCAS-Server is designed to be easy to set up and customize. You do not need to know anything about Ruby to run the server. The front end (the central login page) can be skinned using CSS, and the back-end authentication method for validating usernames and passwords can be configured to use an existing SQL database, Active Directory, LDAP server, etc. For more information on the CAS protocol, have a look at the official JA-SIG CAS page. RubyCAS-Server is easiest to deploy on Linux systems, but should work fine on other platforms (e.g. Windows).

In order to make your services (i.e. your web applications) CAS-protected, each service will require some configuration. Generally this is done by installing a CAS client library. For example for a Ruby on Rails application, you'll have to install RubyCAS-Client, which essentially acts like a standard controller filter. For PHP, install phpCAS and include a small block of code at the top of your CAS-protected PHP pages. For Java-based frameworks, you'll have to install the Java CAS Client and add some XML to your app server's configuration. Have a look at the Official and Unofficial CAS client pages for information on clients for other frameworks.

To get started quickly, have a look at the QuickStart wiki page for step-by-step installation and usage instructions.

Basic CAS Single Sign-On Diagram

RubyCAS-Server is implemented using the Sinatra microframework, and is designed for easy deployment either as a stand-alone server (via WEBrick or Mongrel) or under Apache (via Rack). It fully implements the CAS 2.0 protocol along with certain informal extensions present in the 3.x version fo the JA-SIG reference client.