Skip to main content

Implementation

Details about the implementation of CAS at Texas A&M University are documented here.

Version

The CAS 3.0 protocol is supported by Texas A&M's CAS implementation.

Authentication Payload

CAS returns user information in either plain text or XML.

  • Plain Text: Application should call the .../validate server validation URL.
  • XML: Application should call the .../serviceValidate server validation URL. (Recommended)
note

Although there are two different .../serviceValidate server validation URLs for CAS 2.0 and CAS 3.0, they will return the exact same payload. While CAS had possessed the <cas:attributes> element to return additional elements in the payload in CAS 2.0, it was not formally documented in the CAS protocol until the CAS 3.0 protocol was published.

Payload Content

CAS allows the payload to be customized. Texas A&M's CAS deployment takes advantage of this feature to return both the user's UIN and NetID. No other customizations have been made to the payload to ensure that 3rd party CAS-enabled applications will not require modifications to work with Texas A&M's CAS implementation. An optional attribute that can be added to the CAS payload is authenticationMethod.

This attribute will return one of two values:

  • Password: user completed one-factor authentication
  • 2Factor: user completed two-factor authentication

Payload Examples

<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
	<cas:authenticationSuccess>
		<cas:user>netid</cas:user>
		<cas:attributes>
			<cas:tamuEduPersonUIN>#########</cas:tamuEduPersonUIN>
			<cas:tamuEduPersonNetID>netid</cas:tamuEduPersonNetID>
		</cas:attributes>
	</cas:authenticationSuccess>
</cas:serviceResponse>

Session Life

Once a Subject has authenticated, the session is valid for 6 hours. A Subject can also end a session by closing all instances of the browser or requesting a logout.