Central Authentication Service (CAS)

Registering an Application

CAS utilizes a service registry. Your application must be registered with CAS or CAS will not respond to any requests made by the application.

Registering a tamu.edu website

To register your application, send an email with the following information to helpdesk@tamu.edu:

  • Protocol type: https is expected
    • CAS-protecting an http site is discouraged since the ticket exchange between CAS and the application will be transmitted unencrypted. A better method is to set up the application's http address to redirect to the https address and register the https addressed with CAS.
    • If you require CAS to be enabled for an http site, you must include an explanation of why the site cannot be set up as https.
    • Https certificates can be requested at https://cert.tamu.edu.
  • Application URL
  • Application Type: production and development version of application
  • Technical Contact name and email address. The Technical Contact must be an active faculty or staff employee of Texas A&M.
  • If your application will be requiring two-factor authentication, request that:
    • the minimum trust level required is set to Two-Factor, or
    • the authenticationMethod attribute be added to the payload

The Technical Contact will receive an email confirming registration of the application/service.

Registering a non-tamu.edu website

Since CAS returns identity information about the user, more information is needed for any non-tamu.edu website utilizing CAS. Any outside party/site partaking in CAS authentication must also comply with the following:

  • Be performing an institutional service for which the Local Education Agency (LEA) or school would otherwise use employees;
  • Be under the direct control of the LEA or school with respect to the use and maintenance of education records (that is, there must be a signed agreement);
  • Be subject to requirements in §99.33(a) of the FERPA regulations governing the use and re-disclosure of Personally Identifiable Information from education records.

The site also needs to provide language similar to the information on the https://www.tamu.edu/statements/privacy.html site specifically about privacy and security.

 The application must also publish a statement, visible before login, that indicates to the NetID account holder that:

  • They have left the Texas A&M network;
  • They are logging into a website hosted by ServiceProvider on behalf of College/Division/DeptName of Texas A&M University.

To enable CAS for a non-tamu.edu website please complete and submit a request form.

Texas A&M's CAS deployment returns the standard payload so CAS client code from the Apereo website can be used. CAS client code samples are available.