Hieu Nguyen

Build your CAS - part 1

Mar 3 2017

Recently, our application begins to scale up, and we have many separate services which are developed to satisfy different need of the customers. However, since we introduce all of them as a bundle, we need to somehow integrate all these separate services into single userbase without coupling the code together. The first step into that would be a single-sign-on service to centralize the authentication step. This is the first time I build this kind of SOA, or to be more trendy, microservices architecture, so I have a lot to learn. This is my personal note on the development of this service.

What is CAS?

CAS stands for Central Authentication Service, a single-sign-on protocol for the web. Its purpose is to permit a user to access multiple applications while providing their credentials (such as userid and password) only once. It also allows web applications to authenticate users without gaining access to a user’s security credentials, such as a password. [1]

Why CAS?

Beside CAS, there are other solutions, such as OpenID. However, CAS has some advantages which help you in some specific situations:


I follow a part of Apereo protocol, but I have changed some parts of that protocol.

Rough idea

Sign in: Has 3 flows

Success login diagram

Failed login diagram - incorrect

Failed login diagram - incorrect ticket

Log out: