Technical Requirements and Information

Supported Software

Texas A&M University currently supports CAS 2 and CAS 3. The CAS 2 service will be retired January 11, 2010.

CAS 2

production server: netid.tamu.edu
- login URL:
  https://netid.tamu.edu/cas/login
- validation URLs:
  https://netid.tamu.edu/cas/validate
  https://netid.tamu.edu/cas/serviceValidate
- logout URL:
  https://netid.tamu.edu/cas/logout
development server: netid-dev.tamu.edu
- login URL:
  https://netid-dev.tamu.edu/cas/login
- validation URLs:
  https://netid-dev.tamu.edu/cas/validate
  https://netid-dev.tamu.edu/cas/serviceValidate
- logout URL:
  https://netid-dev.tamu.edu/cas/logout

CAS 3

production server: cas.tamu.edu
- login URL:
  https://cas.tamu.edu/cas/login
- validation URLs:
  https://cas.tamu.edu/cas/validate
  https://cas.tamu.edu/cas/serviceValidate
- logout URL:
  https://cas.tamu.edu/cas/logout
development server: cas-dev.tamu.edu
- login URL:
  https://cas-dev.tamu.edu/cas/login
- validation URLs:
  https://cas-dev.tamu.edu/cas/validate
  https://cas-dev.tamu.edu/cas/serviceValidate
- logout URL:
  https://cas-dev.tamu.edu/cas/logout

CAS Payload

CAS returns user information in either plain text or XML. To receive the payload in plain text, your application should call the '.../validate' server validation URL. To receive the payload in XML, your application should call the '.../serviceValidate' server validation URL.

Payload Content

Texas A&M University's CAS 2 implementation returns a customized payload. The standard CAS 2 payload contains a user's NetID. TAMU's CAS 2 payload contains a user's NetID and UIN. This was done to allow developers to use the UIN as a permanent key for databases (since account owners are allowed to change their NetID) or to do additional authorization checking in their applications.

While the user's UIN is useful information to have, a negative consequence of adding this value to the payload is that 3rd party CAS 2-enabled applications will not work out of the box.

CAS 3 allows the payload to be customized. TAMU's CAS 3 deployment takes advantage of this feature to return both the user's UIN and NetID. No other customizations have been made to the payload to ensure that 3rd party CAS 3-enabled applications will not require modifications to work with TAMU's CAS implementation.

CAS 2 payload format

XML payload (the ' `.../serviceValidate` ' response)

Successful validation

CAS returns an XML document containing:

<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
  <cas:authenticationSuccess>
      <cas:NetID>netid</cas:NetID>
      <cas:UIN>#########</cas:UIN>
  </cas:authenticationSuccess>
</cas:serviceResponse>

Failed validation

CAS returns an XML document containing

<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
  <cas:authenticationFailure code="...">
    Optional authentication failure message
  </cas:authenticationFailure>
</cas:serviceResponse>

Plain Text payload (the ' `.../validate` ' response)

Successful validation

CAS returns a 3 line response:

yes
<NetID>value</NetID>
<UIN>value</UIN>

Failed validation

CAS returns a 3 line response:

no

CAS 3 payload format

XML payload (the ' `.../serviceValidate` ' response)

Successful validation

CAS returns an XML document containing:

<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
  <cas:authenticationSuccess>
    <cas:user>netid</cas:user>
    <cas:attributes>
      <cas:tamuEduPersonUIN>#########</cas:tamuEduPersonUIN>
      <cas:tamuEduPersonNetID>netid</cas:tamuEduPersonNetID>
    </cas:attributes>
  </cas:authenticationSuccess>
</cas:serviceResponse>

Failed validation

CAS returns an XML document containing

<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
    <cas:authenticationFailure code="...">
	Optional authentication failure message
    </cas:authenticationFailure>
</cas:serviceResponse>

Plain Text payload (the ' `.../validate` ' response)

Successful validation

CAS returns a 2 line response:

yes
netid

Failed validation

CAS returns a 2 line response:

no

Testing

Test your application with CAS by using the development URLs listed above.

Separate requests must be made to register an application in the CAS 3 development service registry and CAS 3 production service registry.
As an alternative to registering an application URL for testing with CAS 3, developers may use either of the following URLs:

https://localhost
https://localhost:8443

These two URLs are already in the CAS 3 development service registry.

Registering an Application

CAS 2 can be used without registering your application.

CAS 3 utilizes a service registry. Your application must be registered with CAS 3 or CAS will not respond to any requests made by the application. To register your application, send an email with the following information to helpdesk@tamu.edu:

protocol type: http or https
application URL
Technical Contact name and email address

The Technical Contact will receive an email confirming registration of the application/service.

Technical Requirements and Information

Supported Software

CAS 2

CAS 3

CAS Payload

Payload Content

CAS 2 payload format

XML payload (the ' .../serviceValidate ' response)

Successful validation

Failed validation

Plain Text payload (the ' .../validate ' response)

Successful validation

Failed validation

CAS 3 payload format

XML payload (the ' .../serviceValidate ' response)

Successful validation

Failed validation

Plain Text payload (the ' .../validate ' response)

Successful validation

Failed validation

Testing

Registering an Application

XML payload (the ' `.../serviceValidate` ' response)

Plain Text payload (the ' `.../validate` ' response)

XML payload (the ' `.../serviceValidate` ' response)

Plain Text payload (the ' `.../validate` ' response)