skip to main content
Infrastructure Division of Information Technology

Authentication & Authorization Services

Central Authentication Service (CAS)

Authentication using CAS

When a Subject attempts to access an on-line service, the Service Provider often needs to determine whether or not to allow the Subject to use the resource. The first step in making this decision is verifying or authenticating the Subject's identity, i.e. "Are you who you claim to be?". This verification is accomplished via an authentication event where:

  • The Subject presents a Credential, which consists of the Subject's unique identifier and associated authentication material such as a password, PIN, or certificate key.
  • The Verifier validates the correctness of the Credential.

Origins and Philosophy

Due to the proliferation of web-enabled Service Providers, Yale University developed the Central Authentication Service (CAS) to provide a centralized Single SignOn Verifier for campus Service Providers. The centralized service offered a number of advantages to both Service Providers and Subjects. Service Providers did not have to manage user accounts or maintain Credential Stores and could focus on maintenance and development of their core services while Subjects had fewer Credentials to manage. CAS has been adopted and implemented by a number of universities and is now an Apereo Foundation project.

CAS @ Texas A&M

This site houses documentation geared toward application developers wanting to leverage CAS. To manage your personal NetID account, please go to