Central Authentication Service

CAS – Rutgers’ official Single Sign-on standard for all web-based applications

Standardizing on CAS as Rutgers official Single Sign-on standard for all web-based applications is part of security measure being implemented. These measures will reduce the threat of phishing attacks and improve the ability to provision and de-provision users in a timely manner. To achieve these goals, all University web-based services are required to use our Central Authentication Service (CAS).

Important dates:

By July 31, 2015: Applications that do not use CAS or LDAP to authenticate users must be registered with OIT using OIT’s Application Registration Site.

Some units have deployed their own identity environment, instead of using CAS NetId/Password. This reduces Rutgers’ overall security posture. In order to identify these security vulnerabilities, all units with applications not using NetId/Password through CAS or LDAP must immediately register that application with OIT’s Office of Information Protection and Security (IPS)

By February 1, 2016: All units, including those using LDAP, will be required to convert their web applications to the CAS standard.

Third-party web applications will be required to integrate with Shibboleth, the University’s federation solution for authentication. If the vendor cannot comply, OIT’s Information Protection and Security must be consulted and must approve the use of the application’s authentication procedures.

For information or questions regarding CAS integration, visit https://idms.rutgers.edu