Information about integrating CAS with a website

cas_auth_flow

There are several different ways for applications to integrate CAS authentication, including login and validation.

When integrating CAS authentication with your application, follow these best practices:

  • Applications using CAS must operate entirely over TLS (i.e., the casurl must be an HTTPS URL).
  • Enabling HTTP Strict Transport Security (HSTS) is highly recommended.
  • To be sure they are authenticating to APIIT Education Group’s CAS, users must be able to see the URL https://cas.apiit.edu.my/cas/login.
  • Therefore, applications must redirect to CAS and not render the login page inside an iframe or use other similar techniques.

 

Leave a Reply

Your email address will not be published.