Planning a CAS deployment requires consideration of the application and platform ecosystem in light of security considerations, availability, and capacity.

Enterprise deployment planning begins with careful consideration of existing software and systems to be integrated with CAS including applications, identity management and authentication services, and other supporting enterprise services.

The following CAS clients can be employed to integrate most proprietary and open source applications: Java CAS Client .NET CAS Client mod_auth_cas module for Apache phpCAS Additionally, custom applications developed in common languages/platforms are easily supported in most cases. In almost all cases Web applications are easily integrated with CAS. Difficulty commonly arises, however, with applications built on legacy frameworks such as database procedural languages (e.g. PL/SQL) or mainframe applications. These kinds of applications frequently require creative solutions for CAS integration, but there are many such examples in community-contributed integration solutions that showcase the flexibility of CAS. The following matrix summarizes popular applications and the required libraries for CAS integration. Application or Framework CAS Client Supportedness Outlook Web Access / Outlook Web Application .NET CAS Client and ClearPass Extension .NET CAS Client is a core supported vended-by-Jasig CAS integration module. ClearPass is a community-supported CAS extension that is not part of the CAS server itself. Apache httpd mod_auth_cas mod_auth_cas is a core vended-by-Jasig CAS integration module. ASP.NET .NET CAS Client .NET CAS Client is a core supported vended-by-Jasig CAS integration module. IIS7 .NET CAS Client .NET CAS Client is a core supported vended-by-Jasig CAS integration module. Java Servlets Jasig Java CAS Client Jasig Java CAS Client is a core supported vended-by-Jasig CAS integration module. Spring Security Spring Security and the Jasig Java CAS Client Spring Security is not vended by Jasig, but CAS server depends out of the box on Spring Security's CAS support for authenticating administrators to access the CAS Services Registry functionality. The Jasig Java CAS Client is a core supported vended-by-Jasig CAS integration module. PHP applications phpCAS phpCAS is a core supported vended-by-Jasig CAS integration module. Ruby on Rails rubycas-client rubycas-client is not vended by Jasig. Perl PerlCAS PerlCAS is not vended by Jasig.

CAS must be integrated with one or more enterprise authentication systems such as LDAP/Active Directory. While it is most common to integrate CAS with a single enterprise authentication system, it is possible to integrate with multiple systems given the following important requirement. The namespaces of each authentication source must be guaranteed to be unique in order to prevent ambiguity about the identity of the authenticating user. In particular neither a credential such as a username nor the name of the resolved principal may exist in more than one authentication source. CAS supports many ways of authenticating user credentials, including: validation against Active Directory, either via LDAP or Kerberos protocol JAAS (whereby CAS supports Kerberos) RDBMS / JDBC (database) LDAP RADIUS SPNEGO REMOTE_USER (Container authentication) X.509 Certificates

In addition to authenticating the user, CAS is capable of querying for additional attributes about a user following authentication in order to store and release some or all of this information to requesting services for the purposes such as authorization and personalization. Attribute data is commonly sourced from the same store as authentication data, but the design of attribute retrieval allows configuring multiple disparate attribute sources.

Many enterprises have services that may be leveraged by CAS. For example, the availability of enterprise database hosting might suggest the use of JpaTicketRegistry for the server ticket store. Likewise clustering hardware or software might be used by CAS for improved availability and/or capacity.

CAS deployment requires consideration of enterprise security concerns such as integration with IDM software, PKI, and security policy. TODO: complete this Security Considerations section.

Every enterprise deployment of CAS should be vitally concerned with availability and performance obtained through careful capacity planning. TODO: complete this Availability and Capacity Planning section.

We present some popular deployment scenarios for CAS with commentary on availability and performance characteristics. TODO: complete this Deployment Scenarios section. E.g. "Single Client/Single Server"