The William & Mary Central Authentication Service, CAS, is a single sign-on service that provides access to many secure W&M web-based services, as well as other services on external websites. CAS was originally created by Yale University to provide a trusted way for an application to authenticate a user. CAS became an open source Jasig project in December 2004 and is now managed by the Apereo foundation. CAS was implemented at William & Mary in the spring of 2011.
Signing-in to CAS
Use your W&M Username credentials to sign-in to CAS. (Example W&M Username: tjefferson)
Single Sign-On (SSO)
After a successful sign-in, CAS attempts to send a cookie (one that expires when the browser is closed) back to the browser. This cookie, which is called a "ticket-granting cookie," identifies you as an authorized user and starts your CAS session. While your CAS session is active, you may access various CAS-enabled services without the need to log in again. Once your CAS session expires, you will be prompted to re-enter your credentials the next time you access a service using CAS. Your CAS session starts with a length of 8 hours and may be extended to a maximum of 16 hours. For example, if you sign-in to CAS to use Blackboard at 8am, your session would end at 4pm. If you then logged in to Zoom using SSO at noon, your CAS session would be extended to 8pm.
Safety and Security
CAS serves as an easy and standardized way to provide authentication across a range of sites. The CAS server must authorize websites before they are granted access to its service. When you sign into a service that uses CAS, the service itself never has your password.
Generally speaking, it is good practice to close your web browser after accessing any website that requires a username and password. This is especially important when you are on a public computer, so that others are not surfing the web under your credentials.
When you log in to CAS, a cookie is stored in your browser that allows you to be automatically logged in to other sites. This cookie is set to expire at the end of your browser's session. When you close your browser, this cookie no longer exists and you can no longer be automatically logged in to any additional sites without specifying your password again.
Disable Single Sign-on
If you are at a public computer or a computer you do not normally use you can check the disable single sign-on button when logging in to CAS. CAS will only log you in to the application that started the login process and will not store the cookie in your browser allowing you to login to other sites in that browser session.
When you end your CAS single sign-on session by logging out of CAS, CAS attempts to log you out of all the services that you visited during your session. Not every site that uses CAS supports single sign-out, so it is strongly recommended that you close your browser after logging out of CAS, particularly when using a shared/public computer.
To force a CAS logout, you can use this address: https://cas.wm.edu/cas/logout
If you incur trouble logging into a W&M service that uses CAS, be sure that you are entering the correct W&M Username and password. If you continue to have problems, please contact [[support]].