The William & Mary Central Authentication Service, CAS, is a single sign-on service that provides access to many secure W&M web-based services, as well as other services on external websites. CAS was originally created by Yale University to provide a trusted way for an application to authenticate a user. CAS became a Jasig project in December 2004. CAS was implemented at William & Mary in the spring of 2011.
Signing-in to CAS
Use your WMuserid credentials to sign-in to CAS. (Example WMuserid: tjefferson)
After a successful sign-in, CAS attempts to send a cookie (one that expires when the browser closes) back to the browser. This cookie, which we call a "ticket-granting cookie," identifies the user as one who has already logged in successfully. While the time ticket is active, you may access various CAS-enabled services without the need to log in again. Once your time ticket expires, you will be prompted to re-enter your credentials the next time you access a service using CAS. This cookie is time-based and can last up to 8 hours; however it will expire in 2 hours if it is not re-used.
Safety and Security
CAS serves as an easy and standardized way to provide authentication across a range of sites. The CAS server must authorize websites before they are granted access to its service. When you sign into a service that uses CAS, the service itself never accesses your passwords.
Generally speaking, it is good practice to close your web browser after accessing any website that requires a username and password. This is especially important when you are on a public computer, so that others are not surfing the web under your credentials.
When you log in to CAS, a cookie is stored in your browser that allows you to be automatically logged in to other sites. This cookie is set to expire at the end of your browser's session. When you close your browser, this cookie no longer exists and you can no longer be automatically logged in to any additional sites without specifying your password again.
When you end your CAS single sign-on session by logging out of CAS, CAS attempts to log you out of all the services that you visited during your session. While this is usually sucessful, it is strongly recommended that you close your browser after logging out of CAS, particularly when using a shared/public computer.
To force a CAS logout, you can use this address: https://cas.wm.edu/cas/logout
If you incur trouble logging into a W&M service that uses CAS, be sure that you are entering the correct WMuserid and password. If you continue to have problems, please contact [[support]].