Register a CAS service

To register your application, fill out our CAS Registration Form.

In this form, Service URL refers to the exact URL to allow. This is the relevant setting for allowing access. For example, the URL https://example.mtu.edu/login would only allow exactly this service URL to login. More specific URL patterns are permitted if necessary to distinguish between applications.

Basic CAS client configuration

CAS Server production name: sso.mtu.edu

Using the redirection on log out feature

Following log out, to redirect the browser to a landing page of your choice (and which page is not protected by CAS), use something like this example for the logout call in your CAS client application:

https://sso.mtu.edu/cas/logout?service=https://myservice.mtu.edu/welcome.html

The welcome.html landing page can redirect back to the CAS login page or be an unprotected page. To improve security, the CAS server only redirects the browser to the URL for the landing page if the URL matches a pattern that is already registered with the server. This URL typically would be one which is included within your CAS client application’s registered URL pattern, but one which is not actually protected by CAS.

LDAP attributes from CAS protocol

The CAS protocol may return certain LDAP-derived attributes listed below for your service in addition to the default username-to-uid mapping available at this CAS server path:

/cas/samlValidate or /cas/p3/serviceValidate

In the CAS Registration form, you can indicate which of these attributes to return to your service via the CAS protocol. Attribute release is subject to IT approval.

• displayName: the preferred full name
• givenName: the first name
• sn: the last name
• mail: the email address
• UID: UID is the immutable identifier value assigned to all Michigan Tech users and returned by CAS by default as the username.
• memberOf: the list of LDAP groups