Web single sign-on (Web SSO) authentication services are used to verify a person's identity when they sign into a password-protected website. Once a person signs into the Web SSO system, they can seamlessly access other Web-SSO-protected websites without being prompted for their password again. UC Davis currently offers two Web SSO services: CAS and Shibboleth.
Shibboleth uses the widely deployed and industry standard SAML protocol, and its strengths lie in secure, federated authentication and authorization, maintaining privacy when necessary. CAS employs secure server-to-server communications and tickets. It uses a cookie, scoped only to the CAS server, to track the SSO authentication. Generally, if colleagues outside UC Davis use your website, or might in the future, then you should consider using Shibboleth.
How do you determine which service to use? Here are some prompts:
Does your application need user attributes at login? Do colleagues outside UC Davis use your service? If you answer yes to both questions, then you should use Shibboleth. If you answer no, then CAS should be your choice.
Shibboleth and CAS are both open-source, standards-based, Web SSOs used by institutions in the United States and abroad.
InCommon serves U.S. education and research by supporting a common framework for trustworthy, shared management of access to online resources. Read more at http://www.incommon.org