How CAS Works

As of June 28, 2017, there is a change to the CAS server’s behavior when manually entering URLs in a browser. The URL "https://auth.berkeley.edu/cas/login" when entered alone will no longer bring up a CAS login screen. One must also specify the ?service= parameter as part of the URL to test a CAS login. CAS client applications automatically specify this service parameter when redirecting the browser to the CAS server so that the CAS server can later send the browser back to the application's protected page following authentication.

To manually test your CAS/CalNetID login credentials, you could use or bookmark a hyperlink such as this: CAM

Adding the service parameter for a berkeley.edu site after the base login URL, for example, "https://auth.berkeley.edu/cas/login?service=http://www.berkeley.edu", will display the specified site following succesful authentication to the CAS server, also providing for a test of login credentials.

To get the most up-to-date information on how CAS works, please visit the Apereo CAS website and in particular the CAS documentation site.

The CAS protocol and web flow are decribed in the CAS Protocol page.