Single Sign On (SSO) is used at UC Berkeley to allow employees, students and affiliates to log in to multiple applications and services, using a single ID and passphrase. We offer two types of SSO to campus technologists:
CAS vs Shibboleth
CAS is generally used for campus-developed applications to provide SSO integration with CalNet ID and 2-Step (multifactor) authentication. There are CAS integrations available for most major application programming languages and frameworks.
Shibboleth supports the widely adopted SAML standard for SSO and federation. If you want to integrate a third-party application with CalNet SSO then you will most likely use Shibboleth. For example, bMail, Box, and DocuSign are integrated with CalNet SSO using SAML and Shibboleth. Shibboleth uses CAS for authentication.
CAS Authorization is often used in conjunction with Shibboleth. If you want to provide access to a remote resource while also restricting access to current employees and students, for example, you can use CAS Authorization to enforce access rules.