There are several different ways for applications to integrate CAS authentication, including login and validation.
When integrating CAS authentication with your application, follow these best practices:
- Applications using CAS must operate entirely over TLS (i.e., the casurl must be an HTTPS URL).
- Enabling HTTP Strict Transport Security (HSTS) is highly recommended.
- To be sure they are authenticating to APIIT Education Group’s CAS, users must be able to see the URL https://cas.apiit.edu.my/cas/login.
- Therefore, applications must redirect to CAS and not render the login page inside an iframe or use other similar techniques.