Central Authentication Service

Sun Mar 25 09:46:52 EDT 2012

Welcome to the COS 333 Central Authentication Service

If your project is going to require users to log in with a Princeton netid, you should use this code, which has the great advantage that the user's password is sent only to a trusted third party (i.e., not you) that determines securely whether it is a valid Princeton netid and does not return to your code unless it is.

Your system might display a welcome page like this one, with a login link that points to the authentication page. After a successful call to CASClient's Authenticate(), the authentication page would set a session cookie indicating successful login and redirect to a page inside the site.

Here is a PHP version:

The PHP client code is here and the PHP test script is here.

Here is a Python version:

The Python client code is here, the Python CGI script is here, and the test program is here.

Here is a Java version:

The Java client code is here, the Java CGI script is here, and the test program is here.

The PHP version is by Alex Halderman '03, with contributions from Avi Flamholz '07 and Scott Karlin *03; thanks to all of them. The Python version is bwk's transliteration from the PHP. The Java version is by Bob Dondero, as is the corrected PHP version; many thanks to him as well.

A pretty cryptic description of the underlying system is found at this OIT site.