loren138 / cas-server by loren138

A CAS Server form Single Sign On (SSO) implemented as a Laravel Package.
Package Data
Maintainer Username: loren138
Package Create Date: 2016-08-04
Package Last Update: 2018-08-30
Language: PHP
License: MIT
Last Refreshed: 2023-05-28 03:11:12
Package Statistics
Total Downloads: 80
Monthly Downloads: 0
Daily Downloads: 0
Total Stars: 5
Total Watchers: 3
Total Forks: 3
Total Open Issues: 3

Laravel CAS Server


  • Add SAML/Warn
  • Unit test flashing an error to session

This is a Laravel implementation of the CAS protocol because tomcat/CAS are way to hard to deal with and keep up to date. This should be much easier and much easier to understand.

Because of the required URLs for CAS, it is recommended that you install this in it's own Laravel instance.

Laravel installation instructions can be found here: https://laravel.com/docs/5.2/installation


composer require loren138/cas-server

After updating composer, add the service provider to the providers array in config/app.php


Next, you'll want to publish the views, public files, config, and migrations.

php artisan vendor:publish --provider="Loren138\CASServer\CASServerServiceProvider"

Next, you'll need to implement your user authentication class. The class for users must Implement Loren138\CASServer\Models\CASUserInterface

 use Loren138\CASServer\Models\CASUserInterface;
 use Illuminate\Database\Eloquent\Model;

 class MyUser extends Model implements CASUserInterface
      public function checkLogin($username, $password)
            if (loginGood) {
                return true;
            return false;
      public function userAttributes($username);
            return [
                'attribute' => 'value'

Last, update the casserver.php file in the config folder such that the userClass setting references your class (and update other settings as desired).

You should now have a working CAS Server.

Table Cleanup

It is recommended that you have CAS cleanup the authentication and ticket tables daily. You can do that by adding the following in the schedule function in your console/Kernel.php file


Note: For this to work, you must have setup a cron job to call Laravel's command: https://laravel.com/docs/5.2/scheduling#introduction

Session configuration

It is recommended to verify/set the following in config/session.php: (These settings are toward the bottom of the file.)

'secure'    => true,
'http_only' => true,
'expire_on_close' => true,

It is also recommended to change the cookie name in config/session.php:

'cookie' => 'cas_session',

You should also make sure the lifetime variable is at least as long as your sso lifetime in casserver.php in config/session.php by default, you'll want to set session lifetime to 480.

Catching CSRF Errors

In the render (not report) function of app/Exceptions/Handler.php, you may want to add the following:

if ($e instanceof TokenMismatchException) {
    session()->flash('error', 'Validation Token expired. Please try again.');
    return redirect()->back();


Single Sign on Sessions are only stored if you are using SSL. Thus, you may want to force SSL. You can do this on your web server or with a middleware such as: https://github.com/lesstif/laravel-secure-url

You can also use modrewrite

# This will enable the Rewrite capabilities
RewriteEngine On

# This checks to make sure the connection is not already HTTPS
RewriteCond %{HTTPS} !=on

# This rule will redirect users from their original location, to the same location but using HTTPS.
# i.e.  http://www.example.com/foo/ to https://www.example.com/foo/
# The leading slash is made optional so that this will work either in httpd.conf
# or .htaccess context
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]

Server Install

Testing requires sqlite.