Skip navigation

Duo Security is now a part of Cisco

About Cisco

Contact Sales Free Trial

Try Duo's trusted access solution now.

Free Trial
Documentation

Central Authentication Server (CAS)

Last Updated: October 22nd, 2020

Contents

Duo Security's two-factor authentication is able to secure access to Central Authentication Server (CAS) deployments, complete with self-service enrollment and Duo Prompt.

Duo Security does not provide a native CAS integration. Unicon includes support for Duo in their third-party multifactor module for CAS 4.1.x. See Unicon's CAS-MFA project wiki for additional information.

CAS 5.0.x includes Duo multifactor support. See the CAS Documentation for configuration instructions.

Connectivity Requirements

This application communicates with Duo's service on TCP port 443. Firewall configurations that restrict outbound access to Duo's service with rules using destination IP addresses or IP address ranges aren't recommended, since these may change over time to maintain our service's high availability. If your organization requires IP-based rules, please review this Duo KB article.

First Steps

  1. Sign up for a Duo account.
  2. Log in to the Duo Admin Panel and navigate to Applications.
  3. Click Protect an Application and locate CAS (Central Authentication Service) in the applications list. Click Protect this Application to get your integration key, secret key, and API hostname. (See Getting Started for help.)

Treat your secret key like a password

The security of your Duo application is tied to the security of your secret key (skey). Secure it as you would any sensitive credential. Don't share it with unauthorized individuals or email it to anyone under any circumstances!

Duo Universal Prompt

Duo's next-generation authentication experience, the Universal Prompt, is coming to web-based applications that display the current Duo Prompt in browsers.

Migration to Universal Prompt for your CAS application is a two-step process:

  • Update the CAS application to support the Universal Prompt.
  • Enable the Universal Prompt experience for users of that CAS application (when the Universal Prompt becomes available)

CAS needs an update to support the Universal Prompt when it's ready, but the update isn't available yet. The "Universal Prompt" section reflects this status as "Waiting on App Provider". Please refer to the CAS community for information about Duo Universal Prompt support for CAS, or contact Duo Support.

After CAS includes the necessary changes you may need to install an application update or upgrade on your server to obtain Duo Universal Prompt support.

Universal Prompt Info - Update Not Yet Available

You'll later return to the settings on this page to activate the Universal Prompt for your CAS users once we've released it.

Click the See Update Progress link to view the Universal Prompt Update Progress report. This report shows the update availability and migration progress for all your Duo applications in-scope for Universal Prompt support.

Read the Universal Prompt Update Guide for more information about the update process to support the new prompt, and watch the Duo Blog for future updates about the Duo Universal Prompt.

Configure CAS

Download and apply the Unicon MFA plugin overlay for CAS 4.1.x to your CAS deployment or configure Duo within CAS 5.0.x, using the application information from step one above.

Troubleshooting

Need some help? Take a look at our CAS Knowledge Base articles or Community discussions. For further assistance, contact Support.