2018-2019 Software Community Health Metrics - CAS

2018-2019 Software Community Health Metrics - CAS

Status: Graduated

Background and Objectives
Central Authentication Service, more commonly referred to as CAS, is an enterprise multilingual single sign-on solution for the web and a comprehensive platform for authentication and authorization needs. CAS is an open and well-documented authentication protocol. The primary implementation of the protocol is an open-source Java server component by the same name, with support for a plethora of additional authentication protocols and features.


  • Java Development Tookit
  • Spring Framework and family
  • Apache Tomcat and/or Jetty
  • MFA via Duo Security, Google Authenticator, etc
  • Data integration with storage technologies such as MongoDb, Redis, etc


Date of First Release 

Date of Last Release 

Number of Releases

 February 2005

 May 2019



Commits in 2018

Commits in 2019

Frequency of Commits





Contributors in 2018

Contributors in 2019




Number of sites in use (estimated)

 >= 12,000


The estimated number of sites in use is calculated by the search engine shodan.io, and only accounts for search findings that could be publicly parsed and indexed by the engine. It does not speak to how active, alive or recent those deployments are. No other statistic exists.

2018 Highlights
Large number of releases to include feature and patch updates, including the major release of CAS 6 with support for Java 11, and over 60 significant improvements such as reCAPTCHA v3, CouchDb, Radius MFA, OAUTH2 UMA, etc as well as brand new UI for CAS administrators.

2019 Highlights
Majority of development has focused on the next feature release, CAS 6.1 due in the summary of 2019 to be followed by the release CAS 6.2 towards the year’s end. So far, there have been 4 release candidates with with a large number of new features around OpenIDConnect, DynamoDb, MFA, Authorization, Redis, Docker, SAML2 and more.

Future Plans
The CAS project generally does not put together a roadmap or plan and grows entirely organically based on efforts of volunteers and contributors around the world. As such, ideas thrown around as interesting and worthy to pursue insofar are:

  • Support for FIDO2/WebAuthN
  • Compatibility with future Java versions