FakeCAS

FakeCAS is a collection of CGI scripts in Perl (using Template::Toolkit) which mimics a CAS (Central Authentication Service) server. Or more precisely, a central unauthentication server, as it basically allows you to "authenticate" as any username without a password.

It only supports basic authentication (optionally with renew or gateway flags), but does not handle proxy stuff (and given its complete lack of authentication, probably a good thing). It does, however, go through all the motions of a real CAS server, with following exceptions:

• No real authentication is done. We believe whatever the user tells us.
• Service tickets do not have random strings but actually contain authentication information encoded in them. Similar enough to real service tickets, though, that this should not be a real problem, as clients typically cannot do much with service tickets on their own anyway.
• Service tickets are not single use. This can be a potential problem (a misbehaved application which sends the same service ticket to CAS multiple times might work with us but not with a real CAS server). This may get fixed in the next version
• The standard TGT cookie name is different, which is probably wise anyway.
• Absolutely no security

This package is intended to be used to assist with debugging CAS applications. With it, you redirect the application's CAS client to use the FakeCAS server, then can log in as different people and see how the application behaves for different users. This can be difficult if you can only have one account on the real CAS server; with FakeCAS you can be whoever you want to be.

Links/Downloads

Current version is 1.0

• CAS home page
• Download bzip2'ed tarball of current version