The CAS Service Registry is a list of service URLs that are allowed to use the UC Davis SSO server to authenticate users. The use of the registry is a security measure, and also enhances performance by ensuring only authorized sites are processed by the server. Administration of the service registry is done through the CAS Management Application. 

Accessing the CAS Management Application

Sign in to the the management application at casmgr.ucdavis.edu using your personal login id. Departmental accounts are not allowed to sign in to the application and will display an "Access Denied" error.  You will be prompted for MFA with Duo, so ensure you have Duo setup before signing in the first time.  Instructions for enrolling in Duo can be found at KB0002934.

Functionality of the CAS Management Application

The management application provides a portal for staff and faculty to interact with the CAS Service Registry.  After signing in the following options are available:

• Review services that you are assigned as a contact.
• Look up existing services by domain name in the registry.
• Submit a request to add yourself as a contact to a service.
• Submit a request to remove yourself as a contact from a service.
• Submit a request to add/remove others as a contact form a service.
• Submit a request to add a new service to the registry.
• Submit a request to remove a service from the registry.
• View pending requests.

Look Up a Service

The registry has been generated based on known services found in CAS logs. Efforts were made to find the appropriate contacts for each service.  There are services that we were unable to determine a contact, or there are contacts for services that have separated or moved to different departments. To find if a service you are responsible for is in the registry, you can access the Lookup Service  screen by clicking "Lookup Service" in the left hand navigation menu. 

On the Lookup Services screen you can search for services by either "Domain" or by "Contact". The default is to search by domain. Start typing into the search field at the top. When you stop typing, a query will be made to the server and the results will be displayed.

To search for services by contact, change the "Search by" field to "Contact", then start typing a persons name in to the search field.  Once you have typed at least three characters, an suggestion box will option and present up to 10 contacts that can be selected.  To narrow the field further continue typing.  Selecting a contact will then query the registry for services with that contact.

Add/Remove yourself as a contact

You can add or remove yourself to a service from the Lookup table by clicking the hamburger to the left of the service name and the select the desired option.

Clicking one of these options will create a request to be submitted to CAS Administrators.

Adding a Service

Adding a new service is accomplished by using the add wizard. If you are not a contact for any service in the registry, the wizard will be the first screen brought up by the application. You can also access it by clicking "Add Service" in the left hand navigation menu.

• Service URL
  • This field is required and needs to match the exact URL that is configured in your CAS Client as the "service" parameter. Matching this field is how CAS determines that this service entry should be used for your request.
• Service Name
  • Give your service a descriptive name.
• Description
  • Briefly describe the purpose of the service and who the target end users are. 

Your information will be read from LDAP and populated as the first contact. You can correct any of the fields as needed. You can also add as many additional contacts to the service as needed. The service must be submitted with at least one contact that corresponds to a person. Additional contacts that resolve to department mailing list are allowed.

• Name
  • Full name of the contact.
• Email
  • Enter the primary email of the contact.
• Phone
  • Enter the primary phone number of the contact.
• Department 
  • Enter the campus department for the contact.

When adding a new contact, the "Name" will do a query to return matching contacts, just like the "Lookup Service" search field does. 

Selecting a contact from the supplied list will populate the contacts information into the form. 

• Requires Duo
  • If this field is selected, the user logging in will be prompted for MFA using Duo.  
• Allow Single Sign-On
  • By default, all services participate in Single Sign-On when using CAS. Meaning if they are signed into another CAS protected service in the same browser session, they will not need to provide credentials when signing into a new CAS protected service. If your service has a requirement to always challenge for credentials, then unselecting this box will have that effect. Unchecking this field is equivalent to setting renew=true in your CAS Client.
• Logout Type
  • By default, CAS will attempt to use a BACK_CHANNEL logout to your CAS client when the user visits the cas/logout endpoint.  CAS clients that support SLO will be able to process the request from the CAS server and the user's session in your service will be invalidated. If your CAS clients do not support SLO, or if your user's session is stored on the client through cookies or local storage, you can set this field to FRONT_CHANNEL and redirect will be sent through the user's browser.  If you do not want your server to participate in SLO then set this field to NONE.
• Logout URL
  • Set this field if your application requires the use of custom logout endpoint. This is usually only necessary or effective when the Logout Type is set to FRONT_CHANNEL.

The final step is to submit your service to the CAS Administrators to be added to the registry.

The management application will then generate an email confirming your submission has been received. You will also receive emails notifying you when a CAS administrator has reviewed and either accepted or rejected your service.

Managing Services

Once you have at least one service in the registry that you are listed as a contact for, you will be presented with the following screen after logging into the application:

This screen lists all the services that are active in the registry and for which you have been listed as contact for.

The hamburger menu on each row for a service will always have at least "Edit", "Delete" and "Remove Me" options. When your service is added to the registry for the first time, it is given an expiration date of one year from the date it was added. You can see when the service is due for renewal in the last column. When your service is within 30 days of this renewal date, a third option, "Renew", will be added to this menu.  Selecting this option will automatically renew your service for another year. All contacts listed for a service will receive emails starting within the 30 day renewal period until the service is renewed, or until it expires and is removed from the registry. If you are the owner of a long-lived core campus service, you can request your service be made non-expiring by emailing ithelp@ucdavis.edu.  

Clicking on the "Edit" option, or the "Name" link on the services screen will bring up the service in an editable form. Here you can alter or add information to the service.  

Altering a field will enable the "Save Changes" option in the controls.

Clicking "Save Changes" will submit your edited service to CAS administrators to be reviewed and included into the registry.  You will receive an email confirming your submission and will be notified by email once again when your submission has been reviewed and either accepted or rejected.

IMPORTANT:  Any newly added services or edits made to services will NOT appear on "Your Services" screen until they have been accepted by a CAS administrator into the registry.  

Removing yourself as a Contact

Because of our best efforts to populate the service registry, you may find that you have been added to a service that you are no longer responsible for. To remove yourself from a single service you can select the "Remove Me" option from the hamburger menu for the service in the table. This will generate a request for you removing you as a contact from the service. Your request to remove yourself from a service where you are the only contact will be denied. Please add at least one new valid contact before requesting your removal from the service.

To remove yourself from multiple services in a single request, use the "Multiple Selection" toggle found just above the table to the left.

Switching the toggle on will replace the hamburger menus in the table for selection check boxes. You can use the check box in the header of the table to select/deselect all services in the table. This will also select any rows that are on pages that are not currently visible. Also selection of individual services will be kept when scrolling through pages in the table.

Switching the toggle on will also light up the available bulk options that can be performed on the services. You will find these options on the controls line which is located below the banner and to the right of the screen.

After clicking "Remove Me" from the control line, an attempt will be made to generate a request to remove you from all the selected services. If your selection contains services where you are the only contact, those services will not be part of the request. Any other valid request will be submitted. If the selections result in no changes being made, you will see this dialog appear.

Removing other contacts

Due to separations or individuals moving between departments, you may need to remove a contact other than yourself from a service.  To accomplish this, navigate to the "Lookup Services" screen, search for the contact that needs to be removed, and switch on the multiple selection toggle.

Above the table on the control line you will see the bulk options appear.  The first option will be to remove the contact that you searched for and the text will be "Remove FIRST_NAME". If the contact is the only one listed for the service, the change will not be submitted and a valid contact will need to be added before the removal.

Adding Other Contacts 

From either "Your Services" screen or after a search on the "Lookup Services" screen, use the toggle to put the table into multiple selection. Select the service(s) you want to add contacts to, and click the "Add Contacts" button on the controls line.

On this screen you can enter multiple contacts that will be added to the selected services. Start typing the contact's name and a selection list will appear.  Choose a contact from the list to add them.  Use the "+" to add a another line to enter a contact. If you decide not to add a contact, you can click "-" after their name to remove them from the list. Clicking "OK" will generate and submit a request for the change to be approved by CAS Administrators.

Removing Services 

In order to keep the registry in a state that reflects current CAS usage on campus, we want to remove services that have been retired or no longer used. You can request a service be removed by selecting the service and clicking on "Delete".

You will be asked to confirm that you indeed want to remove this service.  If a request to remove a service is accepted, and later you find you need the service back in the registry, contact ithelp@ucdavis.edu with a request to restore the service.  This is preferred over just adding it again as a new service.

Pending Submissions

After you submit your request, you will be emailed a confirmation that it has been successfully submitted and will be reviewed by a CAS Administrator.  You can also view your outstanding requests by clicking "Pending" in the left hand navigation menu.

This screen will only show requests made by you that are currently pending review by administrators. Once a request has been "Accepted" or "Rejected" they will no longer appear here.

• Blue entries are modifications to existing services
• Green entries are additions of a new service to the registry
• Red entries are requests to remove a service from the registry

For bulk requests, a message describing the change and and the number of services affected will be displayed in the first two columns of the table.