How To Use
Client Registration
How to register your applications with CAS and configure SSO integration.
1. What is a Client System?
A client system is any application that uses CAS for user authentication. Each client gets unique credentials for secure communication with the CAS server.
Web Apps
Laravel, Django, Express, Spring Boot, .NET MVC applications
Mobile Apps
iOS, Android, React Native, and Flutter applications
Internal Tools
Admin panels, CRM systems, HR portals, internal dashboards
2. Registering a Client
Navigate to Admin Panel → Client Systems → Add New and fill in:
| Field | Example | Description |
|---|---|---|
| System Name | Customer Portal | Human-readable application name |
| System URL | https://portal.company.com | Base URL of the client application |
| Callback URL | https://portal.company.com/cas/callback | Where CAS redirects after login |
| Status | Active | Enable/disable client |
3. Understanding Credentials
After saving, the system generates 4 credentials:
client_id
Unique identifier for your app. Sent with every API request. Visible anytime in the admin panel.
client_secret
Used to generate HMAC signatures. Shown only once — copy immediately and store securely.
client_username
Username for API authentication. Used alongside client_password for server-to-server calls.
client_password
Encrypted password for API calls. Shown only once — store in your .env file.
4. Configuring Your App
Add the credentials to your client application's environment:
CAS_SERVER_URL=https://your-cas-server.com
CAS_CLIENT_ID=generated_client_id
CAS_CLIENT_SECRET=generated_client_secret
CAS_CLIENT_USERNAME=generated_username
CAS_CLIENT_PASSWORD=generated_password
CAS_CALLBACK_URL=https://your-app.com/cas/callback5. Testing the Connection
Verify your client can communicate with CAS:
curl -X POST https://your-cas-server.com/api/sso/token \
-H "Content-Type: application/json" \
-d '{"email":"[email protected]","password":"password","client_id":"YOUR_ID","client_secret":"YOUR_SECRET"}'success: true response with a JWT token, your client is properly configured.