CAS authentication support for Devise
Pull request Compare This branch is 2 commits ahead, 246 commits behind nbudin:master.


Written by Nat Budin
Taking a lot of inspiration from devise_ldap_authenticatable

devise_cas_authenticatable is CAS single sign-on support for Devise applications. It acts as a replacement for database_authenticatable. It builds on rubycas-client and should support just about any conformant CAS server (although I have personally tested it using rubycas-server).


  • Rails 2.3 or 3.0
  • Devise 1.0 (for Rails 2.3) or 1.1 (for Rails 3.0)
  • rubycas-client


gem install --pre devise_cas_authenticatable

and in your config/environment.rb (on Rails 2.3):

config.gem 'devise', :version => '~> 1.0.6'
config.gem 'devise_cas_authenticatable'

or Gemfile (Rails 3.0):

gem 'devise', '~> 1.1.1'
gem 'devise_cas_authenticatable'


I've modified the devise_example application to work with this gem. You can find the results here.


Once devise_cas_authenticatable is installed, add the following to your user model:

devise :cas_authenticatable

You can also add other modules such as token_authenticatable, trackable, etc. Please do not add database_authenticatable as this module is intended to replace it.

You'll also need to set up the database schema for this:

create_table :users do |t|

and, optionally, indexes:

add_index :username, :unique => true

Finally, you'll need to add some configuration to your config/initializers/devise.rb in order to tell your app how to talk to your CAS server:

Devise.setup do |config|
  config.cas_base_url = ""

  # you can override these if you need to, but cas_base_url is usually enough
  # config.cas_login_url = ""
  # config.cas_logout_url = ""
  # config.cas_validate_url = ""

  # By default, devise_cas_authenticatable will create users.  If you would rather
  # require user records to already exist locally before they can authenticate via
  # CAS, uncomment the following line.
  # config.cas_create_user = false  

Extra attributes

If your CAS server passes along extra attributes you'd like to save in your user records, using the CAS extra_attributes parameter, you can define a method in your user model called cas_extra_attributes= to accept these. For example:

class User < ActiveRecord::Base
  devise :cas_authenticatable

  def cas_extra_attributes=(extra_attributes)
    extra_attributes.each do |name, value|
      case name.to_sym
      when :fullname
        self.fullname = value
      when :email = value

See also


  • Implement CAS single sign-off support (maybe via a Rack middleware?)
  • Write test suite
  • Test on non-ActiveRecord ORMs