Apereo CAS Authentication for Laravel

Easy Bring to CAS Authentication for Laravel


Via Composer

$ composer require sentrasoft/laravel-cas

Via edit composer.json

"require": {
	"sentrasoft/laravel-cas": "dev-master"

Next, update Composer from the Terminal:

$ composer update


After updating composer, add the ServiceProvider to the providers array in config/app.php.

'providers' => array(

Now add the alias in config/app.php.

'aliases' => array(
    'Cas' => Sentrasoft\Cas\Facades\Cas::class,

Add the middelware to your Kernel.php file or leverage your own:

'cas.auth'  => \Sentrasoft\Cas\Middleware\Authenticate::class,
'cas.guest' => \Sentrasoft\Cas\Middleware\RedirectIfAuthenticated::class,

Now publish the configuration cas.php file:

$ php artisan vendor:publish --provider="Sentrasoft\Cas\CasServiceProvider" --tag="config"

Add new environment variables below to your .env

To see further configuration, please see and read the description for each configuration item config/cas.php



Redirect the user to the authentication page for the provider.

Route::get('/cas/login', function() {
    return cas()->authenticate();

Controller and Callback Route

You can create a new controller named Auth\CasController.

php artisan make:controller Auth\CasController
class CasController extends Controller
     * Obtain the user information from CAS.
     * @return Illuminate\Http\RedirectResponse
    public function callback()
        // $username = Cas::getUser();
        // Here you can store the returned information in a local User model on your database (or storage).

        // This is particularly usefull in case of profile construction with roles and other details
        // e.g. Auth::login($local_user);

        return redirect()->route('home');

When the authentication is performed the callback url is invoked. In that callback you can process the User and create a local entry in the database.

Route::get('/cas/callback', 'Auth\CasController@callback')->name('cas.callback');


Logout of the CAS Session and redirect users.

Route::post('/cas/logout', [ 'middleware' => 'cas.auth', function() {

    // You can also add @param string $url in param[0]

    // Or add @param string $service in param[1]
    cas()->logout('', url('/'));


The cas.auth middleware is optional, but you will need to handle the error when a user tries to logout when they do not have a CAS Session.

If the CAS_LOGOUT_REDIRECT configuration item in .env is added, the value is taken from that configuration. Or if nothing is configured, the value is taken based on the value you specified.

If you want to use SLO (Single Logout) (if the CAS server supports SLO), Your application must have a valid SSL and the CAS server must be able to send HTTP POST /cas/logout without having to verify CsrfToken. Therefore, you must change the App\Http\Middleware\VerifyCsrfToken file and exclude /cas/logout route.

 * The URIs that should be excluded from CSRF verification.
 * @var array
protected $except = [


You can check that it works by trying to send an HTTP POST via cURL.

curl -X POST


Get User

To retrieve authenticated credentials.

Not ID (integer), but given on the CAS login (username) form.

$uid = Cas::user()->id;

Get User Attributes

Get the attributes for for the currently connected user.

foreach (Cas::user()->getAttributes() as $key => $value) {

Get User Attribute

Retrieve a specific attribute by key name. The attribute returned can be either a string or an array based on matches.

$value = Cas::user()->getAttribute('key');

The MIT License (MIT). Please see License File for more information.