CAS FAQ
1. What is the trusted login URL?

https://cas.ust.hk/cas/ is the URL you should trust for logging in to CAS. The URL may end in "index.jsp" or "login" as both of these are okay.

 

If you have been bounced to the CAS service whilst trying to access some other web site you'll often find "?service=" and the URL of the website tagged at the end of the login URL - this is okay as it allows the CAS service to send you back to where you wanted to be once it has successfully worked out who you are.

2. How do I logout?

You can logout of CAS by visiting https://cas.ust.hk/cas/logout and then close all browser windows. It is very important that you log out of CAS when you have finished using the computer, particularly if the computer is in a public area. If you forget to logout, subsequent users of the computer may be able to access many applications on behalf of you. Completely shutting down your browser by closing all the browser windows is the safest way to ensure everything is logged out.

3. What is the "Warn me before logging me into other sites" checkbox?

This feature is for those who may require extra assurance about the privacy or security of the data they enter online while using a web site participating in the Central Authentication Service (CAS) single-signon service.

 

When you log into CAS, you have the option of being warned each time CAS tries to log you into a new application or service. This option raises awareness about what might otherwise be silent authentication events. For example, this enables the visitor to a web program to be alerted to the fact that an authentication step was performed while accessing the web site. This helps the visitor to remember to confirm that the correct identity credentials are being used by the web site before entering any security- or privacy-sensitive data.

4. What password do I use?

In general, you will need to use your ITSC Network Password. In most cases this will be the same as your email password as the staff and student email servers also use the ITSC Network Account for authentication. 

5. Why do I note some applications using port 8443 instead standard 443 SSL port?

We used non-standard 8443 SSL port in early CAS server deployment. For compatibility reason, SSL port 8443 is also supported for those early deployed CAS applications. However, we strongly recommend to change to standard SSL port as there were problem reported that non-standard port is blocked by some internet providers

6. Why am I being asked to input my login credential again?

If you are using the Central Authentication Service (CAS), the following are reasons why you are asked to reenter your login credential besides you explicitly logged out of CAS:

 

  • CAS uses a cookie to determine if a user has already logged in, and the cookie expires when the user closes the browser that was used to log into CAS. So, if a user logs into CAS, and then quit their web browser, the CAS will not know who the user is, and the user will have to reenter his/her login information. Likewise, if a user uses more than one web browser, the user will have to log into CAS using each one.

    If the time limit, or session, for CAS has expired (currently 8 hours), then you will have to login again.
     
  • You have logged into CAS, but the web application you are trying to use has asked CAS to present you with the login screen again. Web applications have the ability to ask CAS to present the login screen to the user regardless of whether or not the user has already logged in. This feature is available as an extra security precaution.
7. Why should I trust the login URL?

The "s" in "https" means that it will establish a secure connection, offering encryption of information as it traverses the network and authenticates with the server. You can be sure that account name and password information typed into this web form is only used by the university's CAS for authenticating you for access to protected web applications. The account name and password you provide are not recorded and are not exposed to third-parties. Applications making use of CAS will never have access to your password.

8. Why should I check the CAS URL before login?

Before entering your account name and password into the University's CAS login form, you should check that the web address of the page being displayed begins with

 

https://cas.ust.hk/cas/

 

The reason for checking the URL is to prevent a malicious person to fool you into supplying your account name and password by setting up a page that looks like the university's CAS login page. By routinely checking the URL of the login page will help to reduce the risk. This is especially important when logging in to services that you have not used before.

9. Who can login to CAS?

All members of the university with a valid ITSC Network Account can use CAS to authenticate. Some of the web applications using CAS for authentication may only be accessible to some individuals depending on the nature of the application and the identity of the user.