Back in 2012 we were looking for a solution to replace our company-wide SSO with something more robust and future proof. After comparing various SSO technologies and standards, we decided to go with a CAS-based solution. CAS is an open standard and there are libraries for a wide range of client platforms (e.g. Ruby, Java, PHP, .NET, Apache).
We didn’t have any knowledge in running a big Java web application, so we decided to use the RubyCAS-Server. Running and maintaining Ruby web applications was (and still is) our daily business.
After some weeks and months of usage, we encountered several bugs and shortcomings in RubyCAS-Server. What’s worse: RubyCAS-Server does not fully adhere the CAS standard. “No problem, it’s open source!”, you’re probably saying. That’s what we thought too… After looking through the source code, we almost cried: it’s a mess and not well tested. But we didn’t give up here and began to hack our changes in. We then opened issues and pull requests but did not get any feedback. Very frustrating! The project seemed dead to us.
It took us just a few weeks to implement basic CAS support. We had a clean code base, a responsive user interface and 100% compatibility with the CAS standard.
But we didn’t stop here; the clean and well-tested source code allowed us to go beyond the CAS standard and add features such as two-factor authentication and a session overview.
We also built a product page with an appealing documentation: Check out casino.rbcas.com to learn how to setup your SSO within minutes.