Features
CAS
CAS is a web-based single sign-on protocol which uses the state-wide LDAP directory system as its authentication and authorization database. After successful authentication, CAS uses SAML to return authorization information such as affiliation (student, faculty) or identifiers such as the tnUniqueID that may be used by the application to determine whether the user should have access to the service and to match the user to existing accounts within the application.
SHIBBOLETH
Shibboleth is a single sign-on technology that supports both federated access to Internet-based services as well as access to local applications using the state-wide LDAP directory as its authentication and authorization database. UT is a member of both the Incommon and the Edugain federations. Shibboleth provides the option of limiting access to an application based on defined authorization attributes such as affiliation or campus. It can also return authorization information to the application using SAML.
LDAP
If an application cannot support CAS or Shibboleth, authentication using LDAP is available. Note that authorization options may be limited when using LDAP unless the application is written to retrieve authorization attributes at the time of authentication.
ACTIVE DIRECTORY
Active Directory is a Microsoft-developed directory service used by Windows servers, workstations, and other devices. Active Directory has limited access to authorization information but does provide user-manageable security groups for authorizing access to services.