There are several different ways for applications to integrate CAS authentication, including login and validation.
When integrating CAS authentication with your application, follow these best practices:
Applications using CAS must operate entirely over TLS (i.e., the cas url must be an HTTPS URL).
Enabling HTTP Strict Transport Security (HSTS) is highly recommended.
To be sure they are authenticating to APIIT Education Group’s CAS, users must be able to see the URL https://cas.apiit.edu.my/cas/login.
Therefore, applications must redirect to CAS and not render the login page inside an iframe or use other similar techniques.