diff --git a/server/config/default.yaml b/server/config/default.yaml
index 00c89f30..55db15fa 100644
--- a/server/config/default.yaml
+++ b/server/config/default.yaml
@@ -174,7 +174,7 @@ postfixBounce:
 cas:
   # enable to use CAS user backend
   enabled: false
-  urlsso: https://example.cas-server.com
+  url: https://example.cas-server.com
   # nameTag identifies the attribute to be used for user's full name
   nameTag: username
   # mailTag identifies the attribute to be used for user's email address
diff --git a/server/lib/passport.js b/server/lib/passport.js
index efbc3033..6b869ba7 100644
--- a/server/lib/passport.js
+++ b/server/lib/passport.js
@@ -148,6 +148,9 @@ module.exports.restLogout = (req, res) => {
     res.json();
 };
 
+
+module.exports.casLogin = passport.authenticate('cas', { failureRedirect: '/login' });
+
 module.exports.restLogin = (req, res, next) => {
     passport.authenticate(authMode, (err, user, info) => {
         if (err) {
@@ -176,19 +179,11 @@ module.exports.restLogin = (req, res, next) => {
     })(req, res, next);
 };
 let CasStrategy;
-let CasStrategyOpts;
-if (config.cas.enabled) {
+if (config.cas && config.cas.enabled === true) {
   try {
     CasStrategy = require('passport-cas2').Strategy;
     authMode = 'cas';
     log.info('CAS', 'Found module "passport-cas2". It will be used for CAS auth.');
-    CasStrategyOpts = {
-      casURL: config.cas.urlsso,
-      propertyMap: { 
-        name: config.cas.nameTag,
-        email: config.cas.mailTag
-      }
-    };
   } catch (exc) {
     log.info('CAS', 'Module passport-cas2 not installed.');
   }
@@ -198,16 +193,23 @@ if (CasStrategy) {
     module.exports.authMethod = 'cas';
     module.exports.isAuthMethodLocal = false;
 
-    passport.use(new CasStrategy(CasStrategyOpts, 
+    const cas = new CasStrategy({
+        casURL: config.cas.url,
+        propertyMap: {
+            displayName: config.cas.nameTag,
+            emails: config.cas.mailTag
+        }
+    }, 
     nodeifyFunction(async (username, profile) => { 
       try {
         const user = await users.getByUsername(username);
 
+        log.info('CAS', 'Old User: '+JSON.stringify(profile));
         return {
             id: user.id,
             username: username,
-            name: profile[config.cas.nameTag],
-            email: profile[config.cas.mailTag],
+            name: profile.displayName,
+            email: profile.emails[0].value,
             role: user.role
         };
       } catch (err) {
@@ -215,14 +217,17 @@ if (CasStrategy) {
             const userId = await users.create(contextHelpers.getAdminContext(), {
                 username: username,
                 role: config.cas.newUserRole,
-                namespace: config.cas.newUserNamespaceId
+                namespace: config.cas.newUserNamespaceId,
+                name: profile.displayName,
+                email: profile.emails[0].value
             });
+            log.info('CAS', 'New User: '+JSON.stringify(profile));
 
             return {
                 id: userId,
                 username: username,
-                name: profile[config.cas.nameTag],
-                email: profile[config.cas.mailTag],
+                name: profile.displayName,
+                email: profile.emails[0].value,
                 role: config.cas.newUserRole
             };
         } else {
@@ -230,9 +235,15 @@ if (CasStrategy) {
         }
       }
     }));
+    passport.use(cas);
     passport.serializeUser((user, done) => done(null, user));
     passport.deserializeUser((user, done) => done(null, user));
 
+    module.exports.authenticateCas = passport.authenticate('cas', { failureRedirect: '/login?cas-login-error' });
+    module.exports.logoutCas = function (req, res) {
+        cas.logout(req, res, config.www.trustedUrlBase+'/login?cas-logout-success');
+    };
+
 } else if (LdapStrategy) {
     log.info('Using LDAP auth (passport-' + authMode === 'ldap' ? 'ldapjs' : authMode + ')');
     module.exports.authMethod = 'ldap';