This diagram depicts user access. When the user first attempts to access an application protected by CAS, the user is redirected to the CAS login page. Upon successful login, the user is redirected back to the application with a ticket. The cookie for the CAS login page is saved. The application verifies the user's identity by verifying the ticket against CAS. On content management systems, CAS authenticates by default against the WebCenter Sites database.