diff -rupN php/api/classes/CUser.php php_patched/api/classes/CUser.php
--- php/api/classes/CUser.php	2014-08-16 09:00:25.920000000 +0300
+++ php_patched/api/classes/CUser.php	2014-07-29 22:18:01.000000000 +0300
@@ -24,6 +24,8 @@
  *
  * @package API
  */
+
+
 class CUser extends CZBXAPI {
 
 	protected $tableName = 'users';
@@ -1038,7 +1040,6 @@ class CUser extends CZBXAPI {
 	 */
 	public function login($user) {
 		global $ZBX_LOCALNODEID;
-
 		$name = $user['user'];
 		$password = md5($user['password']);
 
@@ -1077,6 +1078,7 @@ class CUser extends CZBXAPI {
 			$guiAccess = GROUP_GUI_ACCESS_SYSTEM;
 		}
 		else {
+
 			$guiAccess = $dbAccess['gui_access'];
 		}
 
@@ -1085,7 +1087,17 @@ class CUser extends CZBXAPI {
 
 		switch ($guiAccess) {
 			case GROUP_GUI_ACCESS_INTERNAL:
-				$authType = ($authType == ZBX_AUTH_HTTP) ? ZBX_AUTH_HTTP : ZBX_AUTH_INTERNAL;
+
+				if($authType == ZBX_AUTH_HTTP) {
+				 $authType = ZBX_AUTH_HTTP;
+				}
+				else if($authType == ZBX_AUTH_CAS) {
+			         $authType = ZBX_AUTH_CAS;	
+				}
+				else {
+				   $authType = ZBX_AUTH_INTERNAL;
+				}
+
 				break;
 			case GROUP_GUI_ACCESS_DISABLED:
 				/* fall through */
@@ -1116,6 +1128,7 @@ class CUser extends CZBXAPI {
 				case ZBX_AUTH_INTERNAL:
 					$this->dbLogin($user);
 					break;
+				case ZBX_AUTH_CAS:
 				case ZBX_AUTH_HTTP:
 			}
 		}
@@ -1171,7 +1184,6 @@ class CUser extends CZBXAPI {
 		if (!is_null(self::$userData)) {
 			return self::$userData;
 		}
-
 		$time = time();
 
 		$userInfo = DBfetch(DBselect(
@@ -1187,8 +1199,8 @@ class CUser extends CZBXAPI {
 		if (!$userInfo) {
 			self::exception(ZBX_API_ERROR_PARAMETERS, _('Session terminated, re-login, please.'));
 		}
-
 		// don't check permissions on the same second
+
 		if ($time != $userInfo['lastaccess']) {
 			if (!check_perm2system($userInfo['userid'])) {
 				self::exception(ZBX_API_ERROR_PARAMETERS, _('No permissions for system access.'));
@@ -1218,9 +1230,7 @@ class CUser extends CZBXAPI {
 		$userData = $this->_getUserData($userInfo['userid']);
 		$userData['sessionid'] = $sessionid;
 		$userData['gui_access'] = $guiAccess;
-
 		CWebUser::$data = self::$userData = $userData;
-
 		return $userData;
 	}
 
diff -rupN php/authentication.php php_patched/authentication.php
--- php/authentication.php	2014-08-16 09:00:25.944000000 +0300
+++ php_patched/authentication.php	2014-07-29 22:18:01.000000000 +0300
@@ -29,7 +29,7 @@ require_once dirname(__FILE__).'/include
 
 //	VAR						TYPE	OPTIONAL	FLAGS	VALIDATION	EXCEPTION
 $fields = array(
-	'config' =>			array(T_ZBX_INT, O_OPT, null, IN(ZBX_AUTH_INTERNAL.','.ZBX_AUTH_LDAP.','.ZBX_AUTH_HTTP), null),
+	'config' =>			array(T_ZBX_INT, O_OPT, null, IN(ZBX_AUTH_INTERNAL.','.ZBX_AUTH_LDAP.','.ZBX_AUTH_HTTP.','.ZBX_AUTH_CAS), null),
 	'form_refresh' =>	array(T_ZBX_INT, O_OPT, null,			null, null),
 	'save' =>			array(T_ZBX_STR, O_OPT, P_SYS|P_ACT,	null, null),
 	'test' =>			array(T_ZBX_STR, O_OPT, P_SYS|P_ACT,	null, null),
@@ -49,7 +49,16 @@ $fields = array(
 		'isset({config})&&{config}=='.ZBX_AUTH_LDAP.'&&(isset({save})||isset({test}))'),
 	'user_password' =>	array(T_ZBX_STR, O_OPT, null,			NOT_EMPTY,
 		'isset({config})&&{config}=='.ZBX_AUTH_LDAP.'&&(isset({save})||isset({test}))',	_('User password')),
-	'change_bind_password' => array(T_ZBX_STR, O_OPT, null, null,	null)
+	'change_bind_password' => array(T_ZBX_STR, O_OPT, null, null,	null),
+	'cas_host' => 		array(T_ZBX_STR, O_OPT, null,                   NOT_EMPTY,
+                'isset({config})&&{config}=='.ZBX_AUTH_LDAP.'&&(isset({save})||isset({test}))', _('CAS Host')),
+	'cas_port' =>          array(T_ZBX_INT, O_OPT, null,                   BETWEEN(0, 65535),
+                'isset({config})&&{config}=='.ZBX_AUTH_LDAP.'&&(isset({save})||isset({test}))', _('CAS Port')),
+	'cas_context' =>          array(T_ZBX_STR, O_OPT, null,                   NOT_EMPTY,
+                'isset({config})&&{config}=='.ZBX_AUTH_LDAP.'&&(isset({save})||isset({test}))', _('CAS Context')),
+	'cas_cert_path' =>          array(T_ZBX_STR, O_OPT, null,                   NOT_EMPTY,
+                'isset({config})&&{config}=='.ZBX_AUTH_LDAP.'&&(isset({save})||isset({test}))', _('CAS CA Cert path'))
+
 );
 check_fields($fields);
 
@@ -96,6 +105,37 @@ if ($config['authentication_type'] == ZB
 		}
 	}
 }
+else if ($config['authentication_type'] == ZBX_AUTH_CAS) {
+
+ if (isset($_REQUEST['save'])) { 
+
+
+	if (update_config($config)) {
+
+           $msg = $isAuthenticationTypeChanged
+                ? _('Authentication method changed to CAS')
+                : _('CAS authentication changed');
+
+           $isAuthenticationTypeChanged = false;
+
+           add_audit(AUDIT_ACTION_UPDATE, AUDIT_RESOURCE_ZABBIX_CONFIG, $msg);
+
+           show_message($msg);
+
+
+        }
+        else {
+
+           show_error_message(
+           $isAuthenticationTypeChanged
+                   ? _('Cannot change authentication method to LDAP')
+                   : _('Cannot change authentication')
+                                        );
+        }
+
+
+ }
+}
 elseif ($config['authentication_type'] == ZBX_AUTH_LDAP) {
 	if (isset($_REQUEST['save']) || isset($_REQUEST['test'])) {
 		// check LDAP login/password
@@ -187,8 +227,8 @@ elseif ($config['authentication_type'] =
 
 			add_audit(AUDIT_ACTION_UPDATE, AUDIT_RESOURCE_ZABBIX_CONFIG, _('Authentication method changed to HTTP'));
 
-			show_message(_('Authentication method changed to HTTP'));
-		}
+			  show_message(_('Authentication method changed to HTTP'));
+		}	
 		else {
 			show_error_message(_('Cannot change authentication method to HTTP'));
 		}
diff -rupN php/include/classes/class.cview.php php_patched/include/classes/class.cview.php
--- php/include/classes/class.cview.php	2014-08-16 09:00:25.940000000 +0300
+++ php_patched/include/classes/class.cview.php	2014-07-29 22:18:01.000000000 +0300
@@ -108,7 +108,9 @@ class CView {
 		// $data this variable will be used in included file
 		$data = $this->data;
 		ob_start();
+		
 		$this->template = include($this->filePath);
+		
 		if ($this->template === false) {
 			throw new Exception(_s('Cannot include view file "%s".', $this->filePath));
 		}
diff -rupN php/include/classes/class.cwebuser.php php_patched/include/classes/class.cwebuser.php
--- php/include/classes/class.cwebuser.php	2014-08-16 09:00:25.936000000 +0300
+++ php_patched/include/classes/class.cwebuser.php	2014-08-16 09:14:01.000000000 +0300
@@ -74,6 +74,7 @@ class CWebUser {
 	}
 
 	public static function checkAuthentication($sessionid) {
+
 		try {
 			if ($sessionid !== null) {
 				self::$data = API::User()->checkAuthentication($sessionid);
diff -rupN php/include/defines.inc.php php_patched/include/defines.inc.php
--- php/include/defines.inc.php	2014-08-16 09:00:25.920000000 +0300
+++ php_patched/include/defines.inc.php	2014-07-29 22:18:01.000000000 +0300
@@ -92,6 +92,7 @@ define('ZBX_FONT_NAME', 'DejaVuSans');
 define('ZBX_AUTH_INTERNAL',	0);
 define('ZBX_AUTH_LDAP',		1);
 define('ZBX_AUTH_HTTP',		2);
+define('ZBX_AUTH_CAS',		3);
 
 define('ZBX_DB_DB2',		'IBM_DB2');
 define('ZBX_DB_MYSQL',		'MYSQL');
diff -rupN php/include/perm.inc.php php_patched/include/perm.inc.php
--- php/include/perm.inc.php	2014-08-16 09:00:25.928000000 +0300
+++ php_patched/include/perm.inc.php	2014-07-29 22:18:01.000000000 +0300
@@ -47,7 +47,8 @@ function authentication2str($type) {
 	$authentications = array(
 		ZBX_AUTH_INTERNAL => _('Zabbix internal authentication'),
 		ZBX_AUTH_LDAP => _('LDAP authentication'),
-		ZBX_AUTH_HTTP => _('HTTP authentication')
+		ZBX_AUTH_HTTP => _('HTTP authentication'),
+	        ZBX_AUTH_CAS => _('CAS SSO Authentication')
 	);
 
 	return isset($authentications[$type]) ? $authentications[$type] : _('Unknown');
@@ -127,9 +128,18 @@ function getUserAuthenticationType($user
 	switch (getUserGuiAccess($userId, $maxGuiAccess)) {
 		case GROUP_GUI_ACCESS_SYSTEM:
 			return $config['authentication_type'];
-
+			break;
 		case GROUP_GUI_ACCESS_INTERNAL:
-			return ($config['authentication_type'] == ZBX_AUTH_HTTP) ? ZBX_AUTH_HTTP : ZBX_AUTH_INTERNAL;
+                        if ($config['authentication_type'] == ZBX_AUTH_HTTP) {
+                                $result = ZBX_AUTH_HTTP;
+                        } else if($config['authentication_type'] == ZBX_AUTH_CAS) {
+                          $result = ZBX_AUTH_CAS;
+                        }
+                        else {
+                                $result = ZBX_AUTH_INTERNAL;
+                        }
+			return $result;
+                        break;
 
 		default:
 			return $config['authentication_type'];
@@ -171,7 +181,15 @@ function getGroupAuthenticationType($gro
 			return $config['authentication_type'];
 
 		case GROUP_GUI_ACCESS_INTERNAL:
-			return ($config['authentication_type'] == ZBX_AUTH_HTTP) ? ZBX_AUTH_HTTP : ZBX_AUTH_INTERNAL;
+			if ($config['authentication_type'] == ZBX_AUTH_HTTP) {
+                                $result = ZBX_AUTH_HTTP;
+                        } else if($config['authentication_type'] == ZBX_AUTH_CAS) {
+                          $result = ZBX_AUTH_CAS;
+                        }
+                        else {
+                                $result = ZBX_AUTH_INTERNAL;
+                        }
+			return $result;
 
 		default:
 			return $config['authentication_type'];
diff -rupN php/include/views/administration.authentication.edit.php php_patched/include/views/administration.authentication.edit.php
--- php/include/views/administration.authentication.edit.php	2014-08-16 09:00:25.928000000 +0300
+++ php_patched/include/views/administration.authentication.edit.php	2014-07-29 22:18:01.000000000 +0300
@@ -45,7 +45,12 @@ $configTypeRadioButton = array(
 		($this->data['config']['authentication_type'] == ZBX_AUTH_HTTP),
 		'submit()'
 	),
-	new CLabel(_('HTTP'), 'config_'.ZBX_AUTH_HTTP)
+	new CLabel(_('HTTP'), 'config_'.ZBX_AUTH_HTTP),
+	new CRadioButton('config', ZBX_AUTH_CAS, null, 'config_'.ZBX_AUTH_CAS,
+                ($this->data['config']['authentication_type'] == ZBX_AUTH_CAS),
+                'submit()'
+        ),
+	new CLabel(_('CAS'), 'config_'.ZBX_AUTH_CAS)
 );
 $authenticationFormList->addRow(_('Default authentication'), new CDiv($configTypeRadioButton, 'jqueryinputset'));
 
@@ -112,6 +117,30 @@ if ($this->data['config']['authenticatio
 	$authenticationFormList->addRow(_('User password'), new CPassBox('user_password', null, ZBX_TEXTBOX_SMALL_SIZE));
 }
 
+if($this->data['config']['authentication_type'] == ZBX_AUTH_CAS) {
+
+        $authenticationFormList->addRow(
+                _('CAS Host'),
+                new CTextBox('cas_host', $this->data['config']['cas_host'], ZBX_TEXTBOX_STANDARD_SIZE)
+        );
+
+	$authenticationFormList->addRow(
+                _('CAS port'),
+                new CTextBox('cas_port', $this->data['config']['cas_port'], ZBX_TEXTBOX_STANDARD_SIZE)
+        );
+
+	$authenticationFormList->addRow(
+                _('CAS Context'),
+                new CTextBox('cas_context', $this->data['config']['cas_context'], ZBX_TEXTBOX_STANDARD_SIZE)
+        );
+
+        $authenticationFormList->addRow(
+                _('CAS CAS Cert path'),
+                new CTextBox('cas_cert_path', $this->data['config']['cas_cert_path'], ZBX_TEXTBOX_STANDARD_SIZE)
+        );
+}
+
+
 // append form list to tab
 $authenticationTab = new CTabView();
 $authenticationTab->addTab('authenticationTab', $this->data['title'], $authenticationFormList);
@@ -127,7 +156,7 @@ if ($this->data['is_authentication_type_
 			'jQuery("#authenticationForm").submit(); return true; } else { return false; }'
 	);
 }
-elseif ($this->data['config']['authentication_type'] != ZBX_AUTH_LDAP) {
+elseif ($this->data['config']['authentication_type'] != ZBX_AUTH_LDAP && $this->data['config']['authentication_type'] != ZBX_AUTH_CAS) {
 	$saveButton->setAttribute('disabled', 'true');
 }
 
diff -rupN php/index.php php_patched/index.php
--- php/index.php	2014-08-16 09:00:25.920000000 +0300
+++ php_patched/index.php	2014-08-16 09:26:21.000000000 +0300
@@ -25,6 +25,7 @@ define('ZBX_HIDE_NODE_SELECTION', true);
 
 require_once dirname(__FILE__).'/include/config.inc.php';
 require_once dirname(__FILE__).'/include/forms.inc.php';
+require_once 'CAS.php';
 
 $page['title'] = _('ZABBIX');
 $page['file'] = 'index.php';
@@ -39,16 +40,48 @@ $fields = array(
 	'autologin' =>	array(T_ZBX_INT, O_OPT, null,	null,			null),
 	'request' =>	array(T_ZBX_STR, O_OPT, null,	null,			null)
 );
+
+$config = select_config();
+
+// Initialize phpCAS
+phpCAS::client(CAS_VERSION_2_0, $config['cas_host'], intval($config['cas_port']), $config['cas_context']);
+phpCAS::setCasServerCACert($config['cas_cert_path']);
 check_fields($fields);
 
+
 // logout
 if (isset($_REQUEST['reconnect'])) {
 	add_audit(AUDIT_ACTION_LOGOUT, AUDIT_RESOURCE_USER, _('Manual Logout'));
 	CWebUser::logout();
-	redirect('index.php');
+
+	if($config['authentication_type'] == ZBX_AUTH_CAS) {
+	   phpCAS::logout();
+	   exit;
+	} else {
+	  redirect('index.php');
+	}
 }
 
-$config = select_config();
+
+if($config['authentication_type'] == ZBX_AUTH_CAS) {
+  if(!phpCAS::isAuthenticated()) {
+	phpCAS::forceAuthentication();
+	exit;
+
+  } else if (phpCAS::isAuthenticated()) {
+
+      $_REQUEST['enter'] = _('Sign in');
+      $_REQUEST['name'] = phpCAS::getUser();
+      $_SERVER['PHP_AUTH_USER'] = phpCAS::getUser();
+
+  } else {
+
+	access_deny();
+
+  }
+
+
+}
 
 if ($config['authentication_type'] == ZBX_AUTH_HTTP) {
 	if (!empty($_SERVER['PHP_AUTH_USER'])) {
diff -rupN php/jsrpc.php php_patched/jsrpc.php
--- php/jsrpc.php	2014-08-16 09:00:26.000000000 +0300
+++ php_patched/jsrpc.php	2014-07-29 22:18:01.000000000 +0300
@@ -31,6 +31,7 @@ else {
 	$data = $_REQUEST;
 }
 
+
 $page['title'] = 'RPC';
 $page['file'] = 'jsrpc.php';
 $page['hist_arg'] = array();