CAS 3 Introduction and Overview Why?

CAS2 is Simple to Understand 6 servlets and fewer than 10 JSPs Auth package – where to plug in your authentication provider Ticket package approximates model 2 tiny utility classes Exactly one external dependency: servlet.jar

6 servlets and fewer than 10 JSPs

Auth package – where to plug in your authentication provider

Ticket package approximates model

2 tiny utility classes

Exactly one external dependency: servlet.jar

CAS 2 is Popular and successful Answers current needs very adequately Many authentication providers Successfully extended Helpful user community – (ESUP Portail) Adopted by Acegi for Spring, mentioned in many technical references.

Answers current needs very adequately

Many authentication providers

Successfully extended

Helpful user community – (ESUP Portail)

Adopted by Acegi for Spring, mentioned in many technical references.

CAS 2 was Straining at the Seams Code was interwoven inside servlets Domain model not clear in code structure Extensions require modification of code – not good practice for core security product

Code was interwoven inside servlets

Domain model not clear in code structure

Extensions require modification of code – not good practice for core security product

New Requirements Non-interactive authentication Windows domain login Client certificates Integration with Shibboleth for cross domain authentication

Non-interactive authentication

Windows domain login

Client certificates

Integration with Shibboleth for cross domain authentication

Join with Rutgers Team to develop CAS3 Architecture Domain Driven Design Interfaces at Strategic architectural layers Standard MVC layer separation “ Don’t call us we’ll call you” Loosely coupled components Declarative configuration for extending Dependency Injection

Domain Driven Design

Interfaces at Strategic architectural layers

Standard MVC layer separation

“ Don’t call us we’ll call you”

Loosely coupled components

Declarative configuration for extending

Dependency Injection

Objectives for CAS 3.0 Definition of Domain Model Adopters can evaluate and understand function from architectural perspective Specification Retroactively created for CAS 2 Modern Architecture Loosely coupled components Dependency Injection (IoC) Well defined extension points Incorporation of forward looking software engineering environment: Spring, Maven, JUnit, AOP CAS 2 compliant

Definition of Domain Model

Adopters can evaluate and understand function from architectural perspective

Specification

Retroactively created for CAS 2

Modern Architecture

Loosely coupled components

Dependency Injection (IoC)

Well defined extension points

Incorporation of forward looking software engineering environment: Spring, Maven, JUnit, AOP

CAS 2 compliant

Finding The Saddle Point Software engineering Infrastructure May require relatively high Java skills and high benefit for future development Deployment Environment Clarity of the architectural model Ease of integrating extensions Ease of upgrading and applying patches

Software engineering Infrastructure

May require relatively high Java skills and high benefit for future development

Deployment Environment

Clarity of the architectural model

Ease of integrating extensions

Ease of upgrading and applying patches

From 50,000 Feet Web controllers for authentication and validation Views for customizing CAS look Cas – CentralAuthenticationService Interface With Methods to Create, Grant, Validate, Destroy tickets Authentication authenticate credentials via AuthenticationHandler interface Creates and populates principals (authenticated “things”) Validation perform and respond to validation requests Ticket represent and manipulate tickets

Web

controllers for authentication and validation

Views for customizing CAS look

Cas –

CentralAuthenticationService Interface

With Methods to Create, Grant, Validate, Destroy tickets

Authentication

authenticate credentials via AuthenticationHandler interface

Creates and populates principals (authenticated “things”)

Validation

perform and respond to validation requests

Ticket

represent and manipulate tickets

Primary Package Interaction org.jasig.cas.web Spring webflow MyJSPs org.jasig.cas.ticket Ticket / TicketRegistry org.jasig.cas.authentication AuthenticationManager MyAuthHandlers org.jasig.cas.web ServiceValidateController ProxyController org.jasig.cas.validation ValidationSpecification Assertion org.jasig.cas CentralAuthenticationService

Customization You’ll Need Your Authentication Handler Branded views via JSP And Maybe CredentialstoPrincipalResolver

Your Authentication Handler

Branded views via JSP

And Maybe

CredentialstoPrincipalResolver

Extension Points org.jasig.cas.services Includes a registry to allow for the generation of approved lists of services org.jasig.cas.event TicketEvent triggered by the creation, validation, destruction of a Ticket AuthenticationEvent exposes authentication success or failure and credentials(!) but not principal. HttpRequestEvent exposes request attributes including IP address, referrer, page. org.jasig.cas.stat expose various statistics about CAS tickets

org.jasig.cas.services

Includes a registry to allow for the generation of approved lists of services

org.jasig.cas.event

TicketEvent triggered by the creation, validation, destruction of a Ticket

AuthenticationEvent exposes authentication success or failure and credentials(!) but not principal.

HttpRequestEvent exposes request attributes including IP address, referrer, page.

org.jasig.cas.stat

expose various statistics about CAS tickets

Other Available Extensions Track and reflect data about an authentication Password strength, time since changed Additional attributes for the authenticated principal

Track and reflect data about an authentication

Password strength, time since changed

Additional attributes for the authenticated principal

CAS 3 Implemented using Current Best Practices Forward Facing for Best Future Still easy to Deploy

Implemented using Current Best Practices

Forward Facing for Best Future

Still easy to Deploy