Introducing JA-SIG Central Authentication Service 3.0 Scott Battaglia [email_address] Rutgers, the State University of New...
Outline <ul><li>What is CAS? </li></ul><ul><li>History of CAS </li></ul><ul><ul><li>CAS 1.x </li></ul></ul><ul><ul><li>CAS...
What is CAS? <ul><li>CAS is… </li></ul><ul><ul><li>Single sign on for the web </li></ul></ul><ul><ul><li>A trusted interme...
History of CAS CAS 1.x CAS 2.x
History of CAS: CAS 1.x <ul><li>Original version released by Yale University </li></ul><ul><li>Offered single sign on for ...
History of CAS: CAS 2 <ul><li>Also developed at Yale University </li></ul><ul><li>Introduced concept of proxy authenticati...
Introducing CAS 3.0
CAS 3.0: Why Build CAS 3? <ul><li>CAS 2.0 was an excellent project </li></ul><ul><li>CAS 2.0 was easy to use </li></ul><ul...
CAS 3.0: Why Build CAS 3? <ul><li>Making changes to CAS 2.0 generally requires forking the code base </li></ul><ul><li>Add...
CAS 3.0: Why Build CAS 3? <ul><li>CAS 3 offers… </li></ul><ul><ul><li>CAS 2 compliance out of the box </li></ul></ul><ul><...
CAS 3.0: Design Goals <ul><li>First and foremost CAS3 will be Flexible, Extensible and Elegant.  </li></ul><ul><li>CAS3 wi...
CAS 3.0: Development Process <ul><li>Started as a Yale/Rutgers collaboration </li></ul><ul><li>Became JA-SIG Project in De...
CAS 3.0: Development Team <ul><li>Yale University </li></ul><ul><ul><li>Susan Bramhall </li></ul></ul><ul><ul><li>Howard G...
CAS 2 Compliance <ul><li>In terms of protocol, drop in replacement for CAS 2.0 </li></ul><ul><li>Requires no modifications...
Unit/Integration/Compliance Tests <ul><li>Unit and Integration Tests coverage of major components </li></ul><ul><ul><li>Ut...
Proper Domain Model <ul><li>Major Breakthrough: Only Two Types of Tickets </li></ul><ul><ul><li>Ticket Granting Ticket </l...
Revamped Architecture <ul><li>Built on popular open-source frameworks </li></ul><ul><ul><li>Spring Framework </li></ul></u...
Revamped Architecture <ul><li>Loose coupling of components </li></ul><ul><ul><li>Via Dependency Injection </li></ul></ul><...
Revamped Architecture <ul><li>Uses Design Patterns </li></ul><ul><ul><li>Patterns allow for a common understanding </li></...
Revamped Architecture <ul><li>Use of AOP to separate cross-cutting concerns for business logic </li></ul><ul><ul><li>Allow...
Support for Well-Known Modifications <ul><li>Gathered list from current and future (potential) CAS deployers </li></ul><ul...
Support for Well-Known Modifications <ul><li>Audit Trail Modification (identified by CalPoly) </li></ul><ul><li>Services W...
Support for Well-Known Modifications <ul><li>Audit Trail Modification </li></ul><ul><ul><li>CAS supports publishing of eve...
Support for Well-Known Modifications <ul><li>Attributes </li></ul><ul><ul><li>CAS supports plugging in PrincipalResolvers ...
Support for Well-Known Modifications <ul><li>Ticket Statistics </li></ul><ul><ul><li>Exposed via JMX </li></ul></ul><ul><u...
Advanced CAS 3 Usage
Clustering/Load Balancing CAS <ul><li>All CAS Domain objects are serializable </li></ul><ul><li>Tickets are only stored in...
Accepting Multiple Credential Types <ul><li>Web Login defined by workflow </li></ul><ul><li>Dartmouth identified need to h...
SAML Support <ul><li>Standard XML-based framework </li></ul><ul><li>Used to create and exchange info amongst online partne...
The Future of CAS
The Future of CAS <ul><li>Advanced SAML Support </li></ul><ul><ul><li>Support for both SAML request and responses </li></u...
The Future of CAS <ul><li>Already working on a 3.0.1 (and beyond) </li></ul><ul><ul><li>XMLBeans view </li></ul></ul><ul><...
Helping with CAS 3.0 Development <ul><li>What can YOU do to help? </li></ul><ul><ul><li>Look at what CAS 3 has to offer </...
<ul><li>Questions or comments? </li></ul>
Upcoming SlideShare
Loading in …5
×

Central Authentication Service

1,375 views

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,375
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
21
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Central Authentication Service

  1. 1. Introducing JA-SIG Central Authentication Service 3.0 Scott Battaglia [email_address] Rutgers, the State University of New Jersey
  2. 2. Outline <ul><li>What is CAS? </li></ul><ul><li>History of CAS </li></ul><ul><ul><li>CAS 1.x </li></ul></ul><ul><ul><li>CAS 2.x </li></ul></ul><ul><li>Introducing CAS 3 </li></ul><ul><ul><li>Development Process/Developers </li></ul></ul><ul><ul><li>Design Goals </li></ul></ul><ul><ul><li>Why build CAS 3? </li></ul></ul><ul><li>Advanced CAS 3 Usage </li></ul><ul><ul><li>Clustering/Load Balancing </li></ul></ul><ul><ul><li>Accepting Multiple Credential Types </li></ul></ul><ul><ul><li>SAML Support </li></ul></ul><ul><li>The Future </li></ul><ul><li>Helping with CAS Development </li></ul>
  3. 3. What is CAS? <ul><li>CAS is… </li></ul><ul><ul><li>Single sign on for the web </li></ul></ul><ul><ul><li>A trusted intermediary </li></ul></ul><ul><ul><li>A proxy authenticator to back-end services </li></ul></ul>
  4. 4. History of CAS CAS 1.x CAS 2.x
  5. 5. History of CAS: CAS 1.x <ul><li>Original version released by Yale University </li></ul><ul><li>Offered single sign on for the web </li></ul><ul><li>Consisted of servlets and JSP pages </li></ul>
  6. 6. History of CAS: CAS 2 <ul><li>Also developed at Yale University </li></ul><ul><li>Introduced concept of proxy authentication to CAS </li></ul><ul><li>Simple: 6 servlets and fewer than 10 JSPs </li></ul><ul><li>Extremely popular </li></ul><ul><li>Large User Community </li></ul>
  7. 7. Introducing CAS 3.0
  8. 8. CAS 3.0: Why Build CAS 3? <ul><li>CAS 2.0 was an excellent project </li></ul><ul><li>CAS 2.0 was easy to use </li></ul><ul><li>CAS 2.0 was not easy to extend or augment with local requirements </li></ul><ul><li>CAS 3.0 attempts to solve the last problem! </li></ul>
  9. 9. CAS 3.0: Why Build CAS 3? <ul><li>Making changes to CAS 2.0 generally requires forking the code base </li></ul><ul><li>Adding new features may require a lot of copying and pasting which may get out of sync with core code base. </li></ul>
  10. 10. CAS 3.0: Why Build CAS 3? <ul><li>CAS 3 offers… </li></ul><ul><ul><li>CAS 2 compliance out of the box </li></ul></ul><ul><ul><li>Unit/Integration Tests and Compliance Tests </li></ul></ul><ul><ul><li>Proper domain model </li></ul></ul><ul><ul><li>Revamped architecture </li></ul></ul><ul><ul><li>Support for well-known modifications </li></ul></ul>
  11. 11. CAS 3.0: Design Goals <ul><li>First and foremost CAS3 will be Flexible, Extensible and Elegant. </li></ul><ul><li>CAS3 will maintain backward compatibility with CAS 2.0 and CAS 1.0 protocols while providing extension points for well-known modifications and new features such as support for Web Services, SAML and Shibboleth. </li></ul><ul><li>CAS Clients written for older versions of CAS will work with CAS3 without modification. </li></ul>
  12. 12. CAS 3.0: Development Process <ul><li>Started as a Yale/Rutgers collaboration </li></ul><ul><li>Became JA-SIG Project in December 2004 </li></ul><ul><li>JA-SIG project makes it open-source </li></ul><ul><li>Available in public JA-SIG CVS, nightly builds on Clearinghouse machines, etc. </li></ul>
  13. 13. CAS 3.0: Development Team <ul><li>Yale University </li></ul><ul><ul><li>Susan Bramhall </li></ul></ul><ul><ul><li>Howard Gilbert </li></ul></ul><ul><ul><li>Drew Mazurek </li></ul></ul><ul><ul><li>Andy Newman </li></ul></ul><ul><ul><li>Andrew Petro </li></ul></ul><ul><li>Rutgers, the State University of New Jersey </li></ul><ul><ul><li>Scott Battaglia </li></ul></ul><ul><ul><li>Dmitriy Kopylenko </li></ul></ul><ul><ul><li>Bill Thompson </li></ul></ul>
  14. 14. CAS 2 Compliance <ul><li>In terms of protocol, drop in replacement for CAS 2.0 </li></ul><ul><li>Requires no modifications to client applications </li></ul><ul><li>Includes adaptor to allow plugging in CAS 2 PasswordHandler into CAS 3 architecture </li></ul>
  15. 15. Unit/Integration/Compliance Tests <ul><li>Unit and Integration Tests coverage of major components </li></ul><ul><ul><li>Utilizes JUnit, Clover </li></ul></ul><ul><ul><li>According to Clover, 99.5% test coverage </li></ul></ul><ul><ul><li>Allows us to refactor with confidence! </li></ul></ul><ul><li>Compliance Tests </li></ul><ul><ul><li>Run against live server </li></ul></ul><ul><ul><li>Test compliance to CAS 2 specification </li></ul></ul><ul><ul><li>Currently 48 tests </li></ul></ul>
  16. 16. Proper Domain Model <ul><li>Major Breakthrough: Only Two Types of Tickets </li></ul><ul><ul><li>Ticket Granting Ticket </li></ul></ul><ul><ul><li>Service Tickets </li></ul></ul><ul><li>Domain logic belongs with Domain Objects </li></ul><ul><ul><li>Example: A ticket can determine if its expired </li></ul></ul><ul><ul><li>Simplifies implementations of supporting pieces </li></ul></ul>
  17. 17. Revamped Architecture <ul><li>Built on popular open-source frameworks </li></ul><ul><ul><li>Spring Framework </li></ul></ul><ul><ul><li>Quartz </li></ul></ul><ul><ul><li>xFire </li></ul></ul><ul><ul><li>Jakarta Commons </li></ul></ul><ul><ul><li>Log4j </li></ul></ul><ul><ul><li>Maven </li></ul></ul><ul><li>Design Philosophy: don’t reinvent the wheel </li></ul>
  18. 18. Revamped Architecture <ul><li>Loose coupling of components </li></ul><ul><ul><li>Via Dependency Injection </li></ul></ul><ul><ul><li>Declarative configuration via XML files </li></ul></ul><ul><li>Coding to interfaces </li></ul><ul><ul><li>Swap implementations to suite needs </li></ul></ul><ul><ul><li>Implementations adhere to contract </li></ul></ul><ul><ul><li>Example: TicketRegistry </li></ul></ul>
  19. 19. Revamped Architecture <ul><li>Uses Design Patterns </li></ul><ul><ul><li>Patterns allow for a common understanding </li></ul></ul><ul><ul><li>Example: Template Design Pattern </li></ul></ul><ul><li>Layered Architecture </li></ul><ul><ul><li>Separation of UI concerns from business concerns </li></ul></ul><ul><ul><li>Allows for better re-use of code </li></ul></ul><ul><ul><li>Example: Web Tier vs. Web Service </li></ul></ul>
  20. 20. Revamped Architecture <ul><li>Use of AOP to separate cross-cutting concerns for business logic </li></ul><ul><ul><li>Allows for major additions to functionality without modifying core code </li></ul></ul><ul><ul><li>Example: auditing </li></ul></ul><ul><li>Use of Spring Workflow allows for declarative reconfiguration of Login process </li></ul>
  21. 21. Support for Well-Known Modifications <ul><li>Gathered list from current and future (potential) CAS deployers </li></ul><ul><li>CAS 3 includes extensions points for well-known modifications </li></ul><ul><li>CAS 3 (via Spring) supports using AOP to introduce modifications </li></ul>
  22. 22. Support for Well-Known Modifications <ul><li>Audit Trail Modification (identified by CalPoly) </li></ul><ul><li>Services Whitelist (identified by Columbia and University of Delaware) </li></ul><ul><li>Additional Principal (and Authentication) Attributes (Rutgers, others) </li></ul><ul><li>Ticket Statistics (Yale) </li></ul>
  23. 23. Support for Well-Known Modifications <ul><li>Audit Trail Modification </li></ul><ul><ul><li>CAS supports publishing of events </li></ul></ul><ul><ul><li>EventListener listens for events </li></ul></ul><ul><ul><li>Deployers can code and register “EventHandlers” that allow them to log particular events </li></ul></ul>
  24. 24. Support for Well-Known Modifications <ul><li>Attributes </li></ul><ul><ul><li>CAS supports plugging in PrincipalResolvers and MetaDataPopulators </li></ul></ul><ul><ul><li>Allow to attach attributes to principals (i.e. hair color or employee type) </li></ul></ul><ul><ul><li>Attach attributes to Authentication (i.e. safeword authentication) </li></ul></ul><ul><ul><li>Can customize view to pass back attributes. </li></ul></ul>
  25. 25. Support for Well-Known Modifications <ul><li>Ticket Statistics </li></ul><ul><ul><li>Exposed via JMX </li></ul></ul><ul><ul><li>Tell how many of each ticket type were vended </li></ul></ul><ul><ul><li>Tell how many tickets of each type were vended per second </li></ul></ul>
  26. 26. Advanced CAS 3 Usage
  27. 27. Clustering/Load Balancing CAS <ul><li>All CAS Domain objects are serializable </li></ul><ul><li>Tickets are only stored in TicketRegistry </li></ul><ul><li>TicketRegistry is interface </li></ul><ul><li>Implement JGroups TicketRegistry (David Stacey) </li></ul>
  28. 28. Accepting Multiple Credential Types <ul><li>Web Login defined by workflow </li></ul><ul><li>Dartmouth identified need to have augmented login workflow </li></ul><ul><li>Need to check for Client Certificate before displaying login form </li></ul>
  29. 29. SAML Support <ul><li>Standard XML-based framework </li></ul><ul><li>Used to create and exchange info amongst online partners </li></ul><ul><li>CAS can offer alternatives to the CAS 2 Protocol views </li></ul><ul><li>One alternative is a SAML response </li></ul>
  30. 30. The Future of CAS
  31. 31. The Future of CAS <ul><li>Advanced SAML Support </li></ul><ul><ul><li>Support for both SAML request and responses </li></ul></ul><ul><li>Shibboleth Support </li></ul><ul><ul><li>Requires advanced SAML support </li></ul></ul><ul><ul><li>Allow CAS to speak to Shibboleth </li></ul></ul><ul><li>Who knows what else… </li></ul><ul><ul><li>current architecture allows for many possibilities </li></ul></ul>
  32. 32. The Future of CAS <ul><li>Already working on a 3.0.1 (and beyond) </li></ul><ul><ul><li>XMLBeans view </li></ul></ul><ul><ul><li>More robust registry cleaners </li></ul></ul><ul><ul><li>Increased compatibility testing </li></ul></ul><ul><ul><li>Support for Single Sign out (requires new clients) </li></ul></ul>
  33. 33. Helping with CAS 3.0 Development <ul><li>What can YOU do to help? </li></ul><ul><ul><li>Look at what CAS 3 has to offer </li></ul></ul><ul><ul><li>Use CAS 3 </li></ul></ul><ul><ul><li>Report bugs/feature requests/etc to the development list </li></ul></ul><ul><ul><li>Give your extensions back to the community </li></ul></ul><ul><ul><li>Share your experiences using CAS with the community </li></ul></ul><ul><ul><li>Join the CAS mailing list </li></ul></ul>
  34. 34. <ul><li>Questions or comments? </li></ul>

×