0
Albert Guo [email_address]
<ul><li>Why SSO (Single-Sign On)? </li></ul><ul><li>Central Authentication Service (CAS) </li></ul><ul><li>CAS Installatio...
 
 
web browser app. #1 app. #2 app. #3 without SSO service web browser app. #1 app. #2 app. #3 with SSO service
<ul><ul><li>One authentication server </li></ul></ul><ul><li>From applications to the authentication server (when not auth...
 
<ul><li>Security </li></ul><ul><ul><li>Password is never transmitted to applications </li></ul></ul><ul><ul><li>Opaque tic...
<ul><li>J2EE platform </li></ul><ul><ul><li>Very light code (about 1000 lines) </li></ul></ul><ul><li>Open source </li></u...
 
<ul><li>CAS 3 offers… </li></ul><ul><ul><li>CAS 2 compliance out of the box </li></ul></ul><ul><ul><li>Unit/Integration Te...
<ul><li>Built on popular open-source frameworks </li></ul><ul><ul><li>Spring Framework </li></ul></ul><ul><ul><li>Quartz <...
<ul><li>Loose coupling of components </li></ul><ul><ul><li>Via Dependency Injection </li></ul></ul><ul><ul><li>Declarative...
<ul><li>Layered Architecture </li></ul><ul><ul><li>Separation of UI concerns from business concerns </li></ul></ul><ul><ul...
<ul><li>SSO solution from Yale University </li></ul><ul><ul><li>http://www.ja-sig.org/products/cas/index.html </li></ul></...
Service 2 Resource  CAS Login Validate Service 1 Resource  1.  Initial request 2. Authentication ( send serviceId ) 3. Tic...
Service 2 Resource  CAS Login Validate Service 1 Resource  1.  Initial request 2. Authentication ( send serviceId ) 3. Tic...
Service 1 Resource 1.  Initial request login 2. Authentication 3.  Access resource Service 2 login Resource  2. Authentica...
Service 2 Resource  CAS Login Validate Service 1 Resource  1.  Initial request 2. Authentication ( send serviceId ) 3. Tic...
Service 2 Resource  CAS Login Validate Service 1 Resource  1.  Initial request 2. Authentication ( send serviceId ) 3. Tic...
Service CAS Login state ? ID and Password Correct? Validation  url Initial request Redirect to CAS (send  serviceId )  Y N...
 
 
 
<ul><li>You will get this kind of error message as you access the CAS login page: org.apache.jasper.JasperException: /WEB-...
<ul><ul><li>Temp solution: go to Tomcat 5.5webappscas-server-webapp-3.2WEB-INFviewjspdefaultui, and modify casLoginView.js...
Just provide same user name and password,  then you can pass the validation
 
 
 
 
 
 
Modify this return page
<ul><li>Find mapping servlet controller from applicationCotext.xml </li></ul><ul><li>Create a new login successful page </...
 
 
 
 
<ul><li>Add one more view property </li></ul><ul><ul><li>casServiceSuccessViewByMail.(class)=org.springframework.web.servl...
In org.jasig.cas.web package
 
Upcoming SlideShare
Loading in...5
×

CAS Enhancement

1,884

Published on

Published in: Technology, Education
0 Comments
5 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,884
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
88
Comments
0
Likes
5
Embeds 0
No embeds

No notes for slide
  • Transcript of "CAS Enhancement"

    1. 1. Albert Guo [email_address]
    2. 2. <ul><li>Why SSO (Single-Sign On)? </li></ul><ul><li>Central Authentication Service (CAS) </li></ul><ul><li>CAS Installation </li></ul><ul><li>As-Is and To-be Process </li></ul><ul><li>Modification Process </li></ul>
    3. 5. web browser app. #1 app. #2 app. #3 without SSO service web browser app. #1 app. #2 app. #3 with SSO service
    4. 6. <ul><ul><li>One authentication server </li></ul></ul><ul><li>From applications to the authentication server (when not authenticated) </li></ul><ul><li>From the authentication server to applications (when authenticated) </li></ul><ul><ul><li>Cookies, CGI parameters </li></ul></ul>
    5. 8. <ul><li>Security </li></ul><ul><ul><li>Password is never transmitted to applications </li></ul></ul><ul><ul><li>Opaque tickets are used </li></ul></ul><ul><li>N-tier installations </li></ul><ul><ul><li>Without transmitting any password! </li></ul></ul><ul><li>Portability (client libraries) </li></ul><ul><ul><li>Java, Perl, JSP, ASP, PHP, PL/SQL, Apache and PAM modules </li></ul></ul><ul><li>Permanence </li></ul><ul><ul><li>Developed by Yale University </li></ul></ul><ul><ul><li>World-wide used (mainly Universities) </li></ul></ul><ul><ul><li>Adopted by all the French educational community </li></ul></ul>
    6. 9. <ul><li>J2EE platform </li></ul><ul><ul><li>Very light code (about 1000 lines) </li></ul></ul><ul><li>Open source </li></ul><ul><li>Integrated into uPortal </li></ul>
    7. 11. <ul><li>CAS 3 offers… </li></ul><ul><ul><li>CAS 2 compliance out of the box </li></ul></ul><ul><ul><li>Unit/Integration Tests and Compliance Tests </li></ul></ul><ul><ul><li>Proper domain model </li></ul></ul><ul><ul><li>Revamped architecture </li></ul></ul><ul><ul><li>Support for well-known modifications </li></ul></ul>
    8. 12. <ul><li>Built on popular open-source frameworks </li></ul><ul><ul><li>Spring Framework </li></ul></ul><ul><ul><li>Quartz </li></ul></ul><ul><ul><li>xFire </li></ul></ul><ul><ul><li>Jakarta Commons </li></ul></ul><ul><ul><li>Log4j </li></ul></ul><ul><ul><li>Maven </li></ul></ul><ul><li>Design Philosophy: don’t reinvent the wheel </li></ul>
    9. 13. <ul><li>Loose coupling of components </li></ul><ul><ul><li>Via Dependency Injection </li></ul></ul><ul><ul><li>Declarative configuration via XML files </li></ul></ul><ul><li>Coding to interfaces </li></ul><ul><ul><li>Swap implementations to suite needs </li></ul></ul><ul><ul><li>Implementations adhere to contract </li></ul></ul><ul><ul><li>Example: TicketRegistry </li></ul></ul><ul><li>Uses Design Patterns </li></ul><ul><ul><li>Patterns allow for a common understanding </li></ul></ul><ul><ul><li>Example: Template Design Pattern </li></ul></ul>
    10. 14. <ul><li>Layered Architecture </li></ul><ul><ul><li>Separation of UI concerns from business concerns </li></ul></ul><ul><ul><li>Allows for better re-use of code </li></ul></ul><ul><ul><li>Example: Web Tier vs. Web Service </li></ul></ul><ul><li>Use of AOP to separate cross-cutting concerns for business logic </li></ul><ul><ul><li>Allows for major additions to functionality without modifying core code </li></ul></ul><ul><ul><li>Example: auditing </li></ul></ul><ul><li>Use of Spring Workflow allows for declarative reconfiguration of Login process </li></ul>
    11. 15. <ul><li>SSO solution from Yale University </li></ul><ul><ul><li>http://www.ja-sig.org/products/cas/index.html </li></ul></ul><ul><li>Authentication once to access multiple applications </li></ul><ul><li>An open and well-documented protocol </li></ul><ul><li>A library of clients for Java, PHP, Perl, Apache and … </li></ul>
    12. 16. Service 2 Resource CAS Login Validate Service 1 Resource 1. Initial request 2. Authentication ( send serviceId ) 3. Ticket transfer ( send ticket) 4. Validate Ticket 5. Access resource encrypted cookie SSO make it possible for users to login once and access different service PW
    13. 17. Service 2 Resource CAS Login Validate Service 1 Resource 1. Initial request 2. Authentication ( send serviceId ) 3. Ticket transfer ( send ticket) 4. Validate Ticket 5. Access resource encrypted cookie 2a. User need NOT to provide id/password again ( with SSO cookie exist )
    14. 18. Service 1 Resource 1. Initial request login 2. Authentication 3. Access resource Service 2 login Resource 2. Authentication again 1. Initial request 3. Access resource Multiple user database Multiple login PW PW
    15. 19. Service 2 Resource CAS Login Validate Service 1 Resource 1. Initial request 2. Authentication ( send serviceId ) 3. Ticket transfer ( send ticket) 4. Validate Ticket 5. Access resource encrypted cookie SSO make it possible for users to login once and access different service PW
    16. 20. Service 2 Resource CAS Login Validate Service 1 Resource 1. Initial request 2. Authentication ( send serviceId ) 3. Ticket transfer ( send ticket) 4. Validate Ticket 5. Access resource encrypted cookie 2a. User does NOT need to provide id/password again ( with SSO cookie exist )
    17. 21. Service CAS Login state ? ID and Password Correct? Validation url Initial request Redirect to CAS (send serviceId ) Y N N Login again Id and password Ticket transfer (Send ticket and set SSO cookie ) Ticket Validation Use resource N Save login state Y Y Ticket validation
    18. 25. <ul><li>You will get this kind of error message as you access the CAS login page: org.apache.jasper.JasperException: /WEB-INF/view/jsp/default/ui/casLoginView.jsp(48,35) Attribute value request.getQueryString() == null ? &quot;&quot; : request.getQueryString().replaceAll(&quot;&locale=([A-Za-z][A-Za-z]_)?[A-Za-z][A-Za-z]|^locale=([A-Za-z][A-Za-z]_)?[A-Za-z][A-Za-z]&quot;, &quot;&quot;) is quoted with &quot; which must be escaped when used within the value </li></ul><ul><ul><li>Apparently Tomcat changed the way they handle quotation marks in JSP pages to use strict checking: https://issues.apache.org/bugzilla/show_bug.cgi?id=45015 </li></ul></ul>
    19. 26. <ul><ul><li>Temp solution: go to Tomcat 5.5webappscas-server-webapp-3.2WEB-INFviewjspdefaultui, and modify casLoginView.jsp, delete line 48: </li></ul></ul>
    20. 27. Just provide same user name and password, then you can pass the validation
    21. 34. Modify this return page
    22. 35. <ul><li>Find mapping servlet controller from applicationCotext.xml </li></ul><ul><li>Create a new login successful page </li></ul><ul><li>Modification principal </li></ul><ul><ul><li>Modified the server side API instead of client side. Therefore, client will not need to any modification. </li></ul></ul><ul><ul><li>Just use new a URL pattern, ex. serviceValidateByMail, to let servlet controller to do validation and return to new successful login page. </li></ul></ul>
    23. 40. <ul><li>Add one more view property </li></ul><ul><ul><li>casServiceSuccessViewByMail.(class)=org.springframework.web.servlet.view.JstlView </li></ul></ul><ul><ul><li>casServiceSuccessViewByMail.url=/WEB-INF/view/jsp/protocol/2.0/casServiceValidationByMailSuccess.jsp </li></ul></ul>
    24. 41. In org.jasig.cas.web package
    1. A particular slide catching your eye?

      Clipping is a handy way to collect important slides you want to go back to later.

    ×