Jasig Central Authentication Service in Ten Minutes

Jasig CAS in 10 Minutes Copyright Unicon, Inc., 2009. Some Rights Reserved. This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License. http://creativecommons.org/licenses/by-sa/3.0/us/ Some content drawn from prior presentations at Jasig conferences. Andrew Petro Unicon, Inc. 4 & 5 November, 2009

What is CAS? open source single sign on for the Web

Multi-Sign-On for the Web

At Least with One Username/Password?

All Applications Touch Passwords

Any Compromise Leaks Primary Credentials

Adversary Then Can Run Wild

The Solution
What if there were only one login form in your organization, only one application trusted to touch primary credentials?

Delete Your Login Forms

Webapps No Longer Touch Passwords

Adversary Compromises Only Single Apps

Webapps No Longer Touch Passwords

Provided Authentication Handlers
LDAP
Fast bind
Search and bind
Active Directory
LDAP
Kerberos (JAAS)
JAAS
JDBC
RADIUS
SPNEGO
Trusted
X.509 certificates
Writing a custom authentication handler is easy

What About Portals?
Need to go get interesting content from different systems.
E-mail
Calendar
E-Learning
Student Information System

Password Replay Portal Password-Protected Service Password-Protected Service Password-Protected Service Channel Channel Channel PW PW PW PW PW PW PW PW PW PW PW

Look Ma, No Password!
Without a password to replay, how am I going to authenticate my portal to other applications?
?

“ Proxy” CAS
Some Web applications “proxy” authentication to backing services on behalf of the user
“ Proxied” applications/services may themselves proxy authentication to others
CAS authenticates both the end user and the proxy

CAS – More than Authentication
Return attributes of logged on users
Adding support for standards
OpenID
SAML
Single Sign-Out
RESTful API
Support for clustering
Services management
Remember me (long-term SSO)

Unicon Services for CAS
Implementation Planning
Branding and User Experience
Installation and Configuration
Custom Development
Consulting and Mentoring
CASification of uPortal, Sakai, and other applications
Upgrades
For more information, please visit
http://www.unicon.net/services/cas

Questions? Andrew Petro [email_address] www.unicon.net

https://nww.wiki.nxp.com	57
http://af-p48buntu	21
http://www.slideshare.net	19
http://af-p48buntu.cookgroup.nao	6
http://www.linkedin.com	2
http://www.docseek.net	2

Jasig Central Authentication Service in Ten Minutes

by Andrew Petro

Accessibility

Categories

Upload Details

Usage Rights

6 Embeds 107

Statistics