Jasig Central Authentication Service in Ten Minutes

7,228 views

Published on

A ten minute introduction to Jasig's Central Authentication Service. http://www.jasig.org/cas/

Published in: Technology
0 Comments
6 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
7,228
On SlideShare
0
From Embeds
0
Number of Embeds
173
Actions
Shares
0
Downloads
106
Comments
0
Likes
6
Embeds 0
No embeds

No notes for slide
  • Just one of these needs to be compromised, to attack user “forever”!
  • Jasig Central Authentication Service in Ten Minutes

    1. 1. Jasig CAS in 10 Minutes Copyright Unicon, Inc., 2009. Some Rights Reserved. This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License. http://creativecommons.org/licenses/by-sa/3.0/us/ Some content drawn from prior presentations at Jasig conferences. Andrew Petro Unicon, Inc. 4 & 5 November, 2009
    2. 2. What is CAS? open source single sign on for the Web
    3. 3. Multi-Sign-On for the Web
    4. 4. At Least with One Username/Password?
    5. 5. All Applications Touch Passwords
    6. 6. Any Compromise Leaks Primary Credentials
    7. 7. Adversary Then Can Run Wild
    8. 8. The Solution <ul><li>What if there were only one login form in your organization, only one application trusted to touch primary credentials? </li></ul>
    9. 9. Delete Your Login Forms
    10. 10. Webapps No Longer Touch Passwords
    11. 11. Adversary Compromises Only Single Apps
    12. 13. Webapps No Longer Touch Passwords
    13. 14. Provided Authentication Handlers <ul><li>LDAP </li></ul><ul><ul><li>Fast bind </li></ul></ul><ul><ul><li>Search and bind </li></ul></ul><ul><li>Active Directory </li></ul><ul><ul><li>LDAP </li></ul></ul><ul><ul><li>Kerberos (JAAS) </li></ul></ul><ul><li>JAAS </li></ul><ul><li>JDBC </li></ul><ul><li>RADIUS </li></ul><ul><li>SPNEGO </li></ul><ul><li>Trusted </li></ul><ul><li>X.509 certificates </li></ul><ul><li>Writing a custom authentication handler is easy </li></ul>
    14. 15. What About Portals? <ul><li>Need to go get interesting content from different systems. </li></ul><ul><li>E-mail </li></ul><ul><li>Calendar </li></ul><ul><li>E-Learning </li></ul><ul><li>Student Information System </li></ul>
    15. 16. Password Replay Portal Password-Protected Service Password-Protected Service Password-Protected Service Channel Channel Channel PW PW PW PW PW PW PW PW PW PW PW
    16. 17. Look Ma, No Password! <ul><li>Without a password to replay, how am I going to authenticate my portal to other applications? </li></ul>?
    17. 18. “ Proxy” CAS <ul><li>Some Web applications “proxy” authentication to backing services on behalf of the user </li></ul><ul><li>“ Proxied” applications/services may themselves proxy authentication to others </li></ul><ul><li>CAS authenticates both the end user and the proxy </li></ul>
    18. 19. CAS – More than Authentication <ul><li>Return attributes of logged on users </li></ul><ul><li>Adding support for standards </li></ul><ul><ul><li>OpenID </li></ul></ul><ul><ul><li>SAML </li></ul></ul><ul><li>Single Sign-Out </li></ul><ul><li>RESTful API </li></ul><ul><li>Support for clustering </li></ul><ul><li>Services management </li></ul><ul><li>Remember me (long-term SSO) </li></ul>
    19. 20. Unicon Services for CAS <ul><li>Implementation Planning </li></ul><ul><li>Branding and User Experience </li></ul><ul><li>Installation and Configuration </li></ul><ul><li>Custom Development </li></ul><ul><li>Consulting and Mentoring </li></ul><ul><li>CASification of uPortal, Sakai, and other applications </li></ul><ul><li>Upgrades </li></ul><ul><li>For more information, please visit </li></ul><ul><li>http://www.unicon.net/services/cas </li></ul>
    20. 21. Questions? Andrew Petro [email_address] www.unicon.net

    ×