a community of learning sungard summit 2007 | sungardsummit.com 1 extending sso – cas in luminis...
TRANSCRIPT
![Page 1: A Community of Learning SUNGARD SUMMIT 2007 | sungardsummit.com 1 Extending SSO – CAS in Luminis Presented by: Zachary Tirrell Plymouth State University](https://reader030.vdocuments.site/reader030/viewer/2022032805/56649ef35503460f94c0625a/html5/thumbnails/1.jpg)
SUNGARD SUMMIT 2007 | sungardsummit.com 1
A Community of Learning
Extending SSO – CAS in Luminis
Presented by: Zachary Tirrell
Plymouth State University
March 19, 2007Course ID 455
![Page 2: A Community of Learning SUNGARD SUMMIT 2007 | sungardsummit.com 1 Extending SSO – CAS in Luminis Presented by: Zachary Tirrell Plymouth State University](https://reader030.vdocuments.site/reader030/viewer/2022032805/56649ef35503460f94c0625a/html5/thumbnails/2.jpg)
2Course ID 455
Introduction
• Purpose: Show how CAS can be used to extend SSO services in Luminis
• Benefits of the session• Gain a new tool in your development toolkit• Secure and SSO to more applications• Start using CAS, immediately
![Page 3: A Community of Learning SUNGARD SUMMIT 2007 | sungardsummit.com 1 Extending SSO – CAS in Luminis Presented by: Zachary Tirrell Plymouth State University](https://reader030.vdocuments.site/reader030/viewer/2022032805/56649ef35503460f94c0625a/html5/thumbnails/3.jpg)
3Course ID 455
Topics of Discussion
• Overview of Plymouth State University
• What is CAS?
• How is CAS useful?
• Where is CAS not useful?
![Page 4: A Community of Learning SUNGARD SUMMIT 2007 | sungardsummit.com 1 Extending SSO – CAS in Luminis Presented by: Zachary Tirrell Plymouth State University](https://reader030.vdocuments.site/reader030/viewer/2022032805/56649ef35503460f94c0625a/html5/thumbnails/4.jpg)
4Course ID 455
Plymouth State University Overview
• Small town Plymouth in northern New Hampshire
• 4000 FTE undergraduates, 500 FTE graduates
• Small class sizes
• Growing distance education program
• High demand for web delivered services
• Expectation to serve all constituents
• Tight knit, collaborative community
![Page 5: A Community of Learning SUNGARD SUMMIT 2007 | sungardsummit.com 1 Extending SSO – CAS in Luminis Presented by: Zachary Tirrell Plymouth State University](https://reader030.vdocuments.site/reader030/viewer/2022032805/56649ef35503460f94c0625a/html5/thumbnails/5.jpg)
SUNGARD SUMMIT 2007 | sungardsummit.com 5
A Community of Learning
What is CAS?
![Page 6: A Community of Learning SUNGARD SUMMIT 2007 | sungardsummit.com 1 Extending SSO – CAS in Luminis Presented by: Zachary Tirrell Plymouth State University](https://reader030.vdocuments.site/reader030/viewer/2022032805/56649ef35503460f94c0625a/html5/thumbnails/6.jpg)
6Course ID 455
A bit about CAS
• Created By Yale, became a JA-SIG project in 2004
• Added as an installable module to Luminis in 2004
• From the JA-SIG site:• An open and well-documented protocol• An open-source Java server component• A library of clients for Java, .Net, PHP, Perl, Apache, uPortal, and others• Integrates with uPortal, BlueSocket, TikiWiki, Mule, Liferay, Moodle and
others• Community documentation and implementation support• An extensive community of adopters
![Page 7: A Community of Learning SUNGARD SUMMIT 2007 | sungardsummit.com 1 Extending SSO – CAS in Luminis Presented by: Zachary Tirrell Plymouth State University](https://reader030.vdocuments.site/reader030/viewer/2022032805/56649ef35503460f94c0625a/html5/thumbnails/7.jpg)
7Course ID 455
What CAS is not…
Slide from Susan Bramhall of Yale University’s presentation on uPortal Security and CAShttp://www.ja-sig.org/wiki/pages/viewpageattachments.action?pageId=1216
![Page 8: A Community of Learning SUNGARD SUMMIT 2007 | sungardsummit.com 1 Extending SSO – CAS in Luminis Presented by: Zachary Tirrell Plymouth State University](https://reader030.vdocuments.site/reader030/viewer/2022032805/56649ef35503460f94c0625a/html5/thumbnails/8.jpg)
8Course ID 455
So what is it??
Slide from Susan Bramhall of Yale University’s presentation on uPortal Security and CAShttp://www.ja-sig.org/wiki/pages/viewpageattachments.action?pageId=1216
![Page 9: A Community of Learning SUNGARD SUMMIT 2007 | sungardsummit.com 1 Extending SSO – CAS in Luminis Presented by: Zachary Tirrell Plymouth State University](https://reader030.vdocuments.site/reader030/viewer/2022032805/56649ef35503460f94c0625a/html5/thumbnails/9.jpg)
9Course ID 455
How do I put CAS in Luminis?
• This is the best part… it’s a simple module install in III.2+ and just available in IV
• Read the Appendix D of Luminis Installation Guide
• Less than 8 pages!
![Page 10: A Community of Learning SUNGARD SUMMIT 2007 | sungardsummit.com 1 Extending SSO – CAS in Luminis Presented by: Zachary Tirrell Plymouth State University](https://reader030.vdocuments.site/reader030/viewer/2022032805/56649ef35503460f94c0625a/html5/thumbnails/10.jpg)
10Course ID 455
API vs Server Based CAS Services
• API-Based (what PSU does)• ESUP’s phpCAS (http://esup-phpcas.sourceforge.net/)• Also available in ASP, JSP, Java, Perl, and more!
• Server-Based (better practice)• AuthCAS Apache module (
http://www.ja-sig.org/products/cas/client/authcas/index.html)
![Page 11: A Community of Learning SUNGARD SUMMIT 2007 | sungardsummit.com 1 Extending SSO – CAS in Luminis Presented by: Zachary Tirrell Plymouth State University](https://reader030.vdocuments.site/reader030/viewer/2022032805/56649ef35503460f94c0625a/html5/thumbnails/11.jpg)
SUNGARD SUMMIT 2007 | sungardsummit.com 11
A Community of Learning
How is CAS useful?
CAS is ideal for homegrown applications or
Third Party CAS-ified applications
![Page 12: A Community of Learning SUNGARD SUMMIT 2007 | sungardsummit.com 1 Extending SSO – CAS in Luminis Presented by: Zachary Tirrell Plymouth State University](https://reader030.vdocuments.site/reader030/viewer/2022032805/56649ef35503460f94c0625a/html5/thumbnails/12.jpg)
12Course ID 455
A simple bit of PHP
1.<?php 2. 3.function casify()4.{5. // import phpCAS lib (http://esup-phpcas.sourceforge.net/)6. include_once($GLOBALS['INCLUDES'].'/cas/CAS.php');7. 8. // initialize phpCAS9. phpCAS::client(CAS_VERSION_2_0,'luminis.institution.edu',443,'cp/cas/');10. 11. // check CAS authentication12. phpCAS::authenticateIfNeeded();13. 14. // at this step, the user has been authenticated by the CAS server15. // and the user's login name can be read with phpCAS::getUser().16. 17. return phpCAS::getUser();18.}19. 20. 21.$username = casify();22. 23.// nothing past the execution of casify() would occur without acquiring a valid CAS ticket24. 25.?>
![Page 13: A Community of Learning SUNGARD SUMMIT 2007 | sungardsummit.com 1 Extending SSO – CAS in Luminis Presented by: Zachary Tirrell Plymouth State University](https://reader030.vdocuments.site/reader030/viewer/2022032805/56649ef35503460f94c0625a/html5/thumbnails/13.jpg)
13Course ID 455
Power in Simplicity
• Simple. CPIP and GCF is complicated, CAS is not. Any developer can put CAS in place in their homegrown application with a simple copy paste
• Friendly URLs. A URL to a CASified application is generally very simple, especially as opposed to CPIP…
• Blissful Ignorance. It is not necessary for everyone who secures an application with CAS to full understand the protocol, yet the security is still solid
• Speed. In one week of running CAS we converted over a dozen applications to use it as the sole way to authenticate
• Reliability. In two years of running CAS, it has never failed
![Page 14: A Community of Learning SUNGARD SUMMIT 2007 | sungardsummit.com 1 Extending SSO – CAS in Luminis Presented by: Zachary Tirrell Plymouth State University](https://reader030.vdocuments.site/reader030/viewer/2022032805/56649ef35503460f94c0625a/html5/thumbnails/14.jpg)
14Course ID 455
If that’s not enough…
• CAS is a modern WebSSO technology
• CAS will be the underlying WebSSO that powers the Luminis implementation of Shibboleth in Luminis IV (unconfirmed but very likely)
• CAS has a large community of schools using it. In fact, it is the most popular WebSSO technology
• CAS is open-source
![Page 15: A Community of Learning SUNGARD SUMMIT 2007 | sungardsummit.com 1 Extending SSO – CAS in Luminis Presented by: Zachary Tirrell Plymouth State University](https://reader030.vdocuments.site/reader030/viewer/2022032805/56649ef35503460f94c0625a/html5/thumbnails/15.jpg)
15Course ID 455
Solving WebCT SSO in CE 6 With CAS
• SunGard Higher Education did not support WebCT for SSO when we were ready to deploy CE 6
• Read WebCT’s guide for Custom SSO
• Adapted their PHP example to use CAS in less than 100 lines of code, in an afternoon
• Launched on time!
Luminis WebCTWebCT-provided PHP fileCA
S m
odUsername request
Username SSO
![Page 16: A Community of Learning SUNGARD SUMMIT 2007 | sungardsummit.com 1 Extending SSO – CAS in Luminis Presented by: Zachary Tirrell Plymouth State University](https://reader030.vdocuments.site/reader030/viewer/2022032805/56649ef35503460f94c0625a/html5/thumbnails/16.jpg)
SUNGARD SUMMIT 2007 | sungardsummit.com 16
A Community of Learning
Where is CAS not useful?
![Page 17: A Community of Learning SUNGARD SUMMIT 2007 | sungardsummit.com 1 Extending SSO – CAS in Luminis Presented by: Zachary Tirrell Plymouth State University](https://reader030.vdocuments.site/reader030/viewer/2022032805/56649ef35503460f94c0625a/html5/thumbnails/17.jpg)
17Course ID 455
CPIP/GCF Can Do More
• CPIP/GCF is complicated, CAS is not
• CPIP/GCF can do password caching
• No session management
• If a Third Party application requires a password, CAS cannot provide this without fairly advanced proxying• Examples of these application types may include:
• webmail systems (though a solution does exist)• ftp/sftp/smb backed web interfaces (smbwebclient)• Third party applications that will LDAP auth, but are not
CAS-ified
![Page 18: A Community of Learning SUNGARD SUMMIT 2007 | sungardsummit.com 1 Extending SSO – CAS in Luminis Presented by: Zachary Tirrell Plymouth State University](https://reader030.vdocuments.site/reader030/viewer/2022032805/56649ef35503460f94c0625a/html5/thumbnails/18.jpg)
18Course ID 455
Summary
• CAS is super easy and secure!
• CAS is common, easy to support, open, and available now
• If you run Luminis and do any custom web application development, CAS should be part of your development toolkit.
• CPIP/GCF still has it’s place
![Page 19: A Community of Learning SUNGARD SUMMIT 2007 | sungardsummit.com 1 Extending SSO – CAS in Luminis Presented by: Zachary Tirrell Plymouth State University](https://reader030.vdocuments.site/reader030/viewer/2022032805/56649ef35503460f94c0625a/html5/thumbnails/19.jpg)
19Course ID 455
Zachary [email protected]
Please complete the online class evaluation formCourse ID 455
SunGard, the SunGard logo, Banner, Campus Pipeline, Luminis, PowerCAMPUS, Matrix, and Plus are trademarks or registered trademarks of SunGard Data Systems Inc. or its subsidiaries in the U.S. and other countries. Third-party names and marks referenced herein are trademarks or registered trademarks of their respective owners.
© 2007 SunGard. All rights reserved.
Thank You, Questions & Answers