Jasig CAS in 10 Minutes

Copyright Unicon, Inc., 2009. Some Rights Reserved.

This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.

http://creativecommons.org/licenses/by-sa/3.0/us/

Some content drawn from prior presentations at Jasig conferences.

Andrew PetroUnicon, Inc.

4 & 5 November, 2009

What is CAS?

open source single sign on

for the Web

Multi-Sign-On for the Web

At Least with One Username/Password?

All Applications Touch Passwords

Any Compromise Leaks Primary Credentials

Adversary Then Can Run Wild

The Solution

• What if there were only one login form in your

organization, only one application trusted to

touch primary credentials?

Delete Your Login Forms

Webapps No Longer Touch Passwords

Adversary Compromises Only Single Apps

Webapps No Longer Touch Passwords

Provided Authentication Handlers

• LDAP

– Fast bind

– Search and bind

• Active Directory

– LDAP

– Kerberos (JAAS)

• JAAS

• JDBC

• RADIUS

• SPNEGO

• Trusted

• X.509 certificates

• Writing a custom authentication handler is easy

What About Portals?

Need to go get interesting content from different systems.•E-mail•Calendar•E-Learning•Student Information System

Portal

Password Replay

Password-Protected Service

Password-Protected Service

Password-Protected Service

Channel

Channel

Channel

PW

PW

PW

PW

PW

PW

PW

PW

PW

PW

PW

Look Ma, No Password!

• Without a password to replay, how am I going

to authenticate my portal to other

applications?

?

“Proxy” CAS

• Some Web applications “proxy”

authentication to backing services on behalf

of the user

• “Proxied” applications/services may

themselves proxy authentication to others

• CAS authenticates both the end user and the

proxy

CAS – More than Authentication

• Return attributes of logged on users

• Adding support for standards

– OpenID

– SAML

• Single Sign-Out

• RESTful API

• Support for clustering

• Services management

• Remember me (long-term SSO)

Unicon Services for CAS

• Implementation Planning

• Branding and User Experience

• Installation and Configuration

• Custom Development

• Consulting and Mentoring

• CASification of uPortal, Sakai, and other applications

• Upgrades

For more information, please visit

http://www.unicon.net/services/cas

Andrew Petroapetro@unicon.net

www.unicon.net

Questions?