jasig central authentication service in ten minutes
DESCRIPTION
A ten minute introduction to Jasig's Central Authentication Service. http://www.jasig.org/cas/TRANSCRIPT
Jasig CAS in 10 Minutes
Copyright Unicon, Inc., 2009. Some Rights Reserved.
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.
http://creativecommons.org/licenses/by-sa/3.0/us/
Some content drawn from prior presentations at Jasig conferences.
Andrew PetroUnicon, Inc.
4 & 5 November, 2009
What is CAS?
open source single sign on
for the Web
Multi-Sign-On for the Web
At Least with One Username/Password?
All Applications Touch Passwords
Any Compromise Leaks Primary Credentials
Adversary Then Can Run Wild
The Solution
• What if there were only one login form in your
organization, only one application trusted to
touch primary credentials?
Delete Your Login Forms
Webapps No Longer Touch Passwords
Adversary Compromises Only Single Apps
Webapps No Longer Touch Passwords
Provided Authentication Handlers
• LDAP
– Fast bind
– Search and bind
• Active Directory
– LDAP
– Kerberos (JAAS)
• JAAS
• JDBC
• RADIUS
• SPNEGO
• Trusted
• X.509 certificates
• Writing a custom authentication handler is easy
What About Portals?
Need to go get interesting content from different systems.•E-mail•Calendar•E-Learning•Student Information System
Portal
Password Replay
Password-Protected Service
Password-Protected Service
Password-Protected Service
Channel
Channel
Channel
PW
PW
PW
PW
PW
PW
PW
PW
PW
PW
PW
Look Ma, No Password!
• Without a password to replay, how am I going
to authenticate my portal to other
applications?
?
“Proxy” CAS
• Some Web applications “proxy”
authentication to backing services on behalf
of the user
• “Proxied” applications/services may
themselves proxy authentication to others
• CAS authenticates both the end user and the
proxy
CAS – More than Authentication
• Return attributes of logged on users
• Adding support for standards
– OpenID
– SAML
• Single Sign-Out
• RESTful API
• Support for clustering
• Services management
• Remember me (long-term SSO)
Unicon Services for CAS
• Implementation Planning
• Branding and User Experience
• Installation and Configuration
• Custom Development
• Consulting and Mentoring
• CASification of uPortal, Sakai, and other applications
• Upgrades
For more information, please visit
http://www.unicon.net/services/cas