jasig central authentication service in ten minutes
DESCRIPTION
A ten minute introduction to Jasig's Central Authentication Service. http://www.jasig.org/cas/TRANSCRIPT
![Page 1: Jasig Central Authentication Service in Ten Minutes](https://reader033.vdocuments.mx/reader033/viewer/2022061300/54c7c35e4a795954768b4586/html5/thumbnails/1.jpg)
Jasig CAS in 10 Minutes
Copyright Unicon, Inc., 2009. Some Rights Reserved.
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.
http://creativecommons.org/licenses/by-sa/3.0/us/
Some content drawn from prior presentations at Jasig conferences.
Andrew PetroUnicon, Inc.
4 & 5 November, 2009
![Page 2: Jasig Central Authentication Service in Ten Minutes](https://reader033.vdocuments.mx/reader033/viewer/2022061300/54c7c35e4a795954768b4586/html5/thumbnails/2.jpg)
What is CAS?
open source single sign on
for the Web
![Page 3: Jasig Central Authentication Service in Ten Minutes](https://reader033.vdocuments.mx/reader033/viewer/2022061300/54c7c35e4a795954768b4586/html5/thumbnails/3.jpg)
Multi-Sign-On for the Web
![Page 4: Jasig Central Authentication Service in Ten Minutes](https://reader033.vdocuments.mx/reader033/viewer/2022061300/54c7c35e4a795954768b4586/html5/thumbnails/4.jpg)
At Least with One Username/Password?
![Page 5: Jasig Central Authentication Service in Ten Minutes](https://reader033.vdocuments.mx/reader033/viewer/2022061300/54c7c35e4a795954768b4586/html5/thumbnails/5.jpg)
All Applications Touch Passwords
![Page 6: Jasig Central Authentication Service in Ten Minutes](https://reader033.vdocuments.mx/reader033/viewer/2022061300/54c7c35e4a795954768b4586/html5/thumbnails/6.jpg)
Any Compromise Leaks Primary Credentials
![Page 7: Jasig Central Authentication Service in Ten Minutes](https://reader033.vdocuments.mx/reader033/viewer/2022061300/54c7c35e4a795954768b4586/html5/thumbnails/7.jpg)
Adversary Then Can Run Wild
![Page 8: Jasig Central Authentication Service in Ten Minutes](https://reader033.vdocuments.mx/reader033/viewer/2022061300/54c7c35e4a795954768b4586/html5/thumbnails/8.jpg)
The Solution
• What if there were only one login form in your
organization, only one application trusted to
touch primary credentials?
![Page 9: Jasig Central Authentication Service in Ten Minutes](https://reader033.vdocuments.mx/reader033/viewer/2022061300/54c7c35e4a795954768b4586/html5/thumbnails/9.jpg)
Delete Your Login Forms
![Page 10: Jasig Central Authentication Service in Ten Minutes](https://reader033.vdocuments.mx/reader033/viewer/2022061300/54c7c35e4a795954768b4586/html5/thumbnails/10.jpg)
Webapps No Longer Touch Passwords
![Page 11: Jasig Central Authentication Service in Ten Minutes](https://reader033.vdocuments.mx/reader033/viewer/2022061300/54c7c35e4a795954768b4586/html5/thumbnails/11.jpg)
Adversary Compromises Only Single Apps
![Page 12: Jasig Central Authentication Service in Ten Minutes](https://reader033.vdocuments.mx/reader033/viewer/2022061300/54c7c35e4a795954768b4586/html5/thumbnails/12.jpg)
![Page 13: Jasig Central Authentication Service in Ten Minutes](https://reader033.vdocuments.mx/reader033/viewer/2022061300/54c7c35e4a795954768b4586/html5/thumbnails/13.jpg)
Webapps No Longer Touch Passwords
![Page 14: Jasig Central Authentication Service in Ten Minutes](https://reader033.vdocuments.mx/reader033/viewer/2022061300/54c7c35e4a795954768b4586/html5/thumbnails/14.jpg)
Provided Authentication Handlers
• LDAP
– Fast bind
– Search and bind
• Active Directory
– LDAP
– Kerberos (JAAS)
• JAAS
• JDBC
• RADIUS
• SPNEGO
• Trusted
• X.509 certificates
• Writing a custom authentication handler is easy
![Page 15: Jasig Central Authentication Service in Ten Minutes](https://reader033.vdocuments.mx/reader033/viewer/2022061300/54c7c35e4a795954768b4586/html5/thumbnails/15.jpg)
What About Portals?
Need to go get interesting content from different systems.•E-mail•Calendar•E-Learning•Student Information System
![Page 16: Jasig Central Authentication Service in Ten Minutes](https://reader033.vdocuments.mx/reader033/viewer/2022061300/54c7c35e4a795954768b4586/html5/thumbnails/16.jpg)
Portal
Password Replay
Password-Protected Service
Password-Protected Service
Password-Protected Service
Channel
Channel
Channel
PW
PW
PW
PW
PW
PW
PW
PW
PW
PW
PW
![Page 17: Jasig Central Authentication Service in Ten Minutes](https://reader033.vdocuments.mx/reader033/viewer/2022061300/54c7c35e4a795954768b4586/html5/thumbnails/17.jpg)
Look Ma, No Password!
• Without a password to replay, how am I going
to authenticate my portal to other
applications?
?
![Page 18: Jasig Central Authentication Service in Ten Minutes](https://reader033.vdocuments.mx/reader033/viewer/2022061300/54c7c35e4a795954768b4586/html5/thumbnails/18.jpg)
“Proxy” CAS
• Some Web applications “proxy”
authentication to backing services on behalf
of the user
• “Proxied” applications/services may
themselves proxy authentication to others
• CAS authenticates both the end user and the
proxy
![Page 19: Jasig Central Authentication Service in Ten Minutes](https://reader033.vdocuments.mx/reader033/viewer/2022061300/54c7c35e4a795954768b4586/html5/thumbnails/19.jpg)
CAS – More than Authentication
• Return attributes of logged on users
• Adding support for standards
– OpenID
– SAML
• Single Sign-Out
• RESTful API
• Support for clustering
• Services management
• Remember me (long-term SSO)
![Page 20: Jasig Central Authentication Service in Ten Minutes](https://reader033.vdocuments.mx/reader033/viewer/2022061300/54c7c35e4a795954768b4586/html5/thumbnails/20.jpg)
Unicon Services for CAS
• Implementation Planning
• Branding and User Experience
• Installation and Configuration
• Custom Development
• Consulting and Mentoring
• CASification of uPortal, Sakai, and other applications
• Upgrades
For more information, please visit
http://www.unicon.net/services/cas