Qaforum Security Structure

What’s SSO

• Single sign-on (SSO) is mechanism whereby a single action of user authentication and authorization can permit a user to access all computers and systems where he has access permission, without the need to enter multiple passwords. Single sign-on reduces human error.

• Qaforum adopt CAS (Central Authentication Service) from Jasig project as sso. It’s an open source project at http://www.jasig.org/cas/

SSO workflow

Security measure• Use https for login process• Before submit to login, system will encrypt the

username/password with RSA algorithm• 3 types users, users in db, users in silvercomp ldap, users in

cisco ad. For users in db, their password is encrypted by md5 algorithm. For other two types, we do not keep the password in db, query the ldap/ad directly.

• Cookie does not keep any information of users. If user want to use Remember Me feature, only one cookie is kept in user’s browser, which contains the ticket composed by uid. (TGT-114-gqP60KOfeGkxJuK4VAvkEpDviqFGX6lsPWZn7pAXUPKXYZXT2q-qaforum.webex.com)