CAS Lightning Talk Jasig-Sakai 2012 Tuesday June 12th 2012 Atlanta, GA Andrew Petro - Unicon, Inc.

Slides:



Advertisements
Similar presentations
Suchin Rengan Principal Technical Architect Salesforce.com
Advertisements

Implementing Tableau Server in an Enterprise Environment
Data Management Expert Panel - WP2. WP2 Overview.
Central Authentication Service Roadmap JA-SIG Winter 2004.
Developing in CAS. Why? As distributed you edit CAS 3 with Eclipse and build with Maven 2 – Best Practice for Release Engineering – Difficult edit-debug.
ELAG Trondheim Distributed Access Control - BIBSYS and the FEIDE solution Sigbjørn Holmslet, BIBSYS, Norway Ingrid Melve, UNINET, Norway.
MyProxy: A Multi-Purpose Grid Authentication Service
A Brief Introduction 2012 Spring Security. What is it? Security toolkit for Java applications Primarily intended for web applications Open Source from.
National Center for Supercomputing Applications Integrating MyProxy with Site Authentication Jim Basney Senior Research Scientist National Center for Supercomputing.
What’s New in JA-SIG CAS? JA-SIG Summer Conference Denver, CO June 24 – 27, 2007.
UPortal and the Yale Central Authentication Service Drew Mazurek ITS Technology & Planning Yale University JA-SIG Summer Conference ‘04 Denver, CO June.
UPortal Authentication Options: Design and Application Shawn Bayern Research programmer, Yale University Author, Web Development with JavaServer Pages.
UPortal Security and CAS Susan Bramhall ITS Technology & Planning Yale University.
Teamcenter™ Security Services SSO
Virtual Observatory Single Sign-on U.S. National Virtual Observatory National Center for Supercomputing Applications Ray Plante, Bill Baker.
Blackboard Building Blocks Authentication Overview Tuesday, June 30, 2015 Tom Joyce, Product Manager, Platform Architecture & Database.
Important when you launch Yammer Enterprise Create an engaged and trusted community Decide about User Profile Syncs Various User and Admin.
Shibboleth 2.0 : An Overview for Developers Scott Cantor The Ohio State University / Internet2 Scott Cantor The Ohio.
Making Apache Hadoop Secure Devaraj Das Yahoo’s Hadoop Team.
Jens G Jensen CCLRC e-Science Single Sign-on to the Grid Federated Access and Integrated Identity Management.
Shibboleth: New Functionality in Version 1 Steve Carmody July 9, 2003 Steve Carmody July 9, 2003.
TAM STE Series 2008 © 2008 IBM Corporation WebSEAL SSO, Session 108/2008 TAM STE Series WebSEAL SSO, Session 1 Presented by: Andrew Quap.
Campus Management Portal and Online Higher Education Cardean Learning Group.
Copyright 2007, Information Builders. Slide 1 WebFOCUS Authentication Mark Nesson, Vashti Ragoonath Information Builders Summit 2008 User Conference June.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
UPortal 3 – What's New? JA-SIG Conference, Spring 2008 uPortal What's New? Eric Dalquist University of Wisconsin - Madison.
What’s new in Stack 3.2 Michael Youngstrom. Disclaimer This IS a presentation – So sit back and relax Please ask questions.
Copyright ®xSpring Pte Ltd, All rights reserved Versions DateVersionDescriptionAuthor May First version. Modified from Enterprise edition.NBL.
Module 9: Active Directory Domain Services. Overview Describe new features in AD DS List manageability and reliability enhancements in AD DS.
Module 9 Configuring Messaging Policy and Compliance.
SSL, Single Sign On, and External Authentication Presented By Jeff Kelley April 12, 2005.
Chad La Joie Shibboleth’s Future.
Shibboleth: Installation and Deployment Scott Cantor July 29, 2002 Scott Cantor July 29, 2002.
TWSd - Security Workshop Part I of III T302 Tuesday, 4/20/2010 TWS Distributed & Mainframe User Education April 18-21, 2010  Carefree Resort  Carefree,
Higher Express Banner-APEX Integration Framework
Using Spring Security and CAS JA-SIG Summer Conference Denver, CO June 24 – 27, 2007.
June 10-15, 2012 Growing Community; Growing Possibilities Kevin Muller, Fordham University Bill Thompson, Unicon.
NA-MIC National Alliance for Medical Image Computing UCSD: Engineering Core 2 Portal and Grid Infrastructure.
Shibboleth: Installation and Deployment Scott Cantor July 29, 2002 Scott Cantor July 29, 2002.
Samba – Good Just Keeps Getting Better The new and not so new features available in Samba, and how they benefit your organization. Copyright 2002 © Dustin.
Single Sign-On across Web Services Ernest Artiaga CERN - OpenLab Security Workshop – April 2004.
UMBC’s WebAuth Robert Banz – UMBC
Claims-Based Identity Solution Architect Briefing zoli.herczeg.ro Taken from David Chappel’s work at TechEd Berlin 2009.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
February, TRANSCEND SHIRO-CAS INTEGRATION ANALYSIS.
System/SDWG Update Management Council Face-to-Face Flagstaff, AZ August 22-23, 2011 Sean Hardman.
Jasig CAS Roadmap Scott Battaglia Rutgers, the State University of New Jersey.
15 Copyright © 2004, Oracle. All rights reserved. Adding JAAS Security to the Client.
Shibboleth 1.2 Technical Overview “So you thought 1.1 was complicated…” Scott Cantor The Ohio State University and Internet2 Scott Cantor.
Google Code Libraries Dima Ionut Daniel. Contents What is Google Code? LDAPBeans Object-ldap-mapping Ldap-ODM Bug4j jOOR Rapa jongo Conclusion Bibliography.
Agenda  Microsoft Directory Synchronization Tool  Active Directory Federation Server  ADFS Proxy  Hybrid Features – LAB.
#SummitNow Consuming OAuth Services in Alfresco Share Alfresco Summit 2013 Will Abson
Scott Van Heest IT Specialist, Data Analysis and Support Team, NPCR, CDC Denise Farmer CDC/NPCR Contractor Division of Cancer Prevention and Control National.
Unlocking the Secrets of Alfresco Authentication Mehdi BELMEKKI, Consultancy Team Alfresco.
© 2016 IBM Corporation Virtual Appliance migration self-assessment May 2016 IBM Security Identity Manager.
Apache Geronimo Open Source J2EE Application Server Getting up to speed with Apache Geronimo - Copyright 2005 Tom McQueeney 1 Getting up to speed with.
Office of Information Technology GT Identity and Access Management JA-SIG CAS project (introducing login.gatech.edu) April 29th,
ClearPass A CAS Extension Enabling Credential Replay Andrew Petro Unicon, Inc. Jasig 2010 San Diego, CA 09 March 2010 © Copyright Unicon, Inc.,
XNAT 1.7: Getting Started 6 June, Introduction In this presentation we’ll discuss:  Features and functions in XNAT 1.7  Requirements  Installing.
October 2014 HYBRIS ARCHITECTURE & TECHNOLOGY 01 OVERVIEW.
Shibboleth Identity Provider Version 3
Ask the Experts – Building Login-Based Sites in AEM
Agenda:- DevOps Tools Chef Jenkins Puppet Apache Ant Apache Maven Logstash Docker New Relic Gradle Git.
Identity and Access Management Challenges in uPortal
Node.js Express Web Applications
Welcome to the 20th Anniversary of the IUG
What’s changed in the Shibboleth 1.2 Origin
Central Authentication Service
JAAS AuthN Tokens in uPortal and Beyond
SDMX IT Tools SDMX Registry
Presentation transcript:

CAS Lightning Talk Jasig-Sakai 2012 Tuesday June 12th 2012 Atlanta, GA Andrew Petro - Unicon, Inc.

What is CAS, anyway?

CAS is open source single sign-on for the Web Modify applications to rely upon CAS to authenticate the user

Good features Pluggable, flexible, and malleable a toolkit for building your institutional login experience Simple CAS protocol and client libraries n-tier delegated authentication password replay still possible if you really want

You are here. Y o u a r e h e r e.

CAS is simple Example: CAS doesn’t want to *be* your store of credentials, your account management system, your attribute repository. It wants to leverage your IdM infrastructure to broker Web logins Kinds of credentials CAS supports: passwords (bind against LDAP, in a database,...) x.509 certificates OAuth...

Spring Web Flow

Spring Web Flow useful for adding Acceptable Use Policy acceptance prompt stale / expired password warning / enforcement nuanced authentication error messaging / handling coarse grained access control target-application-specific handling...

Lots of integration libraries Java / Java Servlet Filter / Spring Security / Apache Shiro / Tomcat Apache module.NETPHPPerlRuby PAM module Python...

Lots of applications with available CAS support uPortalSakaiDrupalWordpressLiferayBlackboard...

Lots of adopting institutions Unclear how many? move=1000k

Community (via Jasig) lists wiki and issue tracker source control (now on GitHub) this conference...

Implement using Maven overlay Factor your CAS implementation as pom.xml dependency declaration, local configuration, and local customizations CAS distribution + your dependencies + your changes + your configuration = your CAS implementation

CAS what’s new

3.5 “minor” release Incur some upgrade pain on 3.4 to 3.5 In exchange for new functionality and improvements

Themes Theme 1: extensions coming into CAS product Theme 2: incremental honing and maturity

Theme 1: Extensions coming into CAS product LPPE - LDAP Password / Account status reflection ClearPass - optional password caching and selective, secure release EhCache Ticket Registry - another option for ticket state clustering OAuth2 producer and consumer support - more ways to authenticate users to CAS and to integrate with CAS in relying applications

LPPE - LDAP account status reflection Why is authentication against LDAP (Active Directory) failing? Password wrong? Account is locked? Other error code? Now error codes reflected in UI. Initially integrates with Active Directory, with potential for more error mappings

ClearPass optional password caching and selective, secure password release to relying applications This was a separate CAS extension, now drawn into the core CAS product off by default. several steps required to turn on this feature.

Why do I need ClearPass??

Why else do I need ClearPass? Outlook Web Application CASification? WebAdvisor CASification? It’s a tool. You may need it. You may be able to avoid it. Try to avoid.

Do I have to cache and release passwords? Absolutely not. Off by default. Very. But now easier to turn on, with less messing around with Maven and dependencies conflict resolution.

EhCache Ticket Registry Another option for clustering ticket registry state among clustered CAS server nodes Bridges from CAS TicketRegistry API to EhCache Options within EhCache for implementing and replicating that cache RMITerracotta

OAuth Producer and Consumer support and improved OpenID support

Choose to login via OAuth

Login at e.g. GitHub

Validating the ticket

Theme 2: Incremental honing and maturity Regular expressions in service registration matching * Better SSO session expiration policy * Improved properties handling Improved health monitoring Upgrades to dependencies, Spring framework version, etc. * = also in later / latest CAS 3.4.x release

SSO session expiration policy (“TicketGrantingTicket” expiration policy) Set both a hard timeout And a sliding window idle timeout

Improved properties handling More in cas.properties Sensible defaults optionally overridden by cas.properties (set what you change) Easier to put cas.properties outside of the.war Logging configuration file location set in cas.properties

(Those were all old, actually) The incremental feature in CAS 3.5 is additional monitoring, suitable for targeting with an automated probe.

Contact information Andrew Petro

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.