CAS Update Jasig 2011 Marvin Addison Susan Bramhall Andrew Petro Bill Thompson.

Slides:

Advertisements

Similar presentations

MyProxy Jim Basney Senior Research Scientist NCSA

Advertisements

Open-source Single Sign-On with CAS (Central Authentication Service) Pascal Aubry, Vincent Mathieu & Julien Marchal Copyright © 2004 – ESUP-Portail consortium.

Central Authentication Service Roadmap JA-SIG Winter 2004.

Whats New in Microsoft Office 365 Module 01 | Daniel Sierra | Account Technology Strategist Microsoft Education México.

A Blackboard Building Block™ Crash Course for Web Developers

MyProxy: A Multi-Purpose Grid Authentication Service

David Ohsie - Distinguished Engineer, EMC Corporation Bill Thompson CISSP, CSSLP - Director IAM Practice, Unicon Aaron Weaver Leveraging OWASP in Open.

Introducing JA-SIG Central Authentication Service 3.0 Scott Battaglia Rutgers, the State University of New Jersey.

W alkie Doggie is a web application that allows dog owners to help each other with their dog walks. It’s main feature is the walkies, which are the user’s.

Experimental OpenID Service for DOEGrids Summer Student Program 2008 Jan Durand ESnet 08/06/08.

National Center for Supercomputing Applications Integrating MyProxy with Site Authentication Jim Basney Senior Research Scientist National Center for Supercomputing.

What’s New in JA-SIG CAS? JA-SIG Summer Conference Denver, CO June 24 – 27, 2007.

National Center for Supercomputing Applications University of Illinois at Urbana-Champaign This material is based upon work supported by the National Science.

UPortal 2 Status Andrew Petro, Yale Bill Thompson, Rutgers.

UPortal and the Yale Central Authentication Service Drew Mazurek ITS Technology & Planning Yale University JA-SIG Summer Conference ‘04 Denver, CO June.

Integrating Oracle Collaboration Suite into the Identity Management Infrastructure Dan Malone Cal Poly, San Luis Obispo Integrating.

UPortal Authentication Options: Design and Application Shawn Bayern Research programmer, Yale University Author, Web Development with JavaServer Pages.

UPortal Security and CAS Susan Bramhall ITS Technology & Planning Yale University.

JA-SIG CAS Enterprise Single Sign-On Scott Battaglia Application Developer Enterprise Systems & Services Rutgers, the State University of New Jersey Copyright.

Authenticating REST/Mobile clients using LDAP and OERealm

Web-based Portal for Discovery, Retrieval and Visualization of Earth Science Datasets in Grid Environment Zhenping (Jane) Liu.

“This presentation is for informational purposes only and may not be incorporated into a contract or agreement.”

Project Rickshaw SEARCH - FIND - GO. Project Rickshaw TEAM MEMBERS KEVIN AUGUSTINO – MATT FOX – DAVID MOORE SPONSORS KARASU TECHNOLOGIES - ERIK PAUL -

UPortal 3 – What's New? JA-SIG Conference, Spring 2008 uPortal What's New? Eric Dalquist University of Wisconsin - Madison.

1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.

Library à la Carte: Customize|Collaborate|Connect Overview & Demo Kim Griggs & Jane Nichols Oregon State University.

Valma Technical Aspects

The Central Authentication Service (CAS) Shawn Bayern Research programmer, Yale University Author, JSTL in Action, Web Development with JavaServer Pages.

Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Design Extensions to Google+ CS6204 Privacy and Security.

Kuali Rice at Indiana University Rice Setup Options July 29-30, 2008 Eric Westfall.

Identity Management Report By Jean Carreon and Marlon Gonzales.

Integrating with UCSF’s Shibboleth system

TNC2004 Rhodes 1 Authentication and access control in Sympa mailing list manager Serge Aumont & Olivier Salaün May 2004.

AJAX and Atlas in ASP.NET 2.0 William J. Steele MSDN Developer Evangelist Microsoft Corporation

GT Components. Globus Toolkit A “toolkit” of services and packages for creating the basic grid computing infrastructure Higher level tools added to this.

Module 5 Configuring Authentication. Module Overview Lesson 1: Understanding Classic SharePoint Authentication Providers Lesson 2: Understanding Federated.

Using Spring Security and CAS JA-SIG Summer Conference Denver, CO June 24 – 27, 2007.

CAS Lightning Talk Jasig-Sakai 2012 Tuesday June 12th 2012 Atlanta, GA Andrew Petro - Unicon, Inc.

Web Services BOF This is a proposed new working group coming out of the Grid Computing Environments Research Group, as an outgrowth of their investigations.

A Community of Learning SUNGARD SUMMIT 2007 | sungardsummit.com 1 Extending SSO – CAS in Luminis Presented by: Zachary Tirrell Plymouth State University.

NA-MIC National Alliance for Medical Image Computing UCSD: Engineering Core 2 Portal and Grid Infrastructure.

CAS Scott Battaglia Rutgers, the State University of New Jersey.

UMBC’s WebAuth Robert Banz – UMBC

JA-SIG Austin December, 2005 Conversation with the JA-SIG Board Ted Dodds University of British Columbia Ian Dolphin University of Hull Patty Gertz Princeton.

INRIA - Progress report DBGlobe meeting - Athens November 29 th, 2002.

Stanford GSB High Tech Club Tech 101 – Session 1 Introduction to Software, Distributed Architectures, and ASPs Presented by Shawn Carolan Former Manager.

SAML to LDAP bridging developments Marcus Hardt Marcus kit.eduSteinbuch Centre for Computing (SCC) Motivation Allow linux logins,

February, TRANSCEND SHIRO-CAS INTEGRATION ANALYSIS.

Zdenek Nejedly 1, Hugh Smith 1, Matt Searle 1, Cindy Wells 2, Bill Teesdale 2, Trevor Pemberton 3, Kyle Mackie 3 1 Computing & Communications Services.

Jasig CAS Roadmap Scott Battaglia Rutgers, the State University of New Jersey.

Shibboleth Identity Provider Version 3 Scott Cantor The Ohio State University Marvin Addison Virginia Tech.

Shibboleth Identity Provider Version 3 Scott Cantor The Ohio State University Marvin Addison Virginia Tech.

Today’s Applications Web API Browser Native app Web API Web API

Building Preservation Environments with Data Grid Technology Reagan W. Moore Presenter: Praveen Namburi.

1 LM 6 Database Applications Dr. Lei Li. Learning Objectives Explain three components of a client-server system Describe differences between a 2-tiered.

Office of Information Technology GT Identity and Access Management JA-SIG CAS project (introducing login.gatech.edu) April 29th,

The FederID project The First Identity Management and Federation Free Software.

ClearPass A CAS Extension Enabling Credential Replay Andrew Petro Unicon, Inc. Jasig 2010 San Diego, CA 09 March 2010 © Copyright Unicon, Inc.,

Shibboleth Identity Provider Version 3

The Object-Oriented Thought Process Chapter 13

Sakai ID & Access Management

Identity and Access Management Challenges in uPortal

Microsoft /4/2018 8:21 AM BRK3082 Build solutions and apps with Microsoft OneDrive API and Microsoft Graph API Ryan Gregg Principal Program Manger,

CAS and Web Single Sign-on at UConn

Server Concepts Dr. Charles W. Kann.

Jasig 2011 CAS Update Marvin Addison Susan Bramhall Andrew Petro

ASP.NET Module Subtitle.

Central Authentication Service

SharePoint 2019 Overview and Use SPFx Extensions

Presentation transcript:

CAS Update Jasig 2011 Marvin Addison Susan Bramhall Andrew Petro Bill Thompson

CAS Server 3

3.4 maintenance branch tagged, but latest marketed GA release Bugfix releases LoginTicket restored to protocol compliance

Improve Services Management UI?

CAS 4 Goals, Design, and Features Marvin Addison Middleware Services Virginia Tech May 24, 2011

CAS 4 Goals, Design, and Features6 Goals Multiprotocol support by design CAS protocols SAML 1.1 and SAML 2 OpenID Support important/emerging use cases User messaging (e.g. password expiration) Multi-factor authentication Federation Add extension points with richer APIs

CAS 4 Goals, Design, and Features7 Change Hurts

CAS 4 Goals, Design, and Features8 Component Name Changes CAS 3CAS 4 TicketGrantingTicketSession (implied)Access ServiceTicketTokenServiceAccessRequest TicketRegistrySessionStorage

CAS 4 Goals, Design, and Features9 Name Change Rationale Concise, accurate names clarify the API Names distill common features of all (planned) protocols Avoid overloading names (e.g. Ticket) Name implied but important concepts (e.g. Access)

CAS 4 Goals, Design, and Features10 Richer Component Interfaces Core layers remain same Authentication Ticket (Session) management Service management Layers exchange *Request/*Response messages Factories help tame dependencies

CAS 4 Goals, Design, and Features11 Login Example Credential s SW F POST CntrAuthSvc LoginRequest LoginResponse AuthenticationManager AuthenticationRequest AuthenticationResponse

CAS 4 Goals, Design, and Features12 What Can We Do With It?

CAS 4 Goals, Design, and Features13 Password Expiration Warnings Two key API components collaborate GeneralSecurityExceptionTranslator LoginResponse MicrosoftActiveDirectoryGeneralSecurityExceptio nTranslator translates LDAP exception for password expired into CredentialExpiredException LoginResponse#getGeneralSecurityExceptions() available to view layer for user display

CAS 4 Goals, Design, and Features14 Multifactor Authentication Key enablers are support for multiple credentials in LoginRequest and storage of multiple authn exeptions in LoginResponse The Map is fundamentally important for SWF processing and user interaction Details of user interaction (e.g. how to upgrade existing credential) not well understood

CAS 4 Goals, Design, and Features15 Work in Progress CAS 4 is undergoing active development We MUST get new APIs right Peer review and collaboration essential to success – is your use case covered? Feedback welcome on

Client Libraries

17 CAS Clients – Official Acegi (Spring Security) CAS Client for Java 3.0/3.1 mod_auth_cas (Apache) PhpCAS.NET CAS Client (almost official...) Official Clients Generally being actively developed and maintained. Likely to get support on the cas-user list.

18 CAS Clients – Unofficial.Net Http module ASP.NET Forms Authentication AuthCASCAS + Seam Web Applications CASP Adds CAS Logic to an ASP.NET AppCAS Proxying with ASP.Net Forms Authentication CherryPy CAS ClientColdFusion CAS Client ComponentColdFusion client script Google Web Toolkit - GWT CAS ClientjAPS 2.0 CAS Clientmod_python auth module Perl ClientPrado clientPycasRuby on Rails CAS ClientSeraph as CAS Client Soulwing CAS ClientSoulwing Java CAS ClientSymfony CAS Client VBScriptVirginia Tech CAS ClientsWebObjects Client Unofficial Clients Essentially all of the clients people have let us know about, that may or may not be in active development anymore, and may solve a niche need. You should use these at your own risk. Many are excellent clients, but may no longer be supported any more. Others are purely theoretical examples of of how a client would function.

19 CAS Clients – Incubating.NET CAS Client (almost official...) CASBar – Toolbar for Firefox 2 Official Clients Incubating Clients are new clients that are under development, and which may become official clients. They're up-and-coming clients that we're paying attention to, have petitioned the Steering Committee to become official clients, and often have active members on cas- user.

20 CAS Clients – Legacy Yale CAS Client Apache Module PAM PL/SQL Legacy Clients In many cases, no longer actively developed, but still function quite well (i.e. the PAM module). In other cases, they've been superseded by newer clients (i.e. The Jasig CAS Client for Java). You will still find many people on cas-user who are familiar with these modules, but many have migrated to the newer code.

21 CAS Clients – CASifying Apps Apache OFBiz Joomla 1.5 OpenCms OpenReports SharePoint & ASP.NET Web Sites WebAdvisor Confluence as CAS Client EZPublish Fisheye and Crucible Oracle Calendar web client with mod_cas Oracle Portal Oracle 11i applications qmail-ldap+webmail Mediawiki (with phpCAS)Outlook Web Access 2 PeopleSoft phpBB3 (phpBB v3) phpGroupware Sakai Sun Identity Manager Tomcat Manager Roller weblogger Tomcat uPortal Client WordPress Client Zimbra Zope client CASifying Apps Describes some unofficial instructions, many contributed by users, on how to CASify particular applications.

22 CAS Clients – CASified Apps uPortal Mantis pNews Sympa TikiWiki Mule Claroline Moodle Liferay Portal ILIAS Learning Management Chamilo Simply Voting BlueSocket CASified Apps Project / Vendor maintained CAS integration. Works out- out-of-the-box!

Documentation

Your feedback / Discussion / Questions

CAS 4 Goals, Design, and Features25 Questions