Presentation is loading. Please wait.

Presentation is loading. Please wait.

Jasig 2011 CAS Update Marvin Addison Susan Bramhall Andrew Petro

Published byGiles Jenkins Modified over 6 years ago

Similar presentations

Presentation on theme: "Jasig 2011 CAS Update Marvin Addison Susan Bramhall Andrew Petro"— Presentation transcript:

1 Jasig 2011 CAS Update Marvin Addison Susan Bramhall Andrew Petro
Bill Thompson

2 CAS Server 3

3 3.4 maintenance branch 3.4.8 tagged, but
3.4.7 latest marketed GA release Bugfix releases LoginTicket restored to protocol compliance

4 Improve Services Management UI?

5 Goals, Design, and Features
CAS 4 Goals, Design, and Features Marvin Addison Middleware Services Virginia Tech May 24, 2011

6 CAS 4 Goals, Design, and Features
Multiprotocol support by design CAS protocols SAML 1.1 and SAML 2 OpenID Support important/emerging use cases User messaging (e.g. password expiration) Multi-factor authentication Federation Add extension points with richer APIs CAS 4 Goals, Design, and Features

7 CAS 4 Goals, Design, and Features
Change Hurts CAS 4 Goals, Design, and Features

8 Component Name Changes
CAS 3 CAS 4 TicketGrantingTicket Session (implied) Access ServiceTicket TokenServiceAccessRequest TicketRegistry SessionStorage CAS 4 Goals, Design, and Features

9 CAS 4 Goals, Design, and Features
Name Change Rationale Concise, accurate names clarify the API Names distill common features of all (planned) protocols Avoid overloading names (e.g. Ticket) Name implied but important concepts (e.g. Access) CAS 4 Goals, Design, and Features

10 Richer Component Interfaces
Core layers remain same Authentication Ticket (Session) management Service management Layers exchange *Request/*Response messages Factories help tame dependencies CAS 4 Goals, Design, and Features

11 Login Example LoginRequest SWF CntrAuthSvc POST Credentials
LoginResponse AuthenticationRequest AuthenticationResponse AuthenticationManager CAS 4 Goals, Design, and Features

12 CAS 4 Goals, Design, and Features
What Can We Do With It? CAS 4 Goals, Design, and Features

13 Password Expiration Warnings
Two key API components collaborate GeneralSecurityExceptionTranslator LoginResponse MicrosoftActiveDirectoryGeneralSecurityExceptio nTranslator translates LDAP exception for password expired into CredentialExpiredException LoginResponse#getGeneralSecurityExceptions() available to view layer for user display CAS 4 Goals, Design, and Features

14 Multifactor Authentication
Key enablers are support for multiple credentials in LoginRequest and storage of multiple authn exeptions in LoginResponse The Map<Credential, GeneralSecurityException> is fundamentally important for SWF processing and user interaction Details of user interaction (e.g. how to upgrade existing credential) not well understood CAS 4 Goals, Design, and Features

15 CAS 4 Goals, Design, and Features
Work in Progress CAS 4 is undergoing active development We MUST get new APIs right Peer review and collaboration essential to success – is your use case covered? Feedback welcome on CAS 4 Goals, Design, and Features

16 Client Libraries

17 CAS Clients – Official Acegi (Spring Security)
CAS Client for Java 3.0/3.1 mod_auth_cas (Apache) PhpCAS .NET CAS Client (almost official...) Official Clients Generally being actively developed and maintained. Likely to get support on the cas-user list.

18 CAS Clients – Unofficial
.Net Http module ASP.NET Forms Authentication AuthCAS CAS + Seam Web Applications CASP Adds CAS Logic to an ASP.NET App CAS Proxying with ASP.Net Forms Authentication CherryPy CAS Client ColdFusion CAS Client Component ColdFusion client script Google Web Toolkit - GWT CAS Client jAPS 2.0 CAS Client mod_python auth module Perl Client Prado client Pycas Ruby on Rails CAS Client Seraph as CAS Client Soulwing CAS Client Soulwing Java CAS Client Symfony CAS Client VBScript Virginia Tech CAS Clients WebObjects Client Unofficial Clients Essentially all of the clients people have let us know about, that may or may not be in active development anymore, and may solve a niche need. You should use these at your own risk. Many are excellent clients, but may no longer be supported any more. Others are purely theoretical examples of of how a client would function.

19 CAS Clients – Incubating
.NET CAS Client (almost official...) CASBar – Toolbar for Firefox 2 Official Clients Incubating Clients are new clients that are under development, and which may become official clients. They're up-and-coming clients that we're paying attention to, have petitioned the Steering Committee to become official clients, and often have active members on cas- user.

20 CAS Clients – Legacy Yale CAS Client Apache Module PAM PL/SQL
Legacy Clients In many cases, no longer actively developed, but still function quite well (i.e. the PAM module). In other cases, they've been superseded by newer clients (i.e. The Jasig CAS Client for Java). You will still find many people on cas-user who are familiar with these modules, but many have migrated to the newer code.

21 CAS Clients – CASifying Apps
Apache OFBiz Joomla OpenCms OpenReports SharePoint & ASP.NET Web Sites WebAdvisor Confluence as CAS Client EZPublish Fisheye and Crucible Oracle Calendar web client with mod_cas Oracle Portal Oracle 11i applications qmail-ldap+webmail Mediawiki (with phpCAS) Outlook Web Access 2 PeopleSoft phpBB3 (phpBB v3) phpGroupware Sakai Sun Identity Manager Tomcat Manager Roller weblogger Tomcat uPortal Client WordPress Client Zimbra Zope client CASifying Apps Describes some unofficial instructions, many contributed by users, on how to CASify particular applications.

22 CAS Clients – CASified Apps
uPortal Mantis pNews Sympa TikiWiki Mule Claroline Moodle Liferay Portal ILIAS Learning Management Chamilo Simply Voting BlueSocket CASified Apps Project / Vendor maintained CAS integration. Works out- out-of-the-box!

23 Documentation

24 Your feedback / Discussion / Questions

25 CAS 4 Goals, Design, and Features
Questions CAS 4 Goals, Design, and Features

Download ppt "Jasig 2011 CAS Update Marvin Addison Susan Bramhall Andrew Petro"

Similar presentations

MyProxy Jim Basney Senior Research Scientist NCSA

MyProxy Jim Basney Senior Research Scientist NCSA
Central Authentication Service Roadmap JA-SIG Winter 2004.

Central Authentication Service Roadmap JA-SIG Winter 2004.
Whats New in Microsoft Office 365 Module 01 | Daniel Sierra | Account Technology Strategist Microsoft Education México.

Whats New in Microsoft Office 365 Module 01 | Daniel Sierra | Account Technology Strategist Microsoft Education México.
A Blackboard Building Block™ Crash Course for Web Developers

A Blackboard Building Block™ Crash Course for Web Developers
MyProxy: A Multi-Purpose Grid Authentication Service

MyProxy: A Multi-Purpose Grid Authentication Service
David Ohsie - Distinguished Engineer, EMC Corporation Bill Thompson CISSP, CSSLP - Director IAM Practice, Unicon Aaron Weaver Leveraging OWASP in Open.

David Ohsie - Distinguished Engineer, EMC Corporation Bill Thompson CISSP, CSSLP - Director IAM Practice, Unicon Aaron Weaver Leveraging OWASP in Open.
Introducing JA-SIG Central Authentication Service 3.0 Scott Battaglia Rutgers, the State University of New Jersey.

Introducing JA-SIG Central Authentication Service 3.0 Scott Battaglia Rutgers, the State University of New Jersey.
What’s New in JA-SIG CAS? JA-SIG Summer Conference Denver, CO June 24 – 27, 2007.

What’s New in JA-SIG CAS? JA-SIG Summer Conference Denver, CO June 24 – 27, 2007.
UPortal 2 Status Andrew Petro, Yale Bill Thompson, Rutgers.

UPortal 2 Status Andrew Petro, Yale Bill Thompson, Rutgers.
UPortal and the Yale Central Authentication Service Drew Mazurek ITS Technology & Planning Yale University JA-SIG Summer Conference ‘04 Denver, CO June.

UPortal and the Yale Central Authentication Service Drew Mazurek ITS Technology & Planning Yale University JA-SIG Summer Conference ‘04 Denver, CO June.
Integrating Oracle Collaboration Suite into the Identity Management Infrastructure Dan Malone Cal Poly, San Luis Obispo Integrating.

Integrating Oracle Collaboration Suite into the Identity Management Infrastructure Dan Malone Cal Poly, San Luis Obispo Integrating.
UPortal Security and CAS Susan Bramhall ITS Technology & Planning Yale University.

UPortal Security and CAS Susan Bramhall ITS Technology & Planning Yale University.
JA-SIG CAS Enterprise Single Sign-On Scott Battaglia Application Developer Enterprise Systems & Services Rutgers, the State University of New Jersey Copyright.

JA-SIG CAS Enterprise Single Sign-On Scott Battaglia Application Developer Enterprise Systems & Services Rutgers, the State University of New Jersey Copyright.
MyVRM Architectural Review October 2012. Agenda myVRM Quick Review Overall Architectural Concepts Design Principals Implementation Detail Q&A.

MyVRM Architectural Review October Agenda myVRM Quick Review Overall Architectural Concepts Design Principals Implementation Detail Q&A.
Authenticating REST/Mobile clients using LDAP and OERealm

Authenticating REST/Mobile clients using LDAP and OERealm
“This presentation is for informational purposes only and may not be incorporated into a contract or agreement.”

“This presentation is for informational purposes only and may not be incorporated into a contract or agreement.”
Library à la Carte: Customize|Collaborate|Connect Overview & Demo Kim Griggs & Jane Nichols Oregon State University.

Library à la Carte: Customize|Collaborate|Connect Overview & Demo Kim Griggs & Jane Nichols Oregon State University.
Week 7 Lecture Web Database Development Samuel Conn, Asst. Professor

Week 7 Lecture Web Database Development Samuel Conn, Asst. Professor
The Central Authentication Service (CAS) Shawn Bayern Research programmer, Yale University Author, JSTL in Action, Web Development with JavaServer Pages.

The Central Authentication Service (CAS) Shawn Bayern Research programmer, Yale University Author, JSTL in Action, Web Development with JavaServer Pages.
Central Authentication Service

Central Authentication Service

Similar presentations

Ads by Google