Download presentation
Presentation is loading. Please wait.
Published byPercival Long Modified over 9 years ago
1
CAS Lightning Talk Jasig-Sakai 2012 Tuesday June 12th 2012 Atlanta, GA Andrew Petro - Unicon, Inc.
2
What is CAS, anyway?
4
CAS is open source single sign-on for the Web Modify applications to rely upon CAS to authenticate the user
5
Good features Pluggable, flexible, and malleable a toolkit for building your institutional login experience Simple CAS protocol and client libraries n-tier delegated authentication password replay still possible if you really want
7
You are here. Y o u a r e h e r e.
8
CAS is simple Example: CAS doesn’t want to *be* your store of credentials, your account management system, your attribute repository. It wants to leverage your IdM infrastructure to broker Web logins Kinds of credentials CAS supports: passwords (bind against LDAP, in a database,...) x.509 certificates OAuth...
9
Spring Web Flow
10
Spring Web Flow useful for adding Acceptable Use Policy acceptance prompt stale / expired password warning / enforcement nuanced authentication error messaging / handling coarse grained access control target-application-specific handling...
11
Lots of integration libraries Java / Java Servlet Filter / Spring Security / Apache Shiro / Tomcat Apache module.NETPHPPerlRuby PAM module Python...
12
Lots of applications with available CAS support uPortalSakaiDrupalWordpressLiferayBlackboard...
13
Lots of adopting institutions Unclear how many? http://millionshort.com/search.php?q=Jasig+CAS&re move=1000k
14
Community (via Jasig) email lists wiki and issue tracker source control (now on GitHub) this conference...
15
Implement using Maven overlay Factor your CAS implementation as pom.xml dependency declaration, local configuration, and local customizations CAS distribution + your dependencies + your changes + your configuration = your CAS implementation
16
CAS 3.5 - what’s new
17
3.5 “minor” release Incur some upgrade pain on 3.4 to 3.5 In exchange for new functionality and improvements
18
Themes Theme 1: extensions coming into CAS product Theme 2: incremental honing and maturity
19
Theme 1: Extensions coming into CAS product LPPE - LDAP Password / Account status reflection ClearPass - optional password caching and selective, secure release EhCache Ticket Registry - another option for ticket state clustering OAuth2 producer and consumer support - more ways to authenticate users to CAS and to integrate with CAS in relying applications
20
LPPE - LDAP account status reflection Why is authentication against LDAP (Active Directory) failing? Password wrong? Account is locked? Other error code? Now error codes reflected in UI. Initially integrates with Active Directory, with potential for more error mappings
21
ClearPass optional password caching and selective, secure password release to relying applications This was a separate CAS extension, now drawn into the core CAS product off by default. several steps required to turn on this feature.
22
Why do I need ClearPass??
23
Why else do I need ClearPass? Outlook Web Application CASification? WebAdvisor CASification? It’s a tool. You may need it. You may be able to avoid it. Try to avoid.
24
Do I have to cache and release passwords? Absolutely not. Off by default. Very. But now easier to turn on, with less messing around with Maven and dependencies conflict resolution.
25
EhCache Ticket Registry Another option for clustering ticket registry state among clustered CAS server nodes Bridges from CAS TicketRegistry API to EhCache Options within EhCache for implementing and replicating that cache RMITerracotta
26
OAuth Producer and Consumer support and improved OpenID support
27
Choose to login via OAuth
28
Login at e.g. GitHub
29
Validating the ticket
30
Theme 2: Incremental honing and maturity Regular expressions in service registration matching * Better SSO session expiration policy * Improved properties handling Improved health monitoring Upgrades to dependencies, Spring framework version, etc. * = also in later / latest CAS 3.4.x release
32
SSO session expiration policy (“TicketGrantingTicket” expiration policy) Set both a hard timeout And a sliding window idle timeout
33
Improved properties handling More in cas.properties Sensible defaults optionally overridden by cas.properties (set what you change) Easier to put cas.properties outside of the.war Logging configuration file location set in cas.properties
38
(Those were all old, actually) The incremental feature in CAS 3.5 is additional monitoring, suitable for targeting with an automated probe.
39
Contact information Andrew Petro apetro@unicon.net http://www.unicon.net/blog/apetro http://www.unicon.net/contact
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.