1 / 10

Introducing the Central Authentication Service (CAS)

Introducing the Central Authentication Service (CAS). Shawn Bayern Research programmer, ITS Technology & Planning Author, Web Development with JavaServer Pages JSTL implementation lead (JCP, Apache). Current CAS users. Network registration tool (Netreg)

heather-noble
Download Presentation

Introducing the Central Authentication Service (CAS)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Introducing theCentral Authentication Service (CAS) Shawn Bayern Research programmer, ITS Technology & Planning Author, Web Development with JavaServer Pages JSTL implementation lead (JCP, Apache)

  2. Current CAS users • Network registration tool (Netreg) • Used by thousands of students, mostly during the first two weeks of the academic year • AM&T applications • software distribution • Pantheon account tool • internal support applications • Workstation support services and machines • Undergraduate groups • YaleStation • Yale Herald • RIS file transfer services, MyOracle and others

  3. Questions to answer • What does CAS do? • How does it work? • How can you use it? • What’s on the horizon?

  4. Features and advantages • Web single sign-on • Convenience • Centralized authentication policy • Easier to maintain in enterprise • Gets users used to single site for logging in • Applications don’t handle sensitive passwords

  5. CAS in a nutshell Authenticates via password (once) Determines validity of user’s claimed authentication Authenticates without sending password Browser Web application

  6. Users can be asked to avoid supplying password except to trusted site. Expected URL Known “look and feel” Authentic peer certificate (if anyone cares) What CAS looks like

  7. How CAS actually works S T Web application CAS NetID S S T Web browser C

  8. How to use CAS in a web application • Replaces Kauth and similar mechanisms • Used as "gate" for application • Applications need to do two things • Redirect • Request/response with HTTPS URL • Therefore, CAS works with most platforms. • T&P provides libraries for Java, JSP, & Perl • ... and can assist with ASP, PHP, etc

  9. Examples • JSP tag Simply add the following to every JSP page: <cas:auth id=“netid” scope=“session” /> • Java (e.g., Servlets) public String validate( String ticket, String service); (Returns authenticated NetID)

  10. CAS’s future • Broader adoption • CAS becomes standard ITS authentication mechanism • Load testing • CAS 2.0 • Portals and proxies • New, requested features: • Prevents brute-force password guessing • Lets applications avoid single sign-on • Ensures redundancy and availability

More Related