1 / 13

Approaches and challenges for a SSO enabled extranet using Jasig CAS

This article explores the environment for open source single sign-on (SSO) solutions, various SSO scenarios (intranet, extranet, cloud), SSO protocols (Kerberos, SAML, OAuth, etc.), open source SSO solutions (Shibboleth, CAS, JOSSO, etc.), and experiences with CAS in an extranet. The conclusion highlights the importance of SSO and IAM for enterprises, particularly in the cloud, and provides a project website for further information.

weavere
Download Presentation

Approaches and challenges for a SSO enabled extranet using Jasig CAS

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Approaches and challenges for a SSO enabled extranet using Jasig CAS Florian Holzschuher René Peinl 10.09.2013

  2. iisys - Institut für Informationssysteme Mission: „The institute is a competence centre for the application of information systems in companies. It is the bridge between international research and development and actual application in companies.“ Managing Director Claus Atzenbeck Research Application Analytical Information Systems Jörg Scheidt Multimedia Information Systems Richard Göbel Information Management Thomas Schaller Systems Integration René Peinl

  3. Agenda • Environment for Open Source SSO • SSO scenarios • Intranet, Extranet, Cloud • SSO protocols • Kerberos, SAML, OAuth, … • SSO solutions • Shibboleth, CAS, JOSSO, … • SSO experienceswith CAS • Conclusion

  4. Environment for Open Source SSO • Desktop • Windows still marketleaderwith ~ 90% share • Mobile • Chrome for Android similarcapabilitieslike Desktop Chrome • Server • Microsoft Active Directory isprevalenteven in OSS environments • SSO for all Microsoft products out ofthe box (NTLM, Kerberos) • OSS server-sideapplicationsmostlyonlywith LDAP • SSO solutionfor OSS applicationsisneeded

  5. SSO scenarios • Intranet • Everythingundercontrol, canbe a homogenouslandscape • Extranet • Reverse Proxy, two URLs, firewalls, lesscontroloverclients • CloudSaaS, esp. hybrid cloud • Maybewithoutreverseproxy, insteadloadbalancing, caching, georeplication • Upload ofuseraccounts • SSO solutionshouldbeintegratedwithusagemonitoring

  6. SSO protocols • Windows environments • NTLM • Kerberos • Web Service environments • SAML • XACML • Web 2.0 environments • OpenID • OAuth • OpenIDconnect

  7. Open Source SSO solutions • Shibboleth • Internet 2 consortium, federatedscenarios, Web Services, SAML • Jasig CAS (Central Authentication Service) • Usesown SSO protocol, but supportsstandardsaswell • AtricoreJOSSO • Java-based, but with .NET and PHP support, graphical SSO definition • ForgerockOpenAM • Successorofthe Sun Identity Manager • WSO2 Identity Server • Plays nicelytogetherwiththeremaining WSO2 infrastructure

  8. Comparisonof Open Source SSO

  9. Test scenario www.dein-weg-in-die-cloud.de

  10. Experienceswith CAS in an extranet • Single sign-on isworkingrelativelywell, singlesign-out does not • AJP solvesmostreverseproxyproblems, but not all.Especially AJAX callscausetrouble • Authentication on thereverseproxyinsteadoftheapplicationdoesn'tmake a notabledifference • Local administrative accountshavetobepreparedfor SSO • Fallbacksolutionwith an optiontoopt-out of SSO anduse a manuallocalloginwouldbedesirable imagesource: www.empowernetwork.com/thorsband/basic-computer-troubleshooting-tips/

  11. Experienceswith CAS in an extranet #2 • Inclusionof Apache Rave with Apache Shindigcausedproblems => CAS' ticket proxyingfeaturecouldbe a partofthesolutionagain AJAX callswithproblems • SSO isespeciallyill-suitedforinfrastructureservices => Apache Solrcould not beusedtoindexcontents due tosessionproblems Image source: www.mostphotos.com

  12. Conclusion • Many Open Source applicationsare not wellpreparedfor SSO (evenwellknownoneslikeAlfresco) • Besides SSO, youhavetosolvetheidentitymanagementproblem(synchronizeuserdatabetween LDAP andapplication => IAM) • Single sign-out ishardtoimplement, didonlyworkwellwith Spring framework • Complexityfor SSO isrisingfromintranet, overextranetto (hybrid) cloud • Gartner denoted SSO and IAM a "must have" for enterprises of all size and industry already 10 years ago=> with open source software it's sadly not reality today, the same applies to Cloud applications in general

  13. Thanksforyourattention I'm happy toansweryourquestions Have a lookatourprojectsite: www.dein-weg-in-die-cloud.de

More Related