Presentation is loading. Please wait.

Presentation is loading. Please wait.

CAS Lightning Talk Jasig-Sakai 2012 Tuesday June 12th 2012 Atlanta, GA Andrew Petro - Unicon, Inc.

Published byPercival Long Modified over 8 years ago

Similar presentations

Presentation on theme: "CAS Lightning Talk Jasig-Sakai 2012 Tuesday June 12th 2012 Atlanta, GA Andrew Petro - Unicon, Inc."— Presentation transcript:

1 CAS Lightning Talk Jasig-Sakai 2012 Tuesday June 12th 2012 Atlanta, GA Andrew Petro - Unicon, Inc.

2 What is CAS, anyway?

3

4 CAS is open source single sign-on for the Web Modify applications to rely upon CAS to authenticate the user

5 Good features Pluggable, flexible, and malleable a toolkit for building your institutional login experience Simple CAS protocol and client libraries n-tier delegated authentication password replay still possible if you really want

6

7 You are here. Y o u a r e h e r e.

8 CAS is simple Example: CAS doesn’t want to *be* your store of credentials, your account management system, your attribute repository. It wants to leverage your IdM infrastructure to broker Web logins Kinds of credentials CAS supports: passwords (bind against LDAP, in a database,...) x.509 certificates OAuth...

9 Spring Web Flow

10 Spring Web Flow useful for adding Acceptable Use Policy acceptance prompt stale / expired password warning / enforcement nuanced authentication error messaging / handling coarse grained access control target-application-specific handling...

11 Lots of integration libraries Java / Java Servlet Filter / Spring Security / Apache Shiro / Tomcat Apache module.NETPHPPerlRuby PAM module Python...

12 Lots of applications with available CAS support uPortalSakaiDrupalWordpressLiferayBlackboard...

13 Lots of adopting institutions Unclear how many? http://millionshort.com/search.php?q=Jasig+CAS&re move=1000k

14 Community (via Jasig) email lists wiki and issue tracker source control (now on GitHub) this conference...

15 Implement using Maven overlay Factor your CAS implementation as pom.xml dependency declaration, local configuration, and local customizations CAS distribution + your dependencies + your changes + your configuration = your CAS implementation

16 CAS 3.5 - what’s new

17 3.5 “minor” release Incur some upgrade pain on 3.4 to 3.5 In exchange for new functionality and improvements

18 Themes Theme 1: extensions coming into CAS product Theme 2: incremental honing and maturity

19 Theme 1: Extensions coming into CAS product LPPE - LDAP Password / Account status reflection ClearPass - optional password caching and selective, secure release EhCache Ticket Registry - another option for ticket state clustering OAuth2 producer and consumer support - more ways to authenticate users to CAS and to integrate with CAS in relying applications

20 LPPE - LDAP account status reflection Why is authentication against LDAP (Active Directory) failing? Password wrong? Account is locked? Other error code? Now error codes reflected in UI. Initially integrates with Active Directory, with potential for more error mappings

21 ClearPass optional password caching and selective, secure password release to relying applications This was a separate CAS extension, now drawn into the core CAS product off by default. several steps required to turn on this feature.

22 Why do I need ClearPass??

23 Why else do I need ClearPass? Outlook Web Application CASification? WebAdvisor CASification? It’s a tool. You may need it. You may be able to avoid it. Try to avoid.

24 Do I have to cache and release passwords? Absolutely not. Off by default. Very. But now easier to turn on, with less messing around with Maven and dependencies conflict resolution.

25 EhCache Ticket Registry Another option for clustering ticket registry state among clustered CAS server nodes Bridges from CAS TicketRegistry API to EhCache Options within EhCache for implementing and replicating that cache RMITerracotta

26 OAuth Producer and Consumer support and improved OpenID support

27 Choose to login via OAuth

28 Login at e.g. GitHub

29 Validating the ticket

30 Theme 2: Incremental honing and maturity Regular expressions in service registration matching * Better SSO session expiration policy * Improved properties handling Improved health monitoring Upgrades to dependencies, Spring framework version, etc. * = also in later / latest CAS 3.4.x release

31

32 SSO session expiration policy (“TicketGrantingTicket” expiration policy) Set both a hard timeout And a sliding window idle timeout

33 Improved properties handling More in cas.properties Sensible defaults optionally overridden by cas.properties (set what you change) Easier to put cas.properties outside of the.war Logging configuration file location set in cas.properties

34

35

36

37

38 (Those were all old, actually) The incremental feature in CAS 3.5 is additional monitoring, suitable for targeting with an automated probe.

39 Contact information Andrew Petro apetro@unicon.net http://www.unicon.net/blog/apetro http://www.unicon.net/contact

Download ppt "CAS Lightning Talk Jasig-Sakai 2012 Tuesday June 12th 2012 Atlanta, GA Andrew Petro - Unicon, Inc."

Similar presentations

Suchin Rengan Principal Technical Architect Salesforce.com

Suchin Rengan Principal Technical Architect Salesforce.com
Implementing Tableau Server in an Enterprise Environment

Implementing Tableau Server in an Enterprise Environment
Data Management Expert Panel - WP2. WP2 Overview.

Data Management Expert Panel - WP2. WP2 Overview.
Central Authentication Service Roadmap JA-SIG Winter 2004.

Central Authentication Service Roadmap JA-SIG Winter 2004.
Developing in CAS. Why? As distributed you edit CAS 3 with Eclipse and build with Maven 2 – Best Practice for Release Engineering – Difficult edit-debug.

Developing in CAS. Why? As distributed you edit CAS 3 with Eclipse and build with Maven 2 – Best Practice for Release Engineering – Difficult edit-debug.
ELAG Trondheim 2004 1 Distributed Access Control - BIBSYS and the FEIDE solution Sigbjørn Holmslet, BIBSYS, Norway Ingrid Melve, UNINET, Norway.

ELAG Trondheim Distributed Access Control - BIBSYS and the FEIDE solution Sigbjørn Holmslet, BIBSYS, Norway Ingrid Melve, UNINET, Norway.
MyProxy: A Multi-Purpose Grid Authentication Service

MyProxy: A Multi-Purpose Grid Authentication Service
A Brief Introduction 2012 Spring Security. What is it? Security toolkit for Java applications Primarily intended for web applications Open Source from.

A Brief Introduction 2012 Spring Security. What is it? Security toolkit for Java applications Primarily intended for web applications Open Source from.
National Center for Supercomputing Applications Integrating MyProxy with Site Authentication Jim Basney Senior Research Scientist National Center for Supercomputing.

National Center for Supercomputing Applications Integrating MyProxy with Site Authentication Jim Basney Senior Research Scientist National Center for Supercomputing.
What’s New in JA-SIG CAS? JA-SIG Summer Conference Denver, CO June 24 – 27, 2007.

What’s New in JA-SIG CAS? JA-SIG Summer Conference Denver, CO June 24 – 27, 2007.
UPortal and the Yale Central Authentication Service Drew Mazurek ITS Technology & Planning Yale University JA-SIG Summer Conference ‘04 Denver, CO June.

UPortal and the Yale Central Authentication Service Drew Mazurek ITS Technology & Planning Yale University JA-SIG Summer Conference ‘04 Denver, CO June.
UPortal Authentication Options: Design and Application Shawn Bayern Research programmer, Yale University Author, Web Development with JavaServer Pages.

UPortal Authentication Options: Design and Application Shawn Bayern Research programmer, Yale University Author, Web Development with JavaServer Pages.
UPortal Security and CAS Susan Bramhall ITS Technology & Planning Yale University.

UPortal Security and CAS Susan Bramhall ITS Technology & Planning Yale University.
Teamcenter™ Security Services SSO

Teamcenter™ Security Services SSO
Virtual Observatory Single Sign-on U.S. National Virtual Observatory National Center for Supercomputing Applications Ray Plante, Bill Baker.

Virtual Observatory Single Sign-on U.S. National Virtual Observatory National Center for Supercomputing Applications Ray Plante, Bill Baker.
Blackboard Building Blocks Authentication Overview Tuesday, June 30, 2015 Tom Joyce, Product Manager, Platform Architecture & Database.

Blackboard Building Blocks Authentication Overview Tuesday, June 30, 2015 Tom Joyce, Product Manager, Platform Architecture & Database.
Important when you launch Yammer Enterprise Create an engaged and trusted community Decide about User Profile Syncs Various User and Admin.

Important when you launch Yammer Enterprise Create an engaged and trusted community Decide about User Profile Syncs Various User and Admin.
Shibboleth 2.0 : An Overview for Developers Scott Cantor The Ohio State University / Internet2 Scott Cantor The Ohio.

Shibboleth 2.0 : An Overview for Developers Scott Cantor The Ohio State University / Internet2 Scott Cantor The Ohio.
Making Apache Hadoop Secure Devaraj Das Yahoo’s Hadoop Team.

Making Apache Hadoop Secure Devaraj Das Yahoo’s Hadoop Team.
Jens G Jensen CCLRC e-Science Single Sign-on to the Grid Federated Access and Integrated Identity Management.

Jens G Jensen CCLRC e-Science Single Sign-on to the Grid Federated Access and Integrated Identity Management.

Similar presentations

Ads by Google