Introducing JA-SIG Central Authentication Service 3.0 Scott Battaglia Rutgers, the State University of New Jersey.

Slides:

Advertisements

Similar presentations

Central Authentication Service Roadmap JA-SIG Winter 2004.

Advertisements

Testing Web Applications. Applications Architecture Client Server Architecture.

Apache Struts Technology

Test Case Management and Results Tracking System October 2008 D E L I V E R I N G Q U A L I T Y (Short Version)

Extending ForeFront beyond the limit TMGUAG ISAIAG AG Security Suite.

Spring, Hibernate and Web Services 13 th September 2014.

Lecture 23 Internet Authentication Applications

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

ECHO: NASA’s E os C learing HO use Integrating Access to Data Services Michael Burnett Blueprint Technologies, 7799 Leesburg.

Component Patterns – Architecture and Applications with EJB copyright © 2001, MATHEMA AG Component Patterns Architecture and Applications with EJB JavaForum.

 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.

Developing the NSDL User Portal Dean Krafft, Cornell University

JA-SIG CAS Enterprise Single Sign-On Scott Battaglia Application Developer Enterprise Systems & Services Rutgers, the State University of New Jersey Copyright.

Session-01. Layers Struts 2 Framework The struts 2 framework is used to develop MVC-based web application. Struts 1.0 was released in June The.

Secure Systems Research Group - FAU Web Services Standards Presented by Keiko Hashizume.

Professional Informatics & Quality Assurance Software Lifecycle Manager „Tools that are more a help than a hindrance”

UNIT-V The MVC architecture and Struts Framework.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

UPortal 3 – What's New? JA-SIG Conference, Spring 2008 uPortal What's New? Eric Dalquist University of Wisconsin - Madison.

Pittsburgh Java User Group– Dec Java PureFaces: A JSF Framework Extension.

Architecture Of ASP.NET. What is ASP?  Server-side scripting technology.  Files containing HTML and scripting code.  Access via HTTP requests.  Scripting.

Lecture 23 Internet Authentication Applications modified from slides of Lawrie Brown.

Kuali Enterprise Notification Aaron Godert (Sr. Software Architect, Cornell University) John Fereira (Programmer/Analyst, Cornell University)

® IBM Software Group © 2007 IBM Corporation J2EE Web Component Introduction

Extending Forefront beyond the limit TMG UAG ISA IAG Security Suite

SAMANVITHA RAMAYANAM 18 TH FEBRUARY 2010 CPE 691 LAYERED APPLICATION.

SOFTWARE DESIGN AND ARCHITECTURE LECTURE 09. Review Introduction to architectural styles Distributed architectures – Client Server Architecture – Multi-tier.

JSF Introduction Copyright © Liferay, Inc. All Rights Reserved. No material may be reproduced electronically or in print without written permission.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 22 – Internet Authentication.

CHEF II / Sakai Architecture. CHEF II Changes uPortal replaces Jetspeed –jsr 168 portlet, servlet compliant Spring replaces Turbine component framework.

© Blackboard, Inc. All rights reserved. Blackboard Learning System™ Vista Enterprise License The PowerLinks™ Kit Scott Stanley Washington DC 2006.

New uPortal Contributions from the University of Wisconsin-Madison Jim Helwig University of Wisconsin-Madison Eric Dalquist Unicon, Inc. JA-SIG December.

Design & Development Scott Battaglia Rutgers, the State University of New Jersey.

Using Spring Security and CAS JA-SIG Summer Conference Denver, CO June 24 – 27, 2007.

1 Schema Registries Steven Hughes, Lou Reich, Dan Crichton NASA 21 October 2015.

CAS Lightning Talk Jasig-Sakai 2012 Tuesday June 12th 2012 Atlanta, GA Andrew Petro - Unicon, Inc.

A Community of Learning SUNGARD SUMMIT 2007 | sungardsummit.com 1 Extending SSO – CAS in Luminis Presented by: Zachary Tirrell Plymouth State University.

1 Geospatial and Business Intelligence Jean-Sébastien Turcotte Executive VP San Francisco - April 2007 Streamlining web mapping applications.

“Confidential –Internal Halliburton Use Only. © 2004 Halliburton. All Rights Reserved.” Portal Brief OracleAS Portal A component of Oracle Application.

NA-MIC National Alliance for Medical Image Computing UCSD: Engineering Core 2 Portal and Grid Infrastructure.

.  A multi layer architecture powered by Spring Framework, ExtJS, Spring Security and Hibernate.  Taken advantage of Spring’s multi layer injection.

CAS Scott Battaglia Rutgers, the State University of New Jersey.

Extending ISA/IAG beyond the limit. AGAT Security suite - introduction AGAT Security suite is a set of unique components that allow extending ISA / IAG.

Struts 2 introduction. Struts 2 framework Struts 2 A full-featured web application framework for the Java EE platform The Java Servlet API exposes the.

© 2006, The Trustees of Cornell University © 2006, The Trustees of Indiana University Kuali Nervous System Aaron Godert, Kuali Development Manager Brian.

TIDEN Node Management Texas Integrated Data Exchange Node Partnered with.

Claims-Based Identity Solution Architect Briefing zoli.herczeg.ro Taken from David Chappel’s work at TechEd Berlin 2009.

Java EE Patterns Dan Bugariu.  What is Java EE ?  What is a Pattern ?

Katari Globant 2008 (update to 2010). Katari  Katari is a framework to use as a starting point to develop new web applications.  Incorporates architecture,

UPortal 3 RC2 PreviewJA-SIG Conference, Summer 2007 uPortal RC2 Preview Moving on Up Reviewing current work and future plans Standardizing the framework.

System/SDWG Update Management Council Face-to-Face Flagstaff, AZ August 22-23, 2011 Sean Hardman.

Component Patterns – Architecture and Applications with EJB copyright © 2001, MATHEMA AG Component Patterns Architecture and Applications with EJB Markus.

Portals, Services, Interfaces Marlon Pierce Indiana University March 15, 2002.

Jasig CAS Roadmap Scott Battaglia Rutgers, the State University of New Jersey.

CAS 3 Introduction and Overview. CAS2 is simple to understand 6 servlets and fewer than 10 JSPs 6 servlets and fewer than 10 JSPs auth package – where.

Mach-II Primer Ben Edwards An Introduction to Mach-II: An event-based, implicit invocation web-application framework.

Shibboleth 1.2 Technical Overview “So you thought 1.1 was complicated…” Scott Cantor The Ohio State University and Internet2 Scott Cantor.

Unlocking the Secrets of Alfresco Authentication Mehdi BELMEKKI, Consultancy Team Alfresco.

Enterprise Library 3.0 Memi Lavi Solution Architect Microsoft Consulting Services Guy Burstein Senior Consultant Advantech – Microsoft Division.

ArcGIS for Server Security: Advanced

Access Policy - Federation March 23, 2016

Secure Single Sign-On Across Security Domains

Identity and Access Management Challenges in uPortal

Overall Architecture and Component Model

What’s changed in the Shibboleth 1.2 Origin

JavaServer Faces: The Fundamentals

SAMANVITHA RAMAYANAM 18TH FEBRUARY 2010 CPE 691

K!M SAA LOGICAL SECURITY Strong Adaptive Authentication

Leveraging ColdSpring To Make Better Applications

Presentation transcript:

Introducing JA-SIG Central Authentication Service 3.0 Scott Battaglia Rutgers, the State University of New Jersey

Outline What is CAS? History of CAS  CAS 1.x  CAS 2.x Introducing CAS 3  Development Process/Developers  Design Goals  Why build CAS 3? Advanced CAS 3 Usage  Clustering/Load Balancing  Accepting Multiple Credential Types  SAML Support The Future Helping with CAS Development

What is CAS? CAS is…  Single sign on for the web  A trusted intermediary  A proxy authenticator to back-end services

History of CAS CAS 1.x CAS 2.x

History of CAS: CAS 1.x Original version released by Yale University Offered single sign on for the web Consisted of servlets and JSP pages

History of CAS: CAS 2 Also developed at Yale University Introduced concept of proxy authentication to CAS Simple: 6 servlets and fewer than 10 JSPs Extremely popular Large User Community

Introducing CAS 3.0

CAS 3.0: Why Build CAS 3? CAS 2.0 was an excellent project CAS 2.0 was easy to use CAS 2.0 was not easy to extend or augment with local requirements CAS 3.0 attempts to solve the last problem!

CAS 3.0: Why Build CAS 3? Making changes to CAS 2.0 generally requires forking the code base Adding new features may require a lot of copying and pasting which may get out of sync with core code base.

CAS 3.0: Why Build CAS 3? CAS 3 offers…  CAS 2 compliance out of the box  Unit/Integration Tests and Compliance Tests  Proper domain model  Revamped architecture  Support for well-known modifications

CAS 3.0: Design Goals First and foremost CAS3 will be Flexible, Extensible and Elegant. CAS3 will maintain backward compatibility with CAS 2.0 and CAS 1.0 protocols while providing extension points for well-known modifications and new features such as support for Web Services, SAML and Shibboleth. CAS Clients written for older versions of CAS will work with CAS3 without modification.

CAS 3.0: Development Process Started as a Yale/Rutgers collaboration Became JA-SIG Project in December 2004 JA-SIG project makes it open-source Available in public JA-SIG CVS, nightly builds on Clearinghouse machines, etc.

CAS 3.0: Development Team Yale University  Susan Bramhall  Howard Gilbert  Drew Mazurek  Andy Newman  Andrew Petro Rutgers, the State University of New Jersey  Scott Battaglia  Dmitriy Kopylenko  Bill Thompson

CAS 2 Compliance In terms of protocol, drop in replacement for CAS 2.0 Requires no modifications to client applications Includes adaptor to allow plugging in CAS 2 PasswordHandler into CAS 3 architecture

Unit/Integration/Compliance Tests Unit and Integration Tests coverage of major components  Utilizes JUnit, Clover  According to Clover, 99.5% test coverage  Allows us to refactor with confidence! Compliance Tests  Run against live server  Test compliance to CAS 2 specification  Currently 48 tests

Proper Domain Model Major Breakthrough: Only Two Types of Tickets  Ticket Granting Ticket  Service Tickets Domain logic belongs with Domain Objects  Example: A ticket can determine if its expired  Simplifies implementations of supporting pieces

Revamped Architecture Built on popular open-source frameworks  Spring Framework  Quartz  xFire  Jakarta Commons  Log4j  Maven Design Philosophy: don’t reinvent the wheel

Revamped Architecture Loose coupling of components  Via Dependency Injection  Declarative configuration via XML files Coding to interfaces  Swap implementations to suite needs  Implementations adhere to contract  Example: TicketRegistry

Revamped Architecture Uses Design Patterns  Patterns allow for a common understanding  Example: Template Design Pattern Layered Architecture  Separation of UI concerns from business concerns  Allows for better re-use of code  Example: Web Tier vs. Web Service

Revamped Architecture Use of AOP to separate cross-cutting concerns for business logic  Allows for major additions to functionality without modifying core code  Example: auditing Use of Spring Workflow allows for declarative reconfiguration of Login process

Support for Well-Known Modifications Gathered list from current and future (potential) CAS deployers CAS 3 includes extensions points for well- known modifications CAS 3 (via Spring) supports using AOP to introduce modifications

Support for Well-Known Modifications Audit Trail Modification (identified by CalPoly) Services Whitelist (identified by Columbia and University of Delaware) Additional Principal (and Authentication) Attributes (Rutgers, others) Ticket Statistics (Yale)

Support for Well-Known Modifications Audit Trail Modification  CAS supports publishing of events  EventListener listens for events  Deployers can code and register “EventHandlers” that allow them to log particular events

Support for Well-Known Modifications Attributes  CAS supports plugging in PrincipalResolvers and MetaDataPopulators  Allow to attach attributes to principals (i.e. hair color or employee type)  Attach attributes to Authentication (i.e. safeword authentication)  Can customize view to pass back attributes.

Support for Well-Known Modifications Ticket Statistics  Exposed via JMX  Tell how many of each ticket type were vended  Tell how many tickets of each type were vended per second

Advanced CAS 3 Usage

Clustering/Load Balancing CAS All CAS Domain objects are serializable Tickets are only stored in TicketRegistry TicketRegistry is interface Implement JGroups TicketRegistry (David Stacey)

Accepting Multiple Credential Types Web Login defined by workflow Dartmouth identified need to have augmented login workflow Need to check for Client Certificate before displaying login form

SAML Support Standard XML-based framework Used to create and exchange info amongst online partners CAS can offer alternatives to the CAS 2 Protocol views One alternative is a SAML response

The Future of CAS

Advanced SAML Support  Support for both SAML request and responses Shibboleth Support  Requires advanced SAML support  Allow CAS to speak to Shibboleth Who knows what else…  current architecture allows for many possibilities

The Future of CAS Already working on a (and beyond)  XMLBeans view  More robust registry cleaners  Increased compatibility testing  Support for Single Sign out (requires new clients)

Helping with CAS 3.0 Development What can YOU do to help?  Look at what CAS 3 has to offer  Use CAS 3  Report bugs/feature requests/etc to the development list  Give your extensions back to the community  Share your experiences using CAS with the community  Join the CAS mailing list

Questions or comments?