Presentation is loading. Please wait.

Presentation is loading. Please wait.

Central Authentication Service

Similar presentations


Presentation on theme: "Central Authentication Service"— Presentation transcript:

1 Central Authentication Service
TIP │Use color to tell story, arrange multiple graphics together, add icons on top of charts to create custom graphics. EDITABLE GRAPHIC AT END OF PRESENTATION

2 What is CAS? CAS is Enterprise level single sign on for the web
A trusted source A proxy authenticator

3 CAS in a nutshell Authenticates via password (once) Determines
validity of user’s claimed authentication Three players in CAS SSO. The end user at her web browser, the web application, and the CAS server (the scales in this picture). Authenticates without sending password Browser Web application

4 How CAS Works S T Web application CAS APKey S T Web browser C
(Play the animation a few times). The end user at the web browser visits the web application. She follows a link or the web application redirects to CAS. So the web application accesses the CAS login URL, presenting the service URL [S]. The user interacts with CAS until she convinces it of her identity (e.g., presents a session cookie or posts her username and password into a form). CAS establishes, if not yet established, a secure cookie [C] so that CAS can recognize the user on a subsequent request. CAS redirects the user to the web application service URL (S) with the service ticket [T] on the URL as the request parameter “ticket”. The web application presents the ticket [T] to CAS alongside the service identifier [S]. CAS responds with the [NetID] in the validation response. The application reads this NetID and does whatever it needs to do to establish an application session, service the request. T Web browser C

5 Making your application use CAS (compellingly)
CAS Service Clients Making your application use CAS (compellingly) Slides for the CAS clients portion of the JA-SIG / uPortal conference pre-conference seminar on CAS3, June 2005 in Baltimore. Whirlwind tool of the available CAS service clients. Explanation of the Renew and Gateway CAS server features. Andrew Petro, Yale ITS,

6 CAS How to use CAS Abstraction Layer Your Application
So, there’s this CAS server that we’re giving this pre-conference seminar about. Great. And there’s an end user behind a web browser on a computer somewhere. Also great. Your application lives behind an abstraction layer, typically one provided by a CAS client, code you use to get the user to CAS authenticate and from which you get the results of the authentication. These slides are about available clients that provide that abstraction layer and the CAS features that those clients can leverage to provide a compelling user experience.

7 CAS clients Java Servlet Filter Java Objects JSP tag library MOD_CAS
PAM_CAS ISAPI filter PL/SQL In addition to the previously mentioned Java CAS clients, Yale distributes a number of clients. The most featureful of these are the Java clients, including a Java Servlet Filter, low level CAS client Java objects, and a JSP tag library. Yale also distributes clients including an Apache module, a PAM module, an ISAPI filter, and a PL/SQL module.

8 DEMO However, if she hasn’t established an SSO session already, instead of providing the valuable guest user experience and generic portal information, we’ve sent her to a CAS login screen. If she doesn’t have a NetID, she can’t get through to the public information. Even if she does have a NetID, we’ve made logging in a requirement to see public information. No good.


Download ppt "Central Authentication Service"

Similar presentations


Ads by Google