Presentation is loading. Please wait.

Presentation is loading. Please wait.

Central Authentication Service

Published byAbigayle Walsh Modified over 5 years ago

Similar presentations

Presentation on theme: "Central Authentication Service"— Presentation transcript:

1 Central Authentication Service
TIP │Use color to tell story, arrange multiple graphics together, add icons on top of charts to create custom graphics. EDITABLE GRAPHIC AT END OF PRESENTATION

2 What is CAS? CAS is Enterprise level single sign on for the web
A trusted source A proxy authenticator

3 CAS in a nutshell Authenticates via password (once) Determines
validity of user’s claimed authentication Three players in CAS SSO. The end user at her web browser, the web application, and the CAS server (the scales in this picture). Authenticates without sending password Browser Web application

4 How CAS Works S T Web application CAS APKey S T Web browser C
(Play the animation a few times). The end user at the web browser visits the web application. She follows a link or the web application redirects to CAS. So the web application accesses the CAS login URL, presenting the service URL [S]. The user interacts with CAS until she convinces it of her identity (e.g., presents a session cookie or posts her username and password into a form). CAS establishes, if not yet established, a secure cookie [C] so that CAS can recognize the user on a subsequent request. CAS redirects the user to the web application service URL (S) with the service ticket [T] on the URL as the request parameter “ticket”. The web application presents the ticket [T] to CAS alongside the service identifier [S]. CAS responds with the [NetID] in the validation response. The application reads this NetID and does whatever it needs to do to establish an application session, service the request. T Web browser C

5 Making your application use CAS (compellingly)
CAS Service Clients Making your application use CAS (compellingly) Slides for the CAS clients portion of the JA-SIG / uPortal conference pre-conference seminar on CAS3, June 2005 in Baltimore. Whirlwind tool of the available CAS service clients. Explanation of the Renew and Gateway CAS server features. Andrew Petro, Yale ITS,

6 CAS How to use CAS Abstraction Layer Your Application
So, there’s this CAS server that we’re giving this pre-conference seminar about. Great. And there’s an end user behind a web browser on a computer somewhere. Also great. Your application lives behind an abstraction layer, typically one provided by a CAS client, code you use to get the user to CAS authenticate and from which you get the results of the authentication. These slides are about available clients that provide that abstraction layer and the CAS features that those clients can leverage to provide a compelling user experience.

7 CAS clients Java Servlet Filter Java Objects JSP tag library MOD_CAS
PAM_CAS ISAPI filter PL/SQL In addition to the previously mentioned Java CAS clients, Yale distributes a number of clients. The most featureful of these are the Java clients, including a Java Servlet Filter, low level CAS client Java objects, and a JSP tag library. Yale also distributes clients including an Apache module, a PAM module, an ISAPI filter, and a PL/SQL module.

8 DEMO However, if she hasn’t established an SSO session already, instead of providing the valuable guest user experience and generic portal information, we’ve sent her to a CAS login screen. If she doesn’t have a NetID, she can’t get through to the public information. Even if she does have a NetID, we’ve made logging in a requirement to see public information. No good.

Download ppt "Central Authentication Service"

Similar presentations

MFA for Business Banking – Security Code Multifactor Authentication: Quick Tip Sheets Note to Financial Institutions: We are providing these QT sheets.

MFA for Business Banking – Security Code Multifactor Authentication: Quick Tip Sheets Note to Financial Institutions: We are providing these QT sheets.
Open-source Single Sign-On with CAS (Central Authentication Service) Pascal Aubry, Vincent Mathieu & Julien Marchal Copyright © 2004 – ESUP-Portail consortium.

Open-source Single Sign-On with CAS (Central Authentication Service) Pascal Aubry, Vincent Mathieu & Julien Marchal Copyright © 2004 – ESUP-Portail consortium.
Enabling UCTrust Access for Your Application Introduction to The UC CSC Conference UC Santa Barbara, July 21-22, 2008.

Enabling UCTrust Access for Your Application Introduction to The UC CSC Conference UC Santa Barbara, July 21-22, 2008.
Cloud PIV Authentication and Authorization Demo PIV Card User Workstation Central Security Server In order to use Cloud Authentication and Authorization.

Cloud PIV Authentication and Authorization Demo PIV Card User Workstation Central Security Server In order to use Cloud Authentication and Authorization.
Central Authentication Service (CAS). What is CAS? JA-SIG Central Authentication Service is an enterprise level, open-source, single sign on solution.

Central Authentication Service (CAS). What is CAS? JA-SIG Central Authentication Service is an enterprise level, open-source, single sign on solution.
Central Authentication Service Roadmap JA-SIG Winter 2004.

Central Authentication Service Roadmap JA-SIG Winter 2004.
Cookies, Sessions. Server Side Includes You can insert the content of one file into another file before the server executes it, with the require() function.

Cookies, Sessions. Server Side Includes You can insert the content of one file into another file before the server executes it, with the require() function.
FI-WARE Testbed Access Control temporary solution.

FI-WARE Testbed Access Control temporary solution.
Architecture. Outline Example Decomposition Style Activity 1.

Architecture. Outline Example Decomposition Style Activity 1.
iRequestManager for MediMizer X3

iRequestManager for MediMizer X3
MyProxy: A Multi-Purpose Grid Authentication Service

MyProxy: A Multi-Purpose Grid Authentication Service
GGF15 Workshop MyProxy Integration with PubCookie Marty Humphrey*, Jim Jokl*, and Jim Basney** *Department of Computer Science, University of Virginia,

GGF15 Workshop MyProxy Integration with PubCookie Marty Humphrey*, Jim Jokl*, and Jim Basney** *Department of Computer Science, University of Virginia,
WEB2P security Java web application security Dr Jim Briggs.

WEB2P security Java web application security Dr Jim Briggs.
UPortal and the Yale Central Authentication Service Drew Mazurek ITS Technology & Planning Yale University JA-SIG Summer Conference ‘04 Denver, CO June.

UPortal and the Yale Central Authentication Service Drew Mazurek ITS Technology & Planning Yale University JA-SIG Summer Conference ‘04 Denver, CO June.
UPortal Authentication Options: Design and Application Shawn Bayern Research programmer, Yale University Author, Web Development with JavaServer Pages.

UPortal Authentication Options: Design and Application Shawn Bayern Research programmer, Yale University Author, Web Development with JavaServer Pages.
UPortal Security and CAS Susan Bramhall ITS Technology & Planning Yale University.

UPortal Security and CAS Susan Bramhall ITS Technology & Planning Yale University.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.

ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
CUWebAuth Technical Presentation Pete Bosanko Identity Management Team.

CUWebAuth Technical Presentation Pete Bosanko Identity Management Team.
JA-SIG CAS Enterprise Single Sign-On Scott Battaglia Application Developer Enterprise Systems & Services Rutgers, the State University of New Jersey Copyright.

JA-SIG CAS Enterprise Single Sign-On Scott Battaglia Application Developer Enterprise Systems & Services Rutgers, the State University of New Jersey Copyright.

Similar presentations

Ads by Google