Presentation is loading. Please wait.

Presentation is loading. Please wait.

Central Authentication Service (CAS). What is CAS? JA-SIG Central Authentication Service is an enterprise level, open-source, single sign on solution.

Published byAlexia Service Modified over 9 years ago

Similar presentations

Presentation on theme: "Central Authentication Service (CAS). What is CAS? JA-SIG Central Authentication Service is an enterprise level, open-source, single sign on solution."— Presentation transcript:

1 Central Authentication Service (CAS)

2 What is CAS? JA-SIG Central Authentication Service is an enterprise level, open-source, single sign on solution with a Java server component and various client libraries written in a multitude of languages including PHP, PL/SQL, Java, and more. CAS is a http based protocol that requires each of its components to be accessed through different URIs.

3 What is Single Sign On? Single sign on is a session/user authentication process that allows a user to provide his or her credentials once in order to access multiple applications. The single sign on authenticates the user to access all the applications he or she has been authorized to access.

4 List of URIs to access CAS. /login Parameters: service, renew, gateway, warn /logout Parameters: url /validate Parameters: service, ticket, renew /serviceValidate Parameters: service, ticket, pgtUrl, renew /proxy Parameters: pgt, targetService /proxyValidate Parameters: service, ticket, pgtUrl, renew

5 Tickets generated by CAS Ticket-granting Ticket Service Ticket Proxy Ticket Proxy-granting Ticket Proxy-granting Ticket IOU Login Ticket

6 Ticket-granting Ticket Ticket granting ticket will be generated when the /login url is passed to CAS server and the credentials provided are successfully authenticated. A TGT is the main access into the CAS service layer. TGT is an opaque string that contains secure random data and must begin with TGT-. TGT will be added to an HTTP cookie upon the establishment of single sign-on and will be checked further when different applications are accessed

7 Service Ticket The service ticket (ST) will be generated when the CAS url contains service parameter and the credentials passed are successfully authenticated. Service ticket is an opaque string that is used by client as a credential to obtain access to a service. Service ticket must begin with ST-

8 Proxy Ticket In CAS, proxy is a service that wants to access other services on behalf of a particular user. Proxy tickets (PT) are generated from CAS upon a services presentation of a valid Proxy granting Ticket (PGT), and a service identifier for the back-end service to which it is connecting. PT are only valid for the service identifier specified to /proxy url when they were generated. Proxy tickets should begin with the characters, PT-.

9 Proxy-granting Ticket Proxy-granting tickets are obtained from CAS upon validation of a service ticket or a proxy ticket. If a service wishes to proxy a client's authentication to a back-end service, it must acquire a proxy-granting ticket. Acquisition of this ticket is handled through a proxy callback URL. This URL will uniquely and securely identify the back-end service that is proxying the client's authentication. The back-end service can then decide whether or not to accept the credentials based on the back-end service's identifying callback URL.

10 Proxy-granting Ticket IOU A proxy-granting ticket IOU is an opaque string that is placed in the response provided by /serviceValidate or /proxyValidate used to correlate a service ticket or proxy ticket validation with a particular proxy-granting ticket. Proxy-granting ticket IOUs SHOULD begin with the characters, "PGTIOU-".

11 Login Ticket A login ticket is a string that is generated by /login as a credential requestor and passed to /login as a credential acceptor for username/password authentication. Its purpose is to prevent the replaying of credentials due to bugs in web browsers. Login tickets SHOULD begin with the characters, "LT-".

12 CAS Architecture

13 URIs to access admin features /services/manage.html /services/add.html /services/edit.html /services/logout.html /services/deleteRegisteredService.html

14 Conventions used in next slides. TGT – Ticket Granting Ticket ST – Service ticket PGT – Proxy granting ticket PGTIOU – Proxy granting ticket IOU (I Owe U) Action boxes colored in red – The action mentioned in these boxes will happen at CAS client and has to be coded by developer in the filter/servlet/jsp. Action box colored in sea blue – this action is explained in detail in another slide. Rectangular box with URI mentioned before InitialState – The URI that need to be called for the actions in the activity diagram to happen

15

16

17

18

Download ppt "Central Authentication Service (CAS). What is CAS? JA-SIG Central Authentication Service is an enterprise level, open-source, single sign on solution."

Similar presentations

Open-source Single Sign-On with CAS (Central Authentication Service)

Open-source Single Sign-On with CAS (Central Authentication Service)
Open-source Single Sign-On with CAS (Central Authentication Service) Pascal Aubry, Vincent Mathieu & Julien Marchal Copyright © 2004 – ESUP-Portail consortium.

Open-source Single Sign-On with CAS (Central Authentication Service) Pascal Aubry, Vincent Mathieu & Julien Marchal Copyright © 2004 – ESUP-Portail consortium.
Enabling Secure Internet Access with ISA Server

Enabling Secure Internet Access with ISA Server
Central Authentication Service Roadmap JA-SIG Winter 2004.

Central Authentication Service Roadmap JA-SIG Winter 2004.
Security Protocols Sathish Vadhiyar Sources / Credits: Kerberos web pages and documents contained / pointed.

Security Protocols Sathish Vadhiyar Sources / Credits: Kerberos web pages and documents contained / pointed.
Windows 2000 Security --Kerberos COSC513 Project Sihua Xu June 13, 2014.

Windows 2000 Security --Kerberos COSC513 Project Sihua Xu June 13, 2014.
CAS-NG A small enhancement to CAS 3 to provide new services.

CAS-NG A small enhancement to CAS 3 to provide new services.
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
UAG Authentication and Authorization- part1

UAG Authentication and Authorization- part1
Forms Authentication, Users, Roles, Membership Ventsislav Popov Crossroad Ltd.

Forms Authentication, Users, Roles, Membership Ventsislav Popov Crossroad Ltd.
MyProxy: A Multi-Purpose Grid Authentication Service

MyProxy: A Multi-Purpose Grid Authentication Service
Grid Security. Typical Grid Scenario Users Resources.

Grid Security. Typical Grid Scenario Users Resources.
Online Security Tuesday April 8, 2003 Maxence Crossley.

Online Security Tuesday April 8, 2003 Maxence Crossley.
UPortal and the Yale Central Authentication Service Drew Mazurek ITS Technology & Planning Yale University JA-SIG Summer Conference ‘04 Denver, CO June.

UPortal and the Yale Central Authentication Service Drew Mazurek ITS Technology & Planning Yale University JA-SIG Summer Conference ‘04 Denver, CO June.
UPortal Security and CAS Susan Bramhall ITS Technology & Planning Yale University.

UPortal Security and CAS Susan Bramhall ITS Technology & Planning Yale University.
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
SE-2840 Dr. Mark L. Hornick1 Java Servlet-based web apps Servlet Architecture.

SE-2840 Dr. Mark L. Hornick1 Java Servlet-based web apps Servlet Architecture.
Cookies COEN 351 E-commerce Security. Client / Session Identification HTTP does not maintain state. State Information can be passed using: HTTP Headers.

Cookies COEN 351 E-commerce Security. Client / Session Identification HTTP does not maintain state. State Information can be passed using: HTTP Headers.
Making Apache Hadoop Secure Devaraj Das Yahoo’s Hadoop Team.

Making Apache Hadoop Secure Devaraj Das Yahoo’s Hadoop Team.

Similar presentations

Ads by Google