uPortal Authentication Options: Design and Applicability
Download
Report
Transcript uPortal Authentication Options: Design and Applicability
Introducing the
Central Authentication Service (CAS)
Shawn Bayern
Research programmer, ITS Technology & Planning
Author, Web Development with JavaServer Pages
JSTL implementation lead (JCP, Apache)
Current CAS users
Network registration tool (Netreg)
Used by thousands of students, mostly during the first two
weeks of the academic year
AM&T applications
software distribution
Pantheon account tool
internal support applications
Workstation support services and machines
Undergraduate groups
YaleStation
Yale Herald
RIS file transfer services, MyOracle and others
Questions to answer
What does CAS do?
How does it work?
How can you use it?
What’s on the horizon?
Features and advantages
Web single sign-on
Convenience
Centralized authentication policy
Easier to maintain in enterprise
Gets users used to single site for logging in
Applications don’t handle sensitive
passwords
CAS in a nutshell
Browser
Web application
What CAS looks like
Users can be
asked to avoid
supplying
password except to
trusted site.
Expected URL
Known “look and
feel”
Authentic peer
certificate (if
anyone cares)
How CAS actually works
S
Web
application
T
CAS
NetID
S
S
T
Web
browser
C
How to use CAS in a web
application
Replaces Kauth and similar mechanisms
Applications need to do two things
Used as "gate" for application
Redirect
Request/response with HTTPS URL
Therefore, CAS works with most platforms.
T&P provides libraries for Java, JSP, & Perl
... and can assist with ASP, PHP, etc
Examples
JSP tag
Simply add the following to every
JSP page:
<cas:auth id=“netid” scope=“session” />
Java (e.g., Servlets)
public String validate(
String ticket, String service);
(Returns authenticated NetID)
CAS’s future
Broader adoption
CAS becomes standard ITS authentication
mechanism
Load testing
CAS 2.0
Portals and proxies
New, requested features:
• Prevents brute-force password guessing
• Lets applications avoid single sign-on
• Ensures redundancy and availability