uPortal Authentication Options: Design and Applicability

Download Report

Transcript uPortal Authentication Options: Design and Applicability

Introducing the
Central Authentication Service (CAS)
Shawn Bayern
Research programmer, ITS Technology & Planning
 Author, Web Development with JavaServer Pages
 JSTL implementation lead (JCP, Apache)

Current CAS users

Network registration tool (Netreg)
 Used by thousands of students, mostly during the first two
weeks of the academic year

AM&T applications
 software distribution
 Pantheon account tool
 internal support applications
 Workstation support services and machines

Undergraduate groups
 YaleStation
 Yale Herald

RIS file transfer services, MyOracle and others
Questions to answer

What does CAS do?

How does it work?

How can you use it?

What’s on the horizon?
Features and advantages

Web single sign-on


Convenience
Centralized authentication policy



Easier to maintain in enterprise
Gets users used to single site for logging in
Applications don’t handle sensitive
passwords
CAS in a nutshell
Browser
Web application
What CAS looks like

Users can be
asked to avoid
supplying
password except to
trusted site.



Expected URL
Known “look and
feel”
Authentic peer
certificate (if
anyone cares)
How CAS actually works
S
Web
application
T
CAS
NetID
S
S
T
Web
browser
C
How to use CAS in a web
application

Replaces Kauth and similar mechanisms


Applications need to do two things




Used as "gate" for application
Redirect
Request/response with HTTPS URL
Therefore, CAS works with most platforms.
T&P provides libraries for Java, JSP, & Perl

... and can assist with ASP, PHP, etc
Examples

JSP tag
Simply add the following to every
JSP page:
<cas:auth id=“netid” scope=“session” />

Java (e.g., Servlets)
public String validate(
String ticket, String service);
(Returns authenticated NetID)
CAS’s future

Broader adoption



CAS becomes standard ITS authentication
mechanism
Load testing
CAS 2.0


Portals and proxies
New, requested features:
• Prevents brute-force password guessing
• Lets applications avoid single sign-on
• Ensures redundancy and availability