introducing ja sig central authentication service 3 0 l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Introducing JA-SIG Central Authentication Service 3.0 PowerPoint Presentation
Download Presentation
Introducing JA-SIG Central Authentication Service 3.0

Loading in 2 Seconds...

play fullscreen
1 / 34

Introducing JA-SIG Central Authentication Service 3.0 - PowerPoint PPT Presentation


  • 316 Views
  • Uploaded on

Introducing JA-SIG Central Authentication Service 3.0. Scott Battaglia scott_battaglia@rutgers.edu Rutgers, the State University of New Jersey. Outline. What is CAS? History of CAS CAS 1.x CAS 2.x Introducing CAS 3 Development Process/Developers Design Goals Why build CAS 3?

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Introducing JA-SIG Central Authentication Service 3.0' - Mercy


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
introducing ja sig central authentication service 3 0

Introducing JA-SIG Central Authentication Service 3.0

Scott Battaglia

scott_battaglia@rutgers.edu

Rutgers, the State University of New Jersey

outline
Outline
  • What is CAS?
  • History of CAS
    • CAS 1.x
    • CAS 2.x
  • Introducing CAS 3
    • Development Process/Developers
    • Design Goals
    • Why build CAS 3?
  • Advanced CAS 3 Usage
    • Clustering/Load Balancing
    • Accepting Multiple Credential Types
    • SAML Support
  • The Future
  • Helping with CAS Development
what is cas
What is CAS?
  • CAS is…
    • Single sign on for the web
    • A trusted intermediary
    • A proxy authenticator to back-end services
history of cas

History of CAS

CAS 1.x

CAS 2.x

history of cas cas 1 x
History of CAS: CAS 1.x
  • Original version released by Yale University
  • Offered single sign on for the web
  • Consisted of servlets and JSP pages
history of cas cas 2
History of CAS: CAS 2
  • Also developed at Yale University
  • Introduced concept of proxy authentication to CAS
  • Simple: 6 servlets and fewer than 10 JSPs
  • Extremely popular
  • Large User Community
cas 3 0 why build cas 3
CAS 3.0: Why Build CAS 3?
  • CAS 2.0 was an excellent project
  • CAS 2.0 was easy to use
  • CAS 2.0 was not easy to extend or augment with local requirements
  • CAS 3.0 attempts to solve the last problem!
cas 3 0 why build cas 39
CAS 3.0: Why Build CAS 3?
  • Making changes to CAS 2.0 generally requires forking the code base
  • Adding new features may require a lot of copying and pasting which may get out of sync with core code base.
cas 3 0 why build cas 310
CAS 3.0: Why Build CAS 3?
  • CAS 3 offers…
    • CAS 2 compliance out of the box
    • Unit/Integration Tests and Compliance Tests
    • Proper domain model
    • Revamped architecture
    • Support for well-known modifications
cas 3 0 design goals
CAS 3.0: Design Goals
  • First and foremost CAS3 will be Flexible, Extensible and Elegant.
  • CAS3 will maintain backward compatibility with CAS 2.0 and CAS 1.0 protocols while providing extension points for well-known modifications and new features such as support for Web Services, SAML and Shibboleth.
  • CAS Clients written for older versions of CAS will work with CAS3 without modification.
cas 3 0 development process
CAS 3.0: Development Process
  • Started as a Yale/Rutgers collaboration
  • Became JA-SIG Project in December 2004
  • JA-SIG project makes it open-source
  • Available in public JA-SIG CVS, nightly builds on Clearinghouse machines, etc.
cas 3 0 development team
CAS 3.0: Development Team
  • Yale University
    • Susan Bramhall
    • Howard Gilbert
    • Drew Mazurek
    • Andy Newman
    • Andrew Petro
  • Rutgers, the State University of New Jersey
    • Scott Battaglia
    • Dmitriy Kopylenko
    • Bill Thompson
cas 2 compliance
CAS 2 Compliance
  • In terms of protocol, drop in replacement for CAS 2.0
  • Requires no modifications to client applications
  • Includes adaptor to allow plugging in CAS 2 PasswordHandler into CAS 3 architecture
unit integration compliance tests
Unit/Integration/Compliance Tests
  • Unit and Integration Tests coverage of major components
    • Utilizes JUnit, Clover
    • According to Clover, 99.5% test coverage
    • Allows us to refactor with confidence!
  • Compliance Tests
    • Run against live server
    • Test compliance to CAS 2 specification
    • Currently 48 tests
proper domain model
Proper Domain Model
  • Major Breakthrough: Only Two Types of Tickets
    • Ticket Granting Ticket
    • Service Tickets
  • Domain logic belongs with Domain Objects
    • Example: A ticket can determine if its expired
    • Simplifies implementations of supporting pieces
revamped architecture
Revamped Architecture
  • Built on popular open-source frameworks
    • Spring Framework
    • Quartz
    • xFire
    • Jakarta Commons
    • Log4j
    • Maven
  • Design Philosophy: don’t reinvent the wheel
revamped architecture18
Revamped Architecture
  • Loose coupling of components
    • Via Dependency Injection
    • Declarative configuration via XML files
  • Coding to interfaces
    • Swap implementations to suite needs
    • Implementations adhere to contract
    • Example: TicketRegistry
revamped architecture19
Revamped Architecture
  • Uses Design Patterns
    • Patterns allow for a common understanding
    • Example: Template Design Pattern
  • Layered Architecture
    • Separation of UI concerns from business concerns
    • Allows for better re-use of code
    • Example: Web Tier vs. Web Service
revamped architecture20
Revamped Architecture
  • Use of AOP to separate cross-cutting concerns for business logic
    • Allows for major additions to functionality without modifying core code
    • Example: auditing
  • Use of Spring Workflow allows for declarative reconfiguration of Login process
support for well known modifications
Support for Well-Known Modifications
  • Gathered list from current and future (potential) CAS deployers
  • CAS 3 includes extensions points for well-known modifications
  • CAS 3 (via Spring) supports using AOP to introduce modifications
support for well known modifications22
Support for Well-Known Modifications
  • Audit Trail Modification (identified by CalPoly)
  • Services Whitelist (identified by Columbia and University of Delaware)
  • Additional Principal (and Authentication) Attributes (Rutgers, others)
  • Ticket Statistics (Yale)
support for well known modifications23
Support for Well-Known Modifications
  • Audit Trail Modification
    • CAS supports publishing of events
    • EventListener listens for events
    • Deployers can code and register “EventHandlers” that allow them to log particular events
support for well known modifications24
Support for Well-Known Modifications
  • Attributes
    • CAS supports plugging in PrincipalResolvers and MetaDataPopulators
    • Allow to attach attributes to principals (i.e. hair color or employee type)
    • Attach attributes to Authentication (i.e. safeword authentication)
    • Can customize view to pass back attributes.
support for well known modifications25
Support for Well-Known Modifications
  • Ticket Statistics
    • Exposed via JMX
    • Tell how many of each ticket type were vended
    • Tell how many tickets of each type were vended per second
clustering load balancing cas
Clustering/Load Balancing CAS
  • All CAS Domain objects are serializable
  • Tickets are only stored in TicketRegistry
  • TicketRegistry is interface
  • Implement JGroups TicketRegistry (David Stacey)
accepting multiple credential types
Accepting Multiple Credential Types
  • Web Login defined by workflow
  • Dartmouth identified need to have augmented login workflow
  • Need to check for Client Certificate before displaying login form
saml support
SAML Support
  • Standard XML-based framework
  • Used to create and exchange info amongst online partners
  • CAS can offer alternatives to the CAS 2 Protocol views
  • One alternative is a SAML response
the future of cas31
The Future of CAS
  • Advanced SAML Support
    • Support for both SAML request and responses
  • Shibboleth Support
    • Requires advanced SAML support
    • Allow CAS to speak to Shibboleth
  • Who knows what else…
    • current architecture allows for many possibilities
the future of cas32
The Future of CAS
  • Already working on a 3.0.1 (and beyond)
    • XMLBeans view
    • More robust registry cleaners
    • Increased compatibility testing
    • Support for Single Sign out (requires new clients)
helping with cas 3 0 development
Helping with CAS 3.0 Development
  • What can YOU do to help?
    • Look at what CAS 3 has to offer
    • Use CAS 3
    • Report bugs/feature requests/etc to the development list
    • Give your extensions back to the community
    • Share your experiences using CAS with the community
    • Join the CAS mailing list