cas update jasig 2011 marvin addison susan bramhall andrew petro bill thompson
TRANSCRIPT
![Page 1: CAS Update Jasig 2011 Marvin Addison Susan Bramhall Andrew Petro Bill Thompson](https://reader035.vdocument.in/reader035/viewer/2022062222/56649ef35503460f94c0626e/html5/thumbnails/1.jpg)
CAS UpdateJasig 2011
Marvin AddisonSusan BramhallAndrew PetroBill Thompson
![Page 2: CAS Update Jasig 2011 Marvin Addison Susan Bramhall Andrew Petro Bill Thompson](https://reader035.vdocument.in/reader035/viewer/2022062222/56649ef35503460f94c0626e/html5/thumbnails/2.jpg)
CAS Server 3
![Page 3: CAS Update Jasig 2011 Marvin Addison Susan Bramhall Andrew Petro Bill Thompson](https://reader035.vdocument.in/reader035/viewer/2022062222/56649ef35503460f94c0626e/html5/thumbnails/3.jpg)
3.4 maintenance branch
3.4.8 tagged, but 3.4.7 latest marketed GA release
Bugfix releases LoginTicket restored to protocol compliance
![Page 4: CAS Update Jasig 2011 Marvin Addison Susan Bramhall Andrew Petro Bill Thompson](https://reader035.vdocument.in/reader035/viewer/2022062222/56649ef35503460f94c0626e/html5/thumbnails/4.jpg)
Improve Services Management UI?
![Page 5: CAS Update Jasig 2011 Marvin Addison Susan Bramhall Andrew Petro Bill Thompson](https://reader035.vdocument.in/reader035/viewer/2022062222/56649ef35503460f94c0626e/html5/thumbnails/5.jpg)
CAS 4Goals, Design, and Features
Marvin AddisonMiddleware Services
Virginia TechMay 24, 2011
![Page 6: CAS Update Jasig 2011 Marvin Addison Susan Bramhall Andrew Petro Bill Thompson](https://reader035.vdocument.in/reader035/viewer/2022062222/56649ef35503460f94c0626e/html5/thumbnails/6.jpg)
2011-05-24 CAS 4 Goals, Design, and Features 6
Goals
Multiprotocol support by design CAS protocols SAML 1.1 and SAML 2 OpenID
Support important/emerging use cases User messaging (e.g. password expiration) Multi-factor authentication Federation
Add extension points with richer APIs
![Page 7: CAS Update Jasig 2011 Marvin Addison Susan Bramhall Andrew Petro Bill Thompson](https://reader035.vdocument.in/reader035/viewer/2022062222/56649ef35503460f94c0626e/html5/thumbnails/7.jpg)
2011-05-24 CAS 4 Goals, Design, and Features 7
Change Hurts
![Page 8: CAS Update Jasig 2011 Marvin Addison Susan Bramhall Andrew Petro Bill Thompson](https://reader035.vdocument.in/reader035/viewer/2022062222/56649ef35503460f94c0626e/html5/thumbnails/8.jpg)
2011-05-24 CAS 4 Goals, Design, and Features 8
Component Name Changes
CAS 3 CAS 4
TicketGrantingTicket Session
(implied) Access
ServiceTicket TokenServiceAccessRequest
TicketRegistry SessionStorage
![Page 9: CAS Update Jasig 2011 Marvin Addison Susan Bramhall Andrew Petro Bill Thompson](https://reader035.vdocument.in/reader035/viewer/2022062222/56649ef35503460f94c0626e/html5/thumbnails/9.jpg)
2011-05-24 CAS 4 Goals, Design, and Features 9
Name Change Rationale
Concise, accurate names clarify the API Names distill common features of all (planned)
protocols Avoid overloading names (e.g. Ticket) Name implied but important concepts (e.g.
Access)
![Page 10: CAS Update Jasig 2011 Marvin Addison Susan Bramhall Andrew Petro Bill Thompson](https://reader035.vdocument.in/reader035/viewer/2022062222/56649ef35503460f94c0626e/html5/thumbnails/10.jpg)
2011-05-24 CAS 4 Goals, Design, and Features 10
Richer Component Interfaces
Core layers remain same Authentication Ticket (Session) management Service management
Layers exchange *Request/*Response messages
Factories help tame dependencies
![Page 11: CAS Update Jasig 2011 Marvin Addison Susan Bramhall Andrew Petro Bill Thompson](https://reader035.vdocument.in/reader035/viewer/2022062222/56649ef35503460f94c0626e/html5/thumbnails/11.jpg)
2011-05-24 CAS 4 Goals, Design, and Features 11
Login Example
Credentials
SWF
POSTCntrAuthSvc
LoginRequest
LoginResponse
AuthenticationManager
AuthenticationRequestAuthenticationResponse
![Page 12: CAS Update Jasig 2011 Marvin Addison Susan Bramhall Andrew Petro Bill Thompson](https://reader035.vdocument.in/reader035/viewer/2022062222/56649ef35503460f94c0626e/html5/thumbnails/12.jpg)
2011-05-24 CAS 4 Goals, Design, and Features 12
What Can We Do With It?
![Page 13: CAS Update Jasig 2011 Marvin Addison Susan Bramhall Andrew Petro Bill Thompson](https://reader035.vdocument.in/reader035/viewer/2022062222/56649ef35503460f94c0626e/html5/thumbnails/13.jpg)
2011-05-24 CAS 4 Goals, Design, and Features 13
Password Expiration Warnings
Two key API components collaborate GeneralSecurityExceptionTranslator LoginResponse
MicrosoftActiveDirectoryGeneralSecurityExceptionTranslator translates LDAP exception for password expired into CredentialExpiredException
LoginResponse#getGeneralSecurityExceptions() available to view layer for user display
![Page 14: CAS Update Jasig 2011 Marvin Addison Susan Bramhall Andrew Petro Bill Thompson](https://reader035.vdocument.in/reader035/viewer/2022062222/56649ef35503460f94c0626e/html5/thumbnails/14.jpg)
2011-05-24 CAS 4 Goals, Design, and Features 14
Multifactor Authentication
Key enablers are support for multiple credentials in LoginRequest and storage of multiple authn exeptions in LoginResponse
The Map<Credential, GeneralSecurityException> is fundamentally important for SWF processing and user interaction
Details of user interaction (e.g. how to upgrade existing credential) not well understood
![Page 15: CAS Update Jasig 2011 Marvin Addison Susan Bramhall Andrew Petro Bill Thompson](https://reader035.vdocument.in/reader035/viewer/2022062222/56649ef35503460f94c0626e/html5/thumbnails/15.jpg)
2011-05-24 CAS 4 Goals, Design, and Features 15
Work in Progress
CAS 4 is undergoing active development We MUST get new APIs right Peer review and collaboration essential to
success – is your use case covered? Feedback welcome on [email protected] https://source.jasig.org/cas3/trunk
![Page 16: CAS Update Jasig 2011 Marvin Addison Susan Bramhall Andrew Petro Bill Thompson](https://reader035.vdocument.in/reader035/viewer/2022062222/56649ef35503460f94c0626e/html5/thumbnails/16.jpg)
Client Libraries
![Page 17: CAS Update Jasig 2011 Marvin Addison Susan Bramhall Andrew Petro Bill Thompson](https://reader035.vdocument.in/reader035/viewer/2022062222/56649ef35503460f94c0626e/html5/thumbnails/17.jpg)
17
CAS Clients – Official
Acegi (Spring Security) CAS Client for Java 3.0/3.1 mod_auth_cas (Apache) PhpCAS .NET CAS Client (almost official...)
Official Clients
Generally being actively developed and maintained. Likely to get support on the cas-user list.
![Page 18: CAS Update Jasig 2011 Marvin Addison Susan Bramhall Andrew Petro Bill Thompson](https://reader035.vdocument.in/reader035/viewer/2022062222/56649ef35503460f94c0626e/html5/thumbnails/18.jpg)
18
CAS Clients – Unofficial
.Net Http module ASP.NET Forms Authentication AuthCAS CAS + Seam Web Applications
CASP Adds CAS Logic to an ASP.NET App CAS Proxying with ASP.Net Forms Authentication
CherryPy CAS Client ColdFusion CAS Client Component ColdFusion client script
Google Web Toolkit - GWT CAS Client jAPS 2.0 CAS Client mod_python auth module
Perl Client Prado client Pycas Ruby on Rails CAS Client Seraph as CAS Client
Soulwing CAS Client Soulwing Java CAS Client Symfony CAS Client
VBScript Virginia Tech CAS Clients WebObjects Client
https://wiki.jasig.org/display/CASC/Unofficial+CAS+Clients
Unofficial Clients
Essentially all of the clients people have let us know about, that may or may not be in active development anymore, and may solve a niche need. You should use these at your own risk. Many are excellent clients, but may no longer be supported any more. Others are purely theoretical examples of of how a client would function.
![Page 19: CAS Update Jasig 2011 Marvin Addison Susan Bramhall Andrew Petro Bill Thompson](https://reader035.vdocument.in/reader035/viewer/2022062222/56649ef35503460f94c0626e/html5/thumbnails/19.jpg)
19
CAS Clients – Incubating
.NET CAS Client (almost official...) CASBar – Toolbar for Firefox 2
Official Clients
Incubating Clients are new clients that are under development, and which may become official clients. They're up-and-coming clients that we're paying attention to, have petitioned the Steering Committee to become official clients, and often have active members on cas-user.
![Page 20: CAS Update Jasig 2011 Marvin Addison Susan Bramhall Andrew Petro Bill Thompson](https://reader035.vdocument.in/reader035/viewer/2022062222/56649ef35503460f94c0626e/html5/thumbnails/20.jpg)
20
CAS Clients – Legacy
Yale CAS Client Apache Module PAM PL/SQL Legacy Clients
In many cases, no longer actively developed, but still function quite well (i.e. the PAM module). In other cases, they've been superseded by newer clients (i.e. The Jasig CAS Client for Java). You will still find many people on cas-user who are familiar with these modules, but many have migrated to the newer code.
![Page 21: CAS Update Jasig 2011 Marvin Addison Susan Bramhall Andrew Petro Bill Thompson](https://reader035.vdocument.in/reader035/viewer/2022062222/56649ef35503460f94c0626e/html5/thumbnails/21.jpg)
21
CAS Clients – CASifying Apps
Apache OFBiz Joomla 1.5 OpenCms OpenReports
SharePoint & ASP.NET Web Sites WebAdvisor Confluence as CAS Client
EZPublish Fisheye and Crucible Oracle Calendar web client with mod_cas
Oracle Portal Oracle 11i applications qmail-ldap+webmail
Mediawiki (with phpCAS) Outlook Web Access 2
PeopleSoft phpBB3 (phpBB v3) phpGroupware
Sakai Sun Identity Manager Tomcat Manager
Roller weblogger Tomcat uPortal Client
WordPress Client Zimbra Zope client
https://wiki.jasig.org/display/CASC/CASifying+Applications
CASifying Apps
Describes some unofficial instructions, many contributed by users, on how to CASify particular applications.
![Page 22: CAS Update Jasig 2011 Marvin Addison Susan Bramhall Andrew Petro Bill Thompson](https://reader035.vdocument.in/reader035/viewer/2022062222/56649ef35503460f94c0626e/html5/thumbnails/22.jpg)
22
CAS Clients – CASified Apps
uPortal Mantis pNews Sympa
TikiWiki Mule Claroline Moodle
Liferay Portal ILIAS Learning Management
Chamilo Simply Voting BlueSocket
https://wiki.jasig.org/display/CASC/CASifying+Applications
CASified Apps
Project / Vendor maintained CAS integration. Works out-out-of-the-box!
![Page 23: CAS Update Jasig 2011 Marvin Addison Susan Bramhall Andrew Petro Bill Thompson](https://reader035.vdocument.in/reader035/viewer/2022062222/56649ef35503460f94c0626e/html5/thumbnails/23.jpg)
Documentation
![Page 24: CAS Update Jasig 2011 Marvin Addison Susan Bramhall Andrew Petro Bill Thompson](https://reader035.vdocument.in/reader035/viewer/2022062222/56649ef35503460f94c0626e/html5/thumbnails/24.jpg)
Your feedback /Discussion /Questions
![Page 25: CAS Update Jasig 2011 Marvin Addison Susan Bramhall Andrew Petro Bill Thompson](https://reader035.vdocument.in/reader035/viewer/2022062222/56649ef35503460f94c0626e/html5/thumbnails/25.jpg)
2011-05-24 CAS 4 Goals, Design, and Features 25
Questions