COPYRIGHT RESERVED 2009 BY MAX TSAI


Visit Max Tsai at Facebook | Twitter | atom

Sunday, June 24, 2007

JA-SIG Day1 - CAS

This is my notes. The official presentation slides will be at:
http://www.ja-sig.org/wiki/display/JCON/Denver+2007+presentations


CAS from Download to Deployment
  1. Current Version CAS 3.1 RC2
    ** more information on CAS
  2. Requirements for CAS3 (Build):
    1. Java 1.5
    2. Maven2
      I am having trouble of building it. The source tree is missing
      cas-server-support-spnego module..
  3. Existing Handles:
    Configuring:
    cas-server-webapp/src/main/webapps/WEB-INF/DeployerConfigContext.xml
    ==> authenticationManager
    -> credentialsToPrincipalResolvers
    -> authenticationHandlers
    .. beans.. <-- add bean here for in-house implementation [Built In]
    1. LDAP
    2. Database
    3. SPNEGO/NTLM
    4. RADIUS
    5. FILE
    6. JAAS
  4. Fail Over & Clustering
    1. Fail Over - mostly used
      1. No Built-In
      2. Content Switch mostly used
      3. cas-spare
    2. Clustering
      Things to be clustered: user sessions / ticket registry
      • User Sessions
        1. Spring Web Flow stores information in session
        2. Login needs access to that information
        3. Two Options:
          1. Cluster Tomcat sessions (Terracotta)
          2. Use sticky sessions on content switch/load balancer
      • TicketRegistry
        1. Default in memory
        2. Two options:
          1. clustered-registry
          2. load distribution
        3. Clustered
          1. JBossTicketCache
          2. Terracotta
  5. Service Management - very neat!
    1. Restrictions:
      1. which services use cas
      2. what feature the services can use
      3. what attributes (if useds) can be send bacl to the user
    2. Custom themes (Spring Theme Resolver)
    3. Pseudo-anonymous access
  6. Database backend is supported: Oracle / Mysql / SQL..
  7. Attribute Support - SMAL 1.1 (customizable)
    - Tied to services Management
    - AttributeRepository Abstraction
Future Directions:
  1. Additional Protocol Support
  2. Internationalization
  3. Configuration/Setup Screens
  4. Advanced Monitoring
  5. Integration with Account Management System



CAS Backgrounds - I skipped a lot since it is not too new to me and most of information can be found online. Just summary:
  1. CAS 3.0 - support CAS1 and CAS2 + pluggable architecture + more Authentication Handlers: LDAP, ...
    CAS 3.1 - with attribute support.     single sign out, etc
  2. CAS 3.1
    1. NEW PROTOCOLS
    2. SERVICE MANAGEMENTS
      - supports OpenID (http://openid.net/)
    3. ATTRIBUTES
    4. GOOGLE ACCOUNTS INTEGRATION
    5. SINGLE LOG OUT
      - support server side cookies only
    6. PSEUDO-ANONYMOUS SUPPORT
      - compatible with Shib.
  3. CAS
    (see the website http://www.ja-sig.org/products/cas/overview/protocol/index.html) |
    the Servers
    - fun: http://code.google.com/p/rubycas-server/
    and Clients
    - watch: Acegi
    - watch: prado (php)
    - bluesocket is CASified..
  4. Services
    1. note. Gateway: return no ticket - Yale portal guest account.
      https://server/cas/login?service=http%3A%2F%2Fwww.service.com&gateway=true
      or (force user/passwd)
      https://server/cas/login?service=http%3A%2F%2Fwww.service.com&renew=true
    2. Proxy Authentication N-tire
  5. Topics
    1. uPortal Authentication
      - pluggable security context - iSecurityContext
      - Chaining vs. Union
    2. N-tier authentication
      Portal --> Channels for remote resources.
      using CAS to resolve this!
    3. Yales's model - CAS
      other models: Liberty, Pubcookie, MACE WebISO, COSIN, Passport, ..
  6. Proxy ==> http://www.ja-sig.org/wiki/display/CAS/Proxy+CAS+Walkthrough

Posted by Max (aka. JanQ) at 12:11 PM
Labels:

No comments:

Post a Comment