View
214
Download
0
Tags:
Embed Size (px)
Citation preview
What’s New in JA-SIG CAS?
JA-SIG Summer ConferenceDenver, CO
June 24 – 27, 2007
JA-SIG Summer Conference – June 24 – June 27, 2007
What’s New in CAS 3.1?
Who am I?
• I’m Scott Battaglia!
• Application Developer @ Rutgers
• Java Developer for 5+ Years
• Lead Developer/Architect on JA-SIG CAS
• Committer to Acegi Security
JA-SIG Summer Conference – June 24 – June 27, 2007
What’s New in CAS 3.1?
What is CAS?
JA-SIG CAS is an enterprise-level single
sign on service for the Web
JA-SIG Summer Conference – June 24 – June 27, 2007
What’s New in CAS 3.1?
History
CAS 3.1 released with attribute support, single log out, etc.
June 2007
Minor revisions to CAS adding more support for Authentication Handlers
July 2005 – May 2007
CAS 3.0 released supporting CAS1 and CAS2 protocol while providing pluggable architecture.
June 2005
CAS becomes a JA-SIG project.December 2004
Initial CAS 3 talksSeptember 2004
JA-SIG Summer Conference – June 24 – June 27, 2007
What’s New in CAS 3.1?
CAS Deployers
Your school goes here.
JA-SIG Summer Conference – June 24 – June 27, 2007
What’s New in CAS 3.1?
Libraries/Integration
• Acegi Security for Spring• AuthCAS (Perl Apache module)• PerlCAS• phpCAS• for Prado (a PHP framework)• for Seraph (a Java security framework)• for uPortal• for WebObjects• for Zope• Java• MOD_CAS• PAM_CAS• ISAPI filter• PL/SQL
JA-SIG Summer Conference – June 24 – June 27, 2007
What’s New in CAS 3.1?
Agenda
• Supported Protocols• Administrative Features• Configuration• Architecture• Acknowledgements• Future Directions• Discussion
JA-SIG Summer Conference – June 24 – June 27, 2007
What’s New in CAS 3.1?
1.Supported Protocols
JA-SIG Summer Conference – June 24 – June 27, 2007
What’s New in CAS 3.1?
CAS 1.0 / CAS 2.0
• Continued support for CAS 1.0 / 2.0 Protocol
• Only way to get proxied authentication
JA-SIG Summer Conference – June 24 – June 27, 2007
What’s New in CAS 3.1?
SAML 1.1
• OASIS standard
• XML-based
• Communicates– Authentication– Entitlement– Attribute
JA-SIG Summer Conference – June 24 – June 27, 2007
What’s New in CAS 3.1?
OpenID
• Decentralized framework for user-centric digital identity
• User name is URI– http://openid.ja-sig.org/battags
• Support “dumb” mode
• Allows CAS clients -> OpenID clients
JA-SIG Summer Conference – June 24 – June 27, 2007
What’s New in CAS 3.1?
How OpenID Works
JA-SIG Summer Conference – June 24 – June 27, 2007
What’s New in CAS 3.1?
Single Log Out
• Two kinds of sessions– Global CAS Session– Individual Application Sessions
• CAS 1/2/3 Logout ends global session
• CAS 3.1 “suggests” that all sessions end
JA-SIG Summer Conference – June 24 – June 27, 2007
What’s New in CAS 3.1?
Google Accounts Integration
• Minimal SAML 2 support
• Requires Key sharing between Google Accounts
• Allows Google Accounts to participate in existing SSO solution.
JA-SIG Summer Conference – June 24 – June 27, 2007
What’s New in CAS 3.1?
2.Administrative Features
JA-SIG Summer Conference – June 24 – June 27, 2007
What’s New in CAS 3.1?
Services Management
• Optional Feature
• Control what services access CAS.
• Control what features they have access to.
JA-SIG Summer Conference – June 24 – June 27, 2007
What’s New in CAS 3.1?
Services Management
JA-SIG Summer Conference – June 24 – June 27, 2007
What’s New in CAS 3.1?
Services Management
JA-SIG Summer Conference – June 24 – June 27, 2007
What’s New in CAS 3.1?
Attributes
• AttributeRepository defines “interesting” attributes
• Services Management dictates who sees what
• CAS sends those attributes to services
JA-SIG Summer Conference – June 24 – June 27, 2007
What’s New in CAS 3.1?
Pseudo anonymous Support
• Send a persistent random identifier
• Only identifies user with respect to service
JA-SIG Summer Conference – June 24 – June 27, 2007
What’s New in CAS 3.1?
3.Configuration
JA-SIG Summer Conference – June 24 – June 27, 2007
What’s New in CAS 3.1?
Authentication Support
• Added Support for– NTLM– SPNEGO– RADIUS
• On top of…– LDAP– Database– X.509– JAAS– File– …
JA-SIG Summer Conference – June 24 – June 27, 2007
What’s New in CAS 3.1?
Maven 2
• Apache project – Software project management tool– Manage build, reporting document
• Enforces project structure
• Encourages modules which means code compartmentalization
• Dependency management
JA-SIG Summer Conference – June 24 – June 27, 2007
What’s New in CAS 3.1?
Ticket Registry
• BerkeleyDbTicketRegistry– Based on BerkeleyDb– Long Term Ticket Storage
• JBossCacheTicketRegistry– Distributed
• DefaultTicketRegistry– Simple, in-memory, single-instance CAS
JA-SIG Summer Conference – June 24 – June 27, 2007
What’s New in CAS 3.1?
Updated Views
• Simpler views
• Provide user with more active feedback.
• Easier to customize for institution
JA-SIG Summer Conference – June 24 – June 27, 2007
What’s New in CAS 3.1?
4.Architecture
JA-SIG Summer Conference – June 24 – June 27, 2007
What’s New in CAS 3.1?
Performance Improvements
• Reduction in arbitrary object creation
• Removal of unnecessary synchronization
• Removal of unnecessary reflection usage
• Options for explicit configuration
JA-SIG Summer Conference – June 24 – June 27, 2007
What’s New in CAS 3.1?
Java 5 Required
• Only runs on Java 1.5
• Allows us to take advantage of advances to language:– Generics– java.util.concurrent– Enumerations– Minimize dependencies– JVM performance, garbage collection, etc.
JA-SIG Summer Conference – June 24 – June 27, 2007
What’s New in CAS 3.1?
Extension Points
• Authentication Handlers• Non-Interactive Credentials• Ticket Registries• Attribute Repositories• Argument/Protocol Extractors• Themes• Internationalization
JA-SIG Summer Conference – June 24 – June 27, 2007
What’s New in CAS 3.1?
Library Upgrades
• Upgrades to– Spring WebFlow– Spring Framework– Spring LDAP
• Leverage new features, bug fixes, and enhancements
JA-SIG Summer Conference – June 24 – June 27, 2007
What’s New in CAS 3.1?
Internationalization
• Leverage Spring’s Internationalization Support
• Added Chinese, Russian, German, Japanese
• 11 languages in total!!
JA-SIG Summer Conference – June 24 – June 27, 2007
What’s New in CAS 3.1?
Functional Tests
• Canoo Web Tests– Faster Development/Testing Time
– Deployers can test their own instance
– Find issues before deployment
JA-SIG Summer Conference – June 24 – June 27, 2007
What’s New in CAS 3.1?
5.Acknowledgements
JA-SIG Summer Conference – June 24 – June 27, 2007
What’s New in CAS 3.1?
Thanks to…
• Arnaud Lesueur • Marvin S. Addison• Julien Henry• Julien Marchal • Andres March • Shifei Luo • David D. Kilzer
• Andrew Petro • Jan Van der Velpen• Marc-Antoine Garrigue • Stephen More• Shoji Kajita• Javier D' Accorso• Bart Grebowiec
JA-SIG Summer Conference – June 24 – June 27, 2007
What’s New in CAS 3.1?
6.Future Directions
JA-SIG Summer Conference – June 24 – June 27, 2007
What’s New in CAS 3.1?
Future Directions
• Additional Protocol Support
• Internationalization
• Configuration/Setup Screens
• Advanced Monitoring
• Integration with Account Management Systems
JA-SIG Summer Conference – June 24 – June 27, 2007
What’s New in CAS 3.1?
7.Discussion
JA-SIG Summer Conference – June 24 – June 27, 2007
What’s New in CAS 3.1?
CAS Mailing Lists
• CAS Community Discussion List– http://tp.its.yale.edu/mailman/listinfo/cas
• CAS Developer’s Discussion List– http://tp.its.yale.edu/mailman/listinfo/cas-dev
• CAS Announcement List– https://lists.wisc.edu/read/all_forums/subscribe?name=cas-ann
ounce
• Links to archives, etc.:– http://www.ja-sig.org/products/cas/community/lists/
JA-SIG Summer Conference – June 24 – June 27, 2007
What’s New in CAS 3.1?
Important Links
• Product Web Site– http://www.ja-sig.org/products/cas/
• Wiki– http://www.ja-sig.org/wiki
• Issue Tracker– http://www.ja-sig.org/issues
• Source Code– http://developer.ja-sig.org/source/
Questions?