CAS

The Jasig Central Authentication Service was originally developed by Yale University. It has since become a Jasig project.

Single sign on is a session/user authentication process that allows a user to provide his or her credentials once in order to access multiple applications. The single sign on authenticates the user to access all the applications he or she has been authorized to access. It eliminates future authentication requests when the user switches applications during that particular session.

Web Single sign on works strictly with applications accessed with a web browser. The request to access a web resource is intercepted either by a component in the web server, or by the application itself. Unauthenticated users are diverted to an authentication service and returned only after a successful authentication.

Single sign-on allows participating applications to share a single sign-on sessions. Users complete a centrally managed authentication experience once per browser session and while authenticated to CAS can log into multiple applications without again being prompted for credentials and without those application’s ever seeing the user's password. Using a single sign-on server reduces security risks by reducing the exposure of the user's password to applications.

CAS supports the CAS1, CAS2, and SAML protocols allowing for simple single sign-on as well as n-tier delegated authentication. Delegated authentication allows an application, such as a portal, to access selected additional resources on an end user's behalf without exposing a password.

Out of the box, CAS supports authenticating users via passwords validated against LDAP (including Active Directory), databases, or RADIUS. CAS also supports authenticating users without passwords, including via SPNEGO/NTLM, X.509 certificates, and the application container.

CAS has been designed from the ground up to be an extensible platform with well-designed plugin APIs based on community use cases. CAS is built using "de facto" standard technology including the Spring Framework, Spring Web Flow for the login flow, Maven2, Jasig Person Directory, JSPs, and more, offering a familiar tool set to Java developers.

For the enterprise-minded, CAS includes multiple options for high-availability clustered deployments, optionally relying upon database-backed and distributed in-memory cache solutions for sharing state across CAS server instances. CAS supports audit and even restriction of who is accessing which service.

More about Jasig CAS:
http://www.jasig.org/cas

Copyright © 2009-2012, GeoICON Pte Ltd. All rights reserved.