Borland. Central Authentication Service - CAS - Overview. JA-SIG Central Authentication Service is an enterprise level, open-source, single sign on solution with a Java server component and various client libraries written in a multitude of languages including PHP, PL/SQL, Java, and more.
CAS is http based protocol that requires each of its components to be accessed through specific URIs. CAS was originally developed by Yale University for Single Sign on. Note: CAS is authentication, not authorization. Single sign on is a session/user authentication process that allows a user to provide his or her credentials once in order to access multiple applications. The single sign on authenticates the user to access all the applications he or she has been authorized to access.
CAS achieves single sign on feature through cookies. CAS provides different authentication handlers to authenticate credentials. CAS also provides "Remember Me" feature. Next page>> CAS Client: Container-Managed CAS for Tomcat. Container-Managed CAS for Tomcat This document describes how to configure your Tomcat container to support CAS authentication at the container level, allowing deployed applications to take advantage of CAS using the standard security declarations in web.xml with no need to include a CAS filter in the application itself.
Motivation An important benefit of the Java Servlet specification is the declarative security mechanism. Using declarations in web.xml, an application can specify the roles required to access the application's resources, and it can specify what kind of authentication should be performed to determine the identity of the user and the roles granted to that user. Traditionally, CAS authentication has been plugged in to applications by means of servlet filters and other types of configuration in web.xml.
CAS filter configuration (such as that needed for the filters in the Soulwing CAS Client) is often very detailed and a bit tricky to get right. How it Works Tomcat 6 Tomcat 5. JA-SIG Java Client Simple WebApp Sample - CAS Clients. At the moment the JA-SIG Java Client 3.1 is relatively new and there are not so many examples out there.
This is a simple web application, that claims to demonstrate JA-SIG Java Client 3.1 showing a public and protected page and how to generate proxy tickets for legacy services. It also was developed with minimalistic dependencies in mind and purely showing how to use the JA-SIG client. For this sample web application it's expected, that you know a little about tomcat configuration and that you read further on different sites, how to setup basic stuff (example certificates). If you want to start modifying this example, I recommend reading Configuring the Jasig CAS Client for Java in the web.xml first.
Scenario Overview To put the test application in a bit more realistic environment, we're using two separate Tomcat servers. By dividing the sample web application and CAS Server into two Tomcat instances, you can easier figure out, where a URL is pointing to. Preparing The Tomcat Servers. Build and implement a single sign-on solution. Server Deployment. Home - CAS User Manual. The CAS User Manual is the primary source of documentation for implementers of the Jasig CAS server component.
For readers unfamiliar with CAS, the Overall Architecture section is a good starting point to learn what CAS is and how it works. Readers will learn that CAS is a multi-protocol SSO solution and they will want to review protocols to learn the use cases under which a particular protocol applies. Once review of background material is complete, readers should consider working through the CAS demonstration, which will provide a working product and an introduction to configuration. There are a few fundamental considerations to CAS configuration: Integration with an authentication provider Security policy Authorization Availability considerations Attribute release Authentication CAS integrates with the following authentication mechanisms: Security Policy Ticket-granting tickets (TGT) that expire after more than 2 hours of inactivity.
Authorization Availability Default is Not Distributed Icon.