Monday, November 9, 2015

How Single-Sign-ON works with CAS

Ref:- http://www.jwall.org/AuditConsole/user-guide/ch09s03.html

Starting with version 0.4.4 (revision 4), the AuditConsole provides additional support for centralized authentication using CAS (Central Authentication Service). CAS is a ticket-based authentication scheme that relies on a central authentication server.


9.3.1. How CAS works

The CAS service is a ticket-based authentication token. Once accessing the CAS-enabled AuditConsole, the user will be forwarded to a CAS login server. There the user has to authenticate using her credentials (username,password) which will create an authenticated ticket for the authenticated user.

The following figure outlines the authentication phase of the CAS authentication process:

With that ticket, the user is redirected back to the AuditConsole, which checks validity of the ticket and logs in the user with that ticket. To do this, the AuditConsole looks up the user by the username associated with the ticket in its local user database.

The following figure shows the ticket validation process. Given, that the user already authenticated against CAS, the AuditConsole needs to validate the granted ticket by asking the CAS for validation.

It is important to note that for ticket validation (steps 4 and 5 in the figure above), there needs to be a secure connection between the AuditConsole and the CAS server.

Preparing the CAS Setup

The CAS authentication relies on a secure communication channel between the CAS server and the CAS client (the AuditConsole). This is established using an encrypted HTTPS connection.

In order for the AuditConsole to successfully connect to the CAS server, the CAS server's certificate used for HTTPS needs to be known to the AuditConsole, i.e. the Java environment that is running the AuditConsole.      

Adjusting your cas.properties

The next step towards CAS authentication is to set up your CAS properties. These are defined in the file WEB-INF/cas.properties and need to contain your CAS server URL as well as the public address of your AuditConsole server.
The following example cas.properties shows the settings for authenticating the AuditConsole at http://console.jwall.org against the CAS server running at https://auth.jwall.org: 
# the CAS authentication server
#
cas.server.url=https://auth.jwall.org/cas

# the AuditConsole service URL
#
console.server.url=http://console.jwall.org
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)