Goal/Problem Space
The Central Authentication Service is a web single sign on application that allows for applications to delegate authentication to the Central Authentication Service. This prevents applications from ever having to see the user's password. In addition, it supports proxying, which allows for applications, such as portals to retrieve content on a user's behalf.
Features
CAS supports the CAS 1 and CAS 2 protocols. It supports multiple authentication methods with its flexible architecture: LDAP, JDBC, SPNEGO, "Trusted", RADIUS, JAAS, and more. It has advanced features for clustering (memcached, JBoss Cache, JPA) and a Services Management Tool for controlling access and attribute release to "CASified" applications.
There are currently many CAS clients out there including Java, Spring Security, PHP, Perl, Ruby, .NET, Apache Modules, PL/SQL and PAM. There is support for specific applications including Confluence and JIRA.
Technology Stack
CAS leverages Java, Spring, Spring Web Flow, Spring LDAP, JBoss Cache, memcached, BerkeleyDB and Maven2
Identity Services
Please indicate which of the following identity services/transports you consume, produce, or define.
Managed Information |
Consume? |
Produce? |
Broker/Convey? |
---|---|---|---|
Privileges |
|
|
|
Roles |
|
|
|
Groups |
|
|
|
Attributes |
|
|
X |
Identification |
|
|
|
Defined Interfaces |
Consume? |
Produce? |
Broker/Convey? |
Authentication |
|
|
X |
Attributes |
|
|
X |
Permissions |
|
|
|
Provisioning |
|
|
|
Authorization |
|
|
|
Subjects |
|
|
X |
Other |
Consume? |
Produce? |
Broker/Convey? |
Standards and Interfaces
CAS supports the CAS1 and CAS2 protocols, as well as being able to send back attributes via SAML1.1. It supports the minimal subset of SAML2 to integrate with Google Apps. CAS can authenticate through various standards including RADIUS, LDAP, JDBC, and JAAS.
Issues and Challenges
CAS's main challenge is being able to integrate with applications that don't support standard protocols and don't provide the necessary framework to extend the authentication to support additional protocols. Other challenges mainly deal with user education and the ways to properly utilize web single sign on within one's organization.
Going foward, as CAS looks to support federated identities and federation, it will be looking into the issues and concerns around user issues including WAYF as well as high availability and scalability when its not just your infrastructure depending on CAS.
More Information
_CAS Client Listing: http://www.ja-sig.org/wiki/display/CASC/Home_
CAS User Manual: http://www.ja-sig.org/wiki/display/CASUM/Home
CAS Home Page: http://www.jasig.org/cas