CAS – Single SignOn

Quick View

Summary:

Deploy the JA-SIG Central Authentication Service (CAS) for web single signon, integrated with ASUWebAuth in a high-available clustered environment.

Start Date:

September 2, 2008

Stage:

On hold

People

Sponsor/Champion:

Adrian Sannier, Vice President and University Technology Officer

Project Manager:

Joseph McDonald

Associate VP University Technology:

Bob Nelson

University Technology Director:

Jack Hsu

More Info

Source:

Internal

Priority:

High

Deliverables:

Customize “cas-server-webapp” for:
* login screen uses ASU skin (based upon current ASUWebAuth login screen)
* password age enforcement & hand-off
* web template cookie
Cluster the Java Tomcat web application server environment on the weblogin.asu.edu farm:
* enable clustering support in server configuration
* requires “multicasting” support enabled on UTO datacenter routers, but only active on ether ports necessary
Modify ASUWebAuth for:
* login page: become a CAS client so that authentication is handled by CAS
* authd/verifyd: read CAS ticket principals instead of Kerberos ticket principals
AFSManager (in EMMA) updated to handle Kerberos ticket
Announcement to ASU development & tech support community about the availability of CAS & the integration with ASUWebAuth.

Risk & Threats:

Unified/standardized signout implementation for CAS/WebAuth integration is necessary to ensure all authentication tokens are sufficiently destroyed upon user signing out.

Links

JA-SIG Central Authentication Service (CAS)